Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Demande de proposition du Accueil-Parrainage Outaouais.pdf

Overview

General Information

Sample name:	Demande de proposition du Accueil-Parrainage Outaouais.pdf
Analysis ID:	1564131
MD5:	95040e451261adcf4d1d760812e70264
SHA1:	cbe9de838970ecf15f61e65bc5f070841b98fc74
SHA256:	f1fb23b50aae30ff9cb5ee4adeeda10e0aca7256b5e144ffa0ac06021e69721b

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected landing page (webpage, office document or email)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Classification

×

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 2080 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Demande de proposition du Accueil-Parrainage Outaouais.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6716 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6812 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1560,i,10786459035861845195,3046943761085326920,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tyure6643.antifogformilitary.com//@ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1932,i,1427829273289735407,5108379726056215261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://venue.cadetlearning.com/juh.html

Joe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft OneDrive' is well-known and typically associated with the domain 'onedrive.live.com'., The URL 'venue.cadetlearning.com' does not match the legitimate domain for Microsoft OneDrive., The domain 'cadetlearning.com' does not appear to be associated with Microsoft or OneDrive., The presence of a subdomain 'venue' does not align with typical Microsoft OneDrive URLs., The input field 'Enter rfp' is unusual for a OneDrive login or file access page, raising suspicion. DOM: 1.0.pages.csv

AI detected landing page (webpage, office document or email)

Source: PDF document	Joe Sandbox AI: Page contains button: 'View pdf' Source: 'PDF document'
Source: PDF document	Joe Sandbox AI: PDF document contains prominent button: 'view pdf'
Source: https://venue.cadetlearning.com/juh.html	Joe Sandbox AI: Page contains button: 'VIEW PDF' Source: '1.0.pages.csv'
Source: https://venue.cadetlearning.com/juh.html	Joe Sandbox AI: Page contains button: 'VIEW PDF' Source: '1.1.pages.csv'

Source: https://venue.cadetlearning.com/juh.html

HTTP Parser: Number of links: 0

Source: https://venue.cadetlearning.com/juh.html

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 640 512"><path d="M38.8 5.1C28.4-3.1 13.3-1.2 5.1 9...

Source: https://venue.cadetlearning.com/juh.html

HTTP Parser: Title: PDF Document does not match URL

Source: https://venue.cadetlearning.com/juh.html

HTTP Parser: <input type="password" .../> found

Source: https://venue.cadetlearning.com/juh.html	HTTP Parser: No favicon
Source: https://venue.cadetlearning.com/juh.html	HTTP Parser: No favicon
Source: https://nlt.orissette6.ru/xVXdq_WN8SpbQbNtvW/	HTTP Parser: No favicon

Source: https://venue.cadetlearning.com/juh.html	HTTP Parser: No <meta name="author".. found
Source: https://venue.cadetlearning.com/juh.html	HTTP Parser: No <meta name="author".. found

Source: https://venue.cadetlearning.com/juh.html	HTTP Parser: No <meta name="copyright".. found
Source: https://venue.cadetlearning.com/juh.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49729 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 18MB later: 28MB

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	TCP traffic detected without corresponding DNS query: 18.191.18.139
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: venue.cadetlearning.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: nlt.orissette6.ru
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: jz267vlqlgpf3ulckd6gwngz9koiesf4sacl3jh3kxwokxyu4g.ezmbsgzm.ru
Source: global traffic	DNS traffic detected: DNS query: www.onedrive.com
Source: global traffic	DNS traffic detected: DNS query: onedrive.live.com
Source: global traffic	DNS traffic detected: DNS query: assets.onestore.ms
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49729 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.winPDF@36/34@41/247

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\197e1aea-ba2a-4df2-bf3e-ffbba8a3335f

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A917nn2ol_ls55i0_1es.tmp

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Demande de proposition du Accueil-Parrainage Outaouais.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1560,i,10786459035861845195,3046943761085326920,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 57EFD1D0B4065A9F985F199505964D8F
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1560,i,10786459035861845195,3046943761085326920,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tyure6643.antifogformilitary.com//@
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1932,i,1427829273289735407,5108379726056215261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tyure6643.antifogformilitary.com//@
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1932,i,1427829273289735407,5108379726056215261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Demande de proposition du Accueil-Parrainage Outaouais.pdf	Initial sample: PDF keyword /JS count = 0
Source: Demande de proposition du Accueil-Parrainage Outaouais.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Demande de proposition du Accueil-Parrainage Outaouais.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Demande de proposition du Accueil-Parrainage Outaouais.pdf	5%	ReversingLabs	Document-PDF.Phishing.Generic

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		high
dual-spov-0006.spov-msedge.net	13.107.139.11	true	false		high
a.nel.cloudflare.com	35.190.80.1	true	false		high
code.jquery.com	151.101.130.137	true	false		high
cdnjs.cloudflare.com	104.17.25.14	true	false		high
challenges.cloudflare.com	104.18.94.41	true	false		high
www.google.com	142.250.181.100	true	false		high
venue.cadetlearning.com	172.67.201.65	true	true		unknown
jz267vlqlgpf3ulckd6gwngz9koiesf4sacl3jh3kxwokxyu4g.ezmbsgzm.ru	172.67.139.11	true	false		unknown
nlt.orissette6.ru	172.67.150.90	true	false		unknown
x1.i.lencr.org	unknown	unknown	false		high
www.onedrive.com	unknown	unknown	false		high
assets.onestore.ms	unknown	unknown	false		high
ajax.aspnetcdn.com	unknown	unknown	false		high
onedrive.live.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://venue.cadetlearning.com/juh.html	true		unknown
https://nlt.orissette6.ru/xVXdq_WN8SpbQbNtvW/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
184.30.24.134	unknown	United States		16625	AKAMAI-ASUS	false
152.199.19.160	unknown	United States		15133	EDGECASTUS	false
172.217.17.67	unknown	United States		15169	GOOGLEUS	false
104.18.94.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
2.20.41.218	unknown	European Union		16625	AKAMAI-ASUS	false
216.58.208.227	unknown	United States		15169	GOOGLEUS	false
172.67.150.90	nlt.orissette6.ru	United States		13335	CLOUDFLARENETUS	false
104.121.5.198	unknown	United States		16625	AKAMAI-ASUS	false
151.101.130.137	code.jquery.com	United States		54113	FASTLYUS	false
162.159.61.3	unknown	United States		13335	CLOUDFLARENETUS	false
172.67.139.11	jz267vlqlgpf3ulckd6gwngz9koiesf4sacl3jh3kxwokxyu4g.ezmbsgzm.ru	United States		13335	CLOUDFLARENETUS	false
51.105.104.217	unknown	United Kingdom		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.32.239.59	unknown	United States		2828	XO-AS15US	false
52.6.155.20	unknown	United States		14618	AMAZON-AESUS	false
199.232.214.172	bg.microsoft.map.fastly.net	United States		54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
172.217.17.42	unknown	United States		15169	GOOGLEUS	false
172.67.201.65	venue.cadetlearning.com	United States		13335	CLOUDFLARENETUS	true
3.219.243.226	unknown	United States		14618	AMAZON-AESUS	false
13.107.139.11	dual-spov-0006.spov-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.19.238	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
172.217.17.78	unknown	United States		15169	GOOGLEUS	false
18.191.18.139	unknown	United States		16509	AMAZON-02US	false
104.21.32.251	unknown	United States		13335	CLOUDFLARENETUS	false
172.217.19.234	unknown	United States		15169	GOOGLEUS	false
142.250.181.100	www.google.com	United States		15169	GOOGLEUS	false
64.233.165.84	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
23.32.239.81	unknown	United States		2828	XO-AS15US	false
23.195.39.65	unknown	United States		20940	AKAMAI-ASN1EU	false
23.32.239.43	unknown	United States		2828	XO-AS15US	false
104.17.25.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1564131
Start date and time:	2024-11-27 21:32:54 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Demande de proposition du Accueil-Parrainage Outaouais.pdf
Detection:	MAL
Classification:	mal52.phis.winPDF@36/34@41/247
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 184.30.24.134, 162.159.61.3, 172.64.41.3, 52.6.155.20, 52.22.41.97, 3.219.243.226, 3.233.129.217, 199.232.214.172, 23.195.39.65
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Demande de proposition du Accueil-Parrainage Outaouais.pdf

LLM Input / Output

Input	Output
URL: PDF document Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This pdf Document has been encrypted by Accueil-Parrainage Outaouais.", "prominent_button_name": "View pdf", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: PDF document Model: Joe Sandbox AI	{ "brands": [ "Microsoft 365" ] }
	{ "brands": [ "Microsoft 365" ] }
URL: https://venue.cadetlearning.com/juh.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Type in 'rfp' to access on Microsoft OneDrive.", "prominent_button_name": "VIEW PDF", "text_input_field_labels": [ "Enter 'rfp'" ], "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://venue.cadetlearning.com/juh.html Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "TYPE IN rfp TO ACCESS ON MICROSOFT ONEDRIVE", "prominent_button_name": "VIEW PDF", "text_input_field_labels": "unknown", "pdf_icon_visible": true, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://venue.cadetlearning.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://venue.cadetlearning.com
URL: https://venue.cadetlearning.com/juh.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft OneDrive" ] }
	{ "brands": [ "Microsoft OneDrive" ] }
URL: https://venue.cadetlearning.com/juh.html Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://venue.cadetlearning.com/juh.html Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The URL 'venue.cadetlearning.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'cadetlearning.com' does not have any known association with Microsoft.", "The presence of a subdomain 'venue' and a different primary domain 'cadetlearning.com' is suspicious.", "No direct association between the URL and the brand 'Microsoft' is evident." ], "riskscore": 8} Google indexed: True
URL: venue.cadetlearning.com Brands: Microsoft Input Fields: unknown
URL: https://venue.cadetlearning.com/juh.html Model: Joe Sandbox AI	```json{ "legit_domain": "onedrive.live.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft OneDrive' is well-known and typically associated with the domain 'onedrive.live.com'.", "The URL 'venue.cadetlearning.com' does not match the legitimate domain for Microsoft OneDrive.", "The domain 'cadetlearning.com' does not appear to be associated with Microsoft or OneDrive.", "The presence of a subdomain 'venue' does not align with typical Microsoft OneDrive URLs.", "The input field 'Enter rfp' is unusual for a OneDrive login or file access page, raising suspicion." ], "riskscore": 9} Google indexed: True
URL: venue.cadetlearning.com Brands: Microsoft OneDrive Input Fields: Enter 'rfp'
URL: https://nlt.orissette6.ru/xVXdq_WN8SpbQbNtvW/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Engaging in browser security assessments for your protection.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://nlt.orissette6.ru/xVXdq_WN8SpbQbNtvW/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Engaging in browser security assessments for your protection", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://nlt.orissette6.ru/xVXdq_WN8SpbQbNtvW/ Model: Joe Sandbox AI	{ "brands": [] }
	{ "brands": [] }
URL: https://nlt.orissette6.ru/xVXdq_WN8SpbQbNtvW/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://nlt.orissette6.ru Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true }
URL: https://nlt.orissette6.ru

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2e9c9b25-f4a2-4e3e-8c8f-5d34cc2678f2.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.992465520040183
Encrypted:	false
SSDEEP:
MD5:	C5AF6952ED6037C85A870B4302414515
SHA1:	F725008FD39B791E454E1F6DBC07108FE9CC3372
SHA-256:	3771F03EB777CA3F410D1A0E03267BC0185A2766613C44E11565B3985CDE912E
SHA-512:	21AAD4F63BCD3CBDBFECFE4AC842EB82E428968612EE94446DCC13D0BFBB15B6A1CE738117FB612E831038348F2937B80F54E05EE5F1E0BDB720C21300FA61C4
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377299613054340","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":665995},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	C5AF6952ED6037C85A870B4302414515
SHA1:	F725008FD39B791E454E1F6DBC07108FE9CC3372
SHA-256:	3771F03EB777CA3F410D1A0E03267BC0185A2766613C44E11565B3985CDE912E
SHA-512:	21AAD4F63BCD3CBDBFECFE4AC842EB82E428968612EE94446DCC13D0BFBB15B6A1CE738117FB612E831038348F2937B80F54E05EE5F1E0BDB720C21300FA61C4
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377299613054340","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":665995},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241127203327Z-163.bmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	0.2869005531002874
Encrypted:	false
SSDEEP:
MD5:	FC3481BF236ABDBBE77524215C76D94D
SHA1:	39212DCD50997E601AF823E50CC041B23D1E4C9B
SHA-256:	3699112C622038C5E85C0F17247E8D92C3231E15C4610614872D207F3F988A0D
SHA-512:	A3BF3F9998C786B9DB98A7DA144D978E2CE051F0F6E2603703B4CD7B317058548723115CD19B4860E519FD0293612FE5DD967BC6FDA74F5E121456A9BCFA7C0A
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.215349986052152
Encrypted:	false
SSDEEP:
MD5:	91E9A13A7017782200D2C8EAAFC68853
SHA1:	D4E28CA85E85B70A541807715C7CEC4C16F1A372
SHA-256:	EF98FBB845901052FE87C356A4CB61B1AA966B081E8513B01B499236B48B8285
SHA-512:	04F443259F908C46EB8A4E2DEDAA461F019A6501688ECE8BFA808203349559AC138760C03D222787C530EA92FC730BC7C0A190EE729DEF7C072AC410EBD5976B
Malicious:	false
Reputation:	unknown
Preview:	.... .c........z........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.752969867432539
Encrypted:	false
SSDEEP:
MD5:	DA62FED2BE20D43FB53961F070F2D229
SHA1:	F1B634FD6A13CB1FE4E763777ABFB34BF72D5462
SHA-256:	2318EC01B81CFD8B064E743675B0CA44FC95114F14EADD3E135247BB3AE7943B
SHA-512:	12761CE362B8BC353C612B458B235F7BD9082EF4889C20896348EE206C4F5612AD5406326159F892E2BA569E7DFED05D0DC691856456C28A80000E037ACFB964
Malicious:	false
Reputation:	unknown
Preview:	p...... .........o..A..(....................................................... ..........W....'...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.2539954282295116
Encrypted:	false
SSDEEP:
MD5:	6D6779D9F0743ECD739CE13A4BF30C03
SHA1:	697D9B9EF93507E81D9B06A26BAB8B819D4DDBE8
SHA-256:	B19CCE7945F75C83E589A4D32C962DDFF05A2529D4ECD9003FD0CE0EB29F812F
SHA-512:	8C24BE48EABCD463C6FDF263DAA9652EB3CEAAF81F47B6D8610250A1567D45F59D777BD676F23F491F0CAB9FCCD0122A2602AF84A719B6C410BDF43E354EDB41
Malicious:	false
Reputation:	unknown
Preview:	p...... .............A..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.392735549401582
Encrypted:	false
SSDEEP:
MD5:	24ADA9DEEA20C88600C4E105BCEEF3EE
SHA1:	103990F1574F8B3C19238B1C7E03811A13E19452
SHA-256:	62A1B8117797B77B0691A48ACF86F6A4A917752FAE6BEB669B0220F40BA897BC
SHA-512:	C4C333F520FE93077FA0DD9B412EA93F89E976883B5ECD9D518F476B8179F3EF018D3210F252815C89A93CBD12E69A027CD1F8A8A16707104527A6BF1F0BBB6F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.340515958754816
Encrypted:	false
SSDEEP:
MD5:	8915EE468068C80298C9D8E79DE90DBE
SHA1:	D5F33FFB6CBBDA033E622910B0596D535D762CA3
SHA-256:	3E66A2808430A1720EB17DB29145EE6F205DC8C6959F615B584A8A34797B7E3E
SHA-512:	38443327B4B2EE5FE6FDDF385CB3B3E9B1A141FE7C370EE3EF174BC37E0A7356B2BB251F67D24BDABDC87087FE5394CFB697FFC54866F8DC11758672F77C3F4C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.319222172981694
Encrypted:	false
SSDEEP:
MD5:	2D018504D29558ECDB672330CC248A57
SHA1:	44EFACF61B60A531C6E3019E59A8C2B2B405BA72
SHA-256:	07D2F190F02A709BD40B32CD94C7EDD1D6C17B62ECDBB7634896CD9ABDBB314E
SHA-512:	5B91DDA84DDEFCBFF25CC75C01994AF55388A72F634A2B5ACDC212170CED21A2B10A565F6EDAC155CA54AA723B55744D052E764AD1C38E77C38E63ECCB4164FA
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.382146340356064
Encrypted:	false
SSDEEP:
MD5:	7101851E64CF937CE5041EC7B32275F8
SHA1:	2BAEA47C69D85EACA35772FED3DD44900AF90548
SHA-256:	B9A312A73C037E65ACD2825CAD8DC90B534A6AA154F8932BC9AD1E026B6E5DF2
SHA-512:	C08E08F715F336ECC1F411B7A3EA18D7735CA5F63C7F4E1616B5E3BD19B68089E2D5022F9651D5E2CD43C94DBCB6D4D1E22CD99C35A2D8B7C4AFB37FEE8E91EC
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1123
Entropy (8bit):	5.691010819645183
Encrypted:	false
SSDEEP:
MD5:	384B31767E9E5A209F96EB40496E5EF5
SHA1:	93B5B1BE004483EECDA3779F634F0012AA67A1F3
SHA-256:	201363B013B1D4FD872EF6F5EA5B6AC0EA238E86A7BA8CC6696B2AFC66912223
SHA-512:	658BA6897749F477D8E66B98219D53DEFD7B924B1C2E34519740306EAE07D535223097D668DF094BF10E9C70B0D9FF50D0DD80D588DF86B9AD5D40CCCB4FC78D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1122
Entropy (8bit):	5.684574706983409
Encrypted:	false
SSDEEP:
MD5:	ACFDD8CAAAB221D5AAA6E4483259FDA5
SHA1:	7377A78C0B7E3563B374AD0D983181A80E8E230F
SHA-256:	498D6D0968499BFC0E0C8262455AA648D7094D1233911A438090DC4027438843
SHA-512:	984F7115B7B1044DE506B0D1610C74CB29CF2E0D4C1317170230DECC9DC97E868D943289417BE2E86499BE0CEFF51C8A09059855B8221B3BD0752A7A4ECA5424
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.332850066118882
Encrypted:	false
SSDEEP:
MD5:	D2F92D9AACE10705955D5507EC655AB7
SHA1:	55C96B15ED7D5839C43CE5AAC9F89965507D7C31
SHA-256:	78153F1DF825231B5FE619DD036A2B3E98221E1D1C9A8541065FA09945CBA544
SHA-512:	9A34C49F5574789E6E204C7E33A9DA36DF2D795CBD25BCE078CE978D00D71D09BA65B0D905C9A23E35D374EF84C73D3CCC167CF4C28689F25CCAC303652D90FA
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1102
Entropy (8bit):	5.675619309139962
Encrypted:	false
SSDEEP:
MD5:	FF93AE873140901C265405C8529EB34C
SHA1:	8E2D5E7EEFE0AC02DB753652A29AB9A6B01E9035
SHA-256:	E2A3FD3BEBDEB047FAF8E9BACA2D88B8BC69198B1B82F51E4975452913CD54A8
SHA-512:	F67DE745AF76C0CF987AE4DD635F339DA1E9DD93DA8E5246737F6D60B57D57D2E766DF134B86CF8F8EDFF31F3725E73CC1095E865B8166DF5E774C365C189ADF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.703415378800668
Encrypted:	false
SSDEEP:
MD5:	F9F0B0792F73B3F99E49017CDF202AD5
SHA1:	C48820DC6E43DB3BB8BCC90DEFEEC100CA5B17F2
SHA-256:	E5067EB6AFCB4E0D00A436D53DEF588F8634E2A42BFA9FF6A1FD3A12EA5E7A72
SHA-512:	4DA340D7482AE6158821CD303106A1D811360D43FEE2257EC93F476454C92A6095CE29EB2D73A5CECAE1BC8773E27FB38725D594D2A0C1EBBCAD7E39C06A16AE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.336301929181012
Encrypted:	false
SSDEEP:
MD5:	BF384479338704A3ED32F56E85E3813E
SHA1:	EEFD19B384D36AFE683313BAA83B3450CE788FF9
SHA-256:	916C4F1F3D3D33FB46B27D85B3C3BE71231248524E4CE3E818E73478FCF08270
SHA-512:	A916421D27DAD580D53D003FC97B5F70F5698EACFDCC66CFD7E1CB7A8D242A1B5A45CEB1CF10F788374BB9F930DC06FE3761C788F0FB54285CD4D2AC8E7964E3
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.322991420475381
Encrypted:	false
SSDEEP:
MD5:	C5F11780E0D1C1BF4C506A3640C88945
SHA1:	3F9B20DA911A6DCB12E093FFF2A9F094B4110E45
SHA-256:	51832CF86BE07D2DC4C9330FE1897CCB0FDC81C28C41688F7634F07050DDCEFF
SHA-512:	82E4519AC52DB4D65663E1A49819AE7224286EEE30FB6B9CA09713060A7D3FB20057AEA3E8D5C4BBCE5A4CEC5E7BCB28B1DC0B0921601732F8A00DD709765DF3
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.319599529059816
Encrypted:	false
SSDEEP:
MD5:	D489CC082451D0EE30CD512530EE2FA8
SHA1:	9755D93AFAF37BAE322AF587C00BDEEC392EC10E
SHA-256:	57394EA92E183076FD143BE67FF0D56A5A7E4A42EAE469326F94751C63DA03E7
SHA-512:	2CF2720AFC37F6F1ABF67E1F00325808BD356D904AFDCBCECA9B930EE10F44B745832D42D32C03222EB77C689B81DCE2521CC108BA3CD8102183DB207CE9D4A8
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.3234833222846945
Encrypted:	false
SSDEEP:
MD5:	139D7675DFE140BEA692E758390F3B83
SHA1:	4D782E0F707160047E56AC6F570BA92AA5295455
SHA-256:	EDEF56DBC4F1D9CF9ED21EA3FCC00ABF9A0A1361756880E8704824CEEA244221
SHA-512:	E3DE57A5CF7169D538C9DDF4823D2BF925B8F93AD36019C4FDC358525AEC822CD29C6056535DBB99415FD7BE763A0DE9003955CAD44486FDADB7AB8668B39EA2
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	5.667259431573141
Encrypted:	false
SSDEEP:
MD5:	DCEF652623AF26DBADE8869EF3A97171
SHA1:	2A58A91FBC8C5802A598E294DC3F506FCBC45102
SHA-256:	02166283461C52333A83B4AD741EE83EF92DB669C7F6DDAA0903394D1B9D5CD2
SHA-512:	B0C56C063F306D930D87E96124189B1ACDD121B9B34B51C494285E026A43ACA8B7765EDF4A083BEF0271B3197C9E871FEA83B5339870EE40CA1ED3A16C0B5E4A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.298951141511809
Encrypted:	false
SSDEEP:
MD5:	70C175940AAAE9FF2075E747DC704F2A
SHA1:	1091BC6F82FCE086412BF9A798CD2EF44FADE83C
SHA-256:	95AAA6C48866056338FBD591D3C2078277C2349A776B6A792DEDD2D7EDCAD691
SHA-512:	5C8466F7C9B176011D561ED7B63F8124F79F53B74985D69D8DAD38D9644C65C6472AFBE4928F890D456E8E53B3FA6C5594BCECACD723B6EFCA71702F8EB7066B
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.30643870676435
Encrypted:	false
SSDEEP:
MD5:	33F14E5F8BD32A9CAC100B146B9C84DF
SHA1:	471BF03DCDB3A5B5176FB7DE14D0D6B512DA5776
SHA-256:	CC024BC1BD24E5F13C28F2EF26BF6927A00A52BAAE84B2681F9EFCC1CCD07441
SHA-512:	37942C360EF03513E406C624403D4D05DCE621D650CC48BC69838BEAA9C3B10339C58FD0557663DDBF213DA8066DC0D236E8C376F5DD54635F9ABADC18F47266
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"4bd230b5-fce4-434f-9bf0-1a866b8f0da8","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732917215949,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2817
Entropy (8bit):	5.147733905574223
Encrypted:	false
SSDEEP:
MD5:	1AD74419248DDA4EDE571FEBF7572F07
SHA1:	E3B84AE790BDCDB90900628814BEBE4E36363631
SHA-256:	A998CBDC3514E99B68AB38F0944C08696EB1D534D03BEF260BD444AF021D8FB8
SHA-512:	D90124DB8B3612AD2DA0D9023583396C813CE19409282ACC6762A9A39619D578080F52BF327206C18E03C5D9998B8F530D32F08C98422C9A7C399EDE7DF7335F
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"64ef6c8e4947a2642ba1a9dc5ab48f84","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732739615000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a84cb01da0445816f432b794692ff565","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732739615000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c781318118358867cc02721d024d316d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732739615000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"74907db3cbbb2e58ba4cd121bec3ca7e","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732739615000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"f41227467e71e74072a51e29502c24f7","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732739615000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"5fa7aab7cee8e630a746be4c18328354","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	66726
Entropy (8bit):	5.392739213842091
Encrypted:	false
SSDEEP:
MD5:	CAE99EDE6615B80CFCF35276B58711F1
SHA1:	A8F33790D0954045253435D253E5FF40C6B55087
SHA-256:	F2A284DD8FFA9F6D1CA38F2268749AA3B7AA02ADCB460CE23334DD477A8A6B27
SHA-512:	2BA0D52D4C6A4D7940C49C15906E24F796E570482D1605126E0751FE5F3EDBBCF6FB7438FFF3E06A9EFA77BE1F082255A4FAC3A369114CECB90A6F509D559772
Malicious:	false
Reputation:	unknown
Preview:	4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Temp\MSI93dc5.LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5085442896850614
Encrypted:	false
SSDEEP:
MD5:	F6DBC4868D9770E7200089CB73858184
SHA1:	A6E1C96802A36752FBFFEBEDC35A12FD84FC21FA
SHA-256:	5351D0B7B1F9BF8D88330D003A50C887C2A5C6C8F018F80479462BF69EED2BF6
SHA-512:	6FF4BD34CC4912A2C7946C1D77118861FC42B2E5BB725464D6610953265FB021C0595FA5A558E69F852E7C8BD28704C1377E2C3C885FD5A74A1E59D4B907590A
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.1.1./.2.0.2.4. . .1.5.:.3.3.:.3.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A917nn2ol_ls55i0_1es.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.056944194491293
Encrypted:	false
SSDEEP:
MD5:	9201BC1D4CD76E0AA32F2C427158B8D2
SHA1:	2DF067834C43E8606E23AE597289C62994A420D5
SHA-256:	7D1958F14EABFC76441D76ADA57ADDA76CC7B94FCB5504A20CE4F0BCBBA23871
SHA-512:	A6E1E6D058FE3BEB871AB6510EBEE3A5907E1C431DF2ABC3B4C81302D41E143B81E50F9058DBEB059D6A45E3D7B5560D1BFBE656EC4B92E687A5630B2B7E3DC3
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<CCC1B26D99D37249AF50D4AAA41ADFF7><CCC1B26D99D37249AF50D4AAA41ADFF7>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 27 19:34:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9841519446628713
Encrypted:	false
SSDEEP:
MD5:	904EF9B6199DA4FF20D9A6F283B10749
SHA1:	89B3D13940D1016009F1D30272DA4F200249FBBF
SHA-256:	220AB61BFF19501002834DDC9C58F632CC92E2FC20B684999F4969FCF33E1616
SHA-512:	0D62B952F290008AADB0F38915DA1457D96CB08488646CB838D9EF2E5EABFCEB21DAEA0F4BD2245D7B51CF69AC1FDE6A769A5EBEA91151A4B02931F39CE56B20
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....8...A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I{Y$.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V{Y=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V{Y=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V{Y=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V{YA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............).t.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 27 19:34:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.001629023475367
Encrypted:	false
SSDEEP:
MD5:	BF05B215EF490E587B405343C31525FF
SHA1:	D60D9515B7FD957E1ECDEC26A84E1AB37567E66B
SHA-256:	E681275C1322399D3003B377528443F1B6115DE7C4DA12546C1BA3895BA4D48C
SHA-512:	FFE07B2ED53579DF98C682C64C45FA498D8329D3A7020E2F8A8DCA59F46850F7E88A49B78691E13B3A3E6D6D3FE9C3E01FFFCCBCFD45AAA8027D3CFFAF419DC6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....d,..A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I{Y$.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V{Y=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V{Y=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V{Y=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V{YA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............).t.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.012378574090912
Encrypted:	false
SSDEEP:
MD5:	19912389E4BFE0F2D9A4ABD4AADD5529
SHA1:	43129A88C42425ED19A6EDAF587DFC37C1F87323
SHA-256:	5F50327122215612AC32A3AE540CF91066AA4F2AE1FE70AFDB275947547481F3
SHA-512:	FC86970154A7ACB38F71A85E1BC4B4A274C7F9B43ABDB582DA055E6C8B981AF7B51321485A3713B7E528F773A7F7F3A87EC4CA7038139006CC91D1034C28EE90
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I{Y$.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V{Y=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V{Y=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V{Y=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............).t.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 27 19:34:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.0024028602854065
Encrypted:	false
SSDEEP:
MD5:	E46FD64E7007F285795FAB33E51D7701
SHA1:	CB0F1C7CF994DCE13B89690117F023811AD44B81
SHA-256:	E0BDCC748E4B6279483067FE379AF61FCD8E03A78D56D9EC16C3C094B2DF894E
SHA-512:	839CD3FB6CDC4FFF838D12C6AD464136766D18C38FACD1CC1BF75C7A44D2D4EEDD67A9BC52310D21A1413CDFFDCEB954B6CAB21608169B12AC1B96DB27D907D0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I{Y$.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V{Y=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V{Y=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V{Y=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V{YA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............).t.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 27 19:34:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9911350804617713
Encrypted:	false
SSDEEP:
MD5:	BF3F6C381E4F3F697777F4E45DDA0BA7
SHA1:	CBD14957795B975541B0D9E537CE7F323061FCCB
SHA-256:	171DFF0FE32711588549F7A341FA580E0DDF97D5DB131FB28D6FF5F49030E17E
SHA-512:	DD394C1C0F823000F8379D32B11FDAC5432CA2FB6CE2EA37783DC553DF7EC9C5AACF6AAB8EEA02712667300A1F995BD4397363E33B0DAFB9EDB42E24A8FD647B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I{Y$.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V{Y=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V{Y=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V{Y=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V{YA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............).t.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 27 19:34:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9969301516658566
Encrypted:	false
SSDEEP:
MD5:	EF67DB1CF20B6ACEA67C7D368D588FE9
SHA1:	80A4CE129EE8E0CA21BE729E03462433E9722C62
SHA-256:	422E6C10148B65A18201BE49649F61D9B6884645A76EBBD6E2D7736D4C038409
SHA-512:	43B4D5001CFF6FEA55B4A848EFC74D17DC0D9791CCC7EC7BAC972CABB53F95F9F8560CFBDEBD5E3CB3966425CFAF333C6C647A2B7B5C63147A1BCAA868F040B9
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....p...A..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I{Y$.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V{Y=.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V{Y=.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V{Y=............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V{YA............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............).t.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

General

File type:	PDF document, version 2.0 (zip deflate encoded)
Entropy (8bit):	7.077093526967834
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Demande de proposition du Accueil-Parrainage Outaouais.pdf
File size:	15'762 bytes
MD5:	95040e451261adcf4d1d760812e70264
SHA1:	cbe9de838970ecf15f61e65bc5f070841b98fc74
SHA256:	f1fb23b50aae30ff9cb5ee4adeeda10e0aca7256b5e144ffa0ac06021e69721b
SHA512:	2807222669a085ba394ebb19b824198591ed06ea59b7951ebb6a99dcb8300d3342a62b33933ab47740745eec78f7d309577519c112ac3644af70b5ae07b29f86
SSDEEP:	384:8IIbL3Gdn8c+E3omz2V9WZZYJ96K47nstghmf:BIbbY3l48W94ZYr6r7nstghg
TLSH:	50629E55CC79E919D402AA70F0049E4A4085E8C2DA5A2CBF379D4AD76F49F31FC42FDA
File Content Preview:	%PDF-2.0.%.....7 0 obj<</Linearized 1/L 15762/O 12/E 12346/N 1/T 15465/H [ 1024 300]>>.endobj. .8 0 obj<</Root 9 0 R/Info 5 0 R/ID[<1081

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-2.0
Total Entropy:	7.077094
Total Bytes:	15762
Stream Entropy:	7.258830
Stream Bytes:	13292
Entropy outside Streams:	4.675239
Bytes outside Streams:	2470
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	14
endobj	14
stream	11
endstream	11
xref	0
trailer	0
startxref	2
/Page	1
/Encrypt	0
/ObjStm	3
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
13	4002c0f2a4c00280	26c2524a4c9c672e999c81573a6c3c0b
14	13252b3139332d1b	ddc3d74406ed475a001a7cccf0da0726