Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Millich Law.pdf

Overview

General Information

Sample name:Millich Law.pdf
Analysis ID:1480299
MD5:b4d85a8a03968a2ef19ac9fe75915467
SHA1:1257089ab0b9688647197c7183593495f616536a
SHA256:c209648793998038b6136a7ecb1d9525a933d710f0c5e05c8e475e7c26a375d4
Infos:

Detection

HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish54
AI detected suspicious PDF
Phishing site detected (based on image similarity)
Found iframes
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains obfuscated script src
IP address seen in connection with other malware
Stores files to the Windows start menu directory

Classification

  • System is w10x64
  • Acrobat.exe (PID: 1196 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Millich Law.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3528 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7304 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1624,i,5222917639339854965,16251421876046146031,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.eaeunion.org/bitrix/redirect.php?goto=https%3A%2F%2F96814a23.3d37a4ae4892daf344c7add8.workers.dev MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7300 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2068,i,9472662628826597003,7473833552396198137,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
6.10.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    5.6.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      6.15.i.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        5.3.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          6.4.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
            Click to see the 2 entries
            No Sigma rule has matched
            No Snort rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: https://96814a23.3d37a4ae4892daf344c7add8.workers.dev/SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
            Source: https://payhip.one/?vvgjwowmAvira URL Cloud: Label: malware
            Source: chromecache_210.7.drBinary or memory string: const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----memstr_ec72dd16-d

            Phishing

            barindex
            Source: https://cloudsharefiles.icuLLM: Score: 9 brands: Outlook Reasons: The URL 'https://cloudsharefiles.icu' is highly suspicious as it does not match the legitimate domain 'outlook.com' associated with the Outlook brand. The use of a .icu domain is unusual for a reputable service like Outlook. The webpage prominently features a login form, which is a common tactic used in phishing sites to harvest user credentials. Additionally, the presence of links like 'No account? Create one!' and 'Can't access your account?' further suggests social engineering techniques to mislead users. The overall design mimics the legitimate Outlook login page, which is a common phishing strategy. DOM: 6.7.pages.csv
            Source: https://cloudsharefiles.icuLLM: Score: 9 Reasons: The domain 'cloudsharefiles.icu' is unusual and not commonly associated with legitimate services, the domain extension 'icu' is not commonly used for legitimate websites, and the lack of a CAPTCHA system and the simple and minimalistic design are all red flags for potential phishing. Additionally, the brand name 'cloudsharefiles' does not seem to be a well-known or reputable brand, which further increases the likelihood of the site being a phishing attempt. Users should be cautious and verify the authenticity of the site before entering any personal information. DOM: 6.7.pages.csv
            Source: https://cloudsharefiles.icuMatcher: Template: microsoft matched with high similarity
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueMatcher: Template: microsoft matched with high similarity
            Source: Yara matchFile source: 6.10.id.script.csv, type: HTML
            Source: Yara matchFile source: 5.6.id.script.csv, type: HTML
            Source: Yara matchFile source: 6.15.i.script.csv, type: HTML
            Source: Yara matchFile source: 5.3.pages.csv, type: HTML
            Source: Yara matchFile source: 6.4.pages.csv, type: HTML
            Source: Yara matchFile source: 6.5.pages.csv, type: HTML
            Source: Yara matchFile source: 6.7.pages.csv, type: HTML
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueMatcher: Found strong image similarity, brand: MICROSOFT
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: Iframe src: https://outlook.office365.com/owa/prefetch.aspx
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: Number of links: 0
            Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t5phh/0x4AAAAAAAfPSHq6Au1oXT_C/auto/fbE/normal/auto/HTTP Parser: Base64 decoded: {"version":3,"sourceRoot":"/cfsetup_build/src/orchestrator/turnstile/templates","sources":["turnstile.scss"],"names":[],"mappings":"AAyBA;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IAEI;;EAGJ;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI...
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJHTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gYygpe2lmKCFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuYiIpIHx8ICFkb2N1bWVudC5xdWVyeVNlbGVjdG9yKCIuZyIpKXtkb2N1bWVudC5oZWFkLmFwcGVuZENoaWxkKE9iamVjdC5hc3NpZ24oZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iikse2NsYXNzTGlzdDpbImIiXX
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://96814a23.3d37a4ae4892daf344c7add8.workers.dev/HTTP Parser: No favicon
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==HTTP Parser: No favicon
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: No favicon
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: No favicon
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: No favicon
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://cloudsharefiles.icu/?thvlga9m7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NDRlOWJmZWMtMGFiYi1kYzdiLTY5ZjMtZTljODFkYTAxODI4JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3NDMwNDU4MTEwNDU1Mi41Yzk0ODYxYS01MjIyLTRhZTYtODhkMi1hZWQ0YzFkMWM0N2Umc3RhdGU9RGN0QkVvQWdDRUJSck9rNHBDQUlIWWRSMXkyN2Zpei0yXzBDQUdkMlpLVWxZS083bXZRbTZrU3A4cTN6RVI4VXFNeU1FbnVnLTJLTXZXVFNvaW0yUzc1WGZiLW9Qdw==&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: Joe Sandbox ViewIP Address: 13.107.246.45 13.107.246.45
            Source: Joe Sandbox ViewIP Address: 104.18.94.41 104.18.94.41
            Source: Joe Sandbox ViewIP Address: 23.56.162.185 23.56.162.185
            Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
            Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
            Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
            Source: chromecache_207.7.drString found in binary or memory: http://github.com/jquery/globalize
            Source: chromecache_209.7.dr, chromecache_220.7.dr, chromecache_208.7.dr, chromecache_229.7.drString found in binary or memory: http://knockoutjs.com/
            Source: chromecache_209.7.dr, chromecache_220.7.drString found in binary or memory: http://www.json.org/json2.js
            Source: chromecache_209.7.dr, chromecache_220.7.dr, chromecache_208.7.dr, chromecache_229.7.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
            Source: chromecache_210.7.dr, chromecache_232.7.dr, chromecache_231.7.drString found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
            Source: chromecache_206.7.drString found in binary or memory: https://cloudsharefiles.icu/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2Nsb3
            Source: chromecache_208.7.dr, chromecache_229.7.drString found in binary or memory: https://github.com/douglascrockford/JSON-js
            Source: chromecache_209.7.dr, chromecache_220.7.drString found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js
            Source: chromecache_211.7.drString found in binary or memory: https://login.microsoftonline.com
            Source: chromecache_211.7.drString found in binary or memory: https://login.windows-ppe.net
            Source: chromecache_210.7.dr, chromecache_232.7.dr, chromecache_231.7.drString found in binary or memory: https://payhip.one/?vvgjwowm
            Source: classification engineClassification label: mal80.phis.winPDF@33/104@0/15
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-24 11-04-46-743.logJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
            Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Millich Law.pdf"
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1624,i,5222917639339854965,16251421876046146031,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.eaeunion.org/bitrix/redirect.php?goto=https%3A%2F%2F96814a23.3d37a4ae4892daf344c7add8.workers.dev
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2068,i,9472662628826597003,7473833552396198137,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1624,i,5222917639339854965,16251421876046146031,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2068,i,9472662628826597003,7473833552396198137,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: Docs.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Google Drive.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: YouTube.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Sheets.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Gmail.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Slides.lnk.6.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: Millich Law.pdfInitial sample: PDF keyword /JS count = 0
            Source: Millich Law.pdfInitial sample: PDF keyword /JavaScript count = 0
            Source: Millich Law.pdfInitial sample: PDF keyword /EmbeddedFile count = 0

            Persistence and Installation Behavior

            barindex
            Source: PDF shotLLM: Score: 8 Reasons: The PDF document contains a visually prominent QR code with instructions to scan it with a cell phone camera and click the generated link to view the document. This creates a significant risk as QR codes can easily redirect users to malicious websites. The text 'Scan the QR CODE below with your CELL PHONE CAMERA and click the generated link to view this document' creates a sense of urgency and interest, prompting the user to take immediate action. Additionally, the document impersonates a law firm, which is a well-known type of organization, to gain the user's trust. The combination of these factors indicates a high risk of phishing or malware.
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Drive-by Compromise
            Windows Management Instrumentation1
            Browser Extensions
            1
            Process Injection
            1
            Masquerading
            OS Credential Dumping1
            System Information Discovery
            Remote Services1
            Archive Collected Data
            Data ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Registry Run Keys / Startup Folder
            1
            Registry Run Keys / Startup Folder
            1
            Process Injection
            LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1480299 Sample: Millich Law.pdf Startdate: 24/07/2024 Architecture: WINDOWS Score: 80 34 Antivirus detection for URL or domain 2->34 36 Phishing site detected (based on favicon image match) 2->36 38 AI detected phishing page 2->38 40 3 other signatures 2->40 7 Acrobat.exe 20 65 2->7         started        9 chrome.exe 9 2->9         started        process3 dnsIp4 12 AcroCEF.exe 108 7->12         started        22 192.168.2.10 unknown unknown 9->22 24 192.168.2.11 unknown unknown 9->24 26 2 other IPs or domains 9->26 14 chrome.exe 9->14         started        process5 dnsIp6 17 AcroCEF.exe 6 12->17         started        28 13.107.246.45 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 14->28 30 40.99.150.18 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 14->30 32 8 other IPs or domains 14->32 process7 dnsIp8 20 23.56.162.185 AKAMAI-ASUS United States 17->20

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://96814a23.3d37a4ae4892daf344c7add8.workers.dev/100%SlashNextCredential Stealing type: Phishing & Social Engineering
            https://login.microsoftonline.com0%URL Reputationsafe
            http://www.opensource.org/licenses/mit-license.php)0%URL Reputationsafe
            http://knockoutjs.com/0%URL Reputationsafe
            https://login.windows-ppe.net0%URL Reputationsafe
            http://www.json.org/json2.js0%URL Reputationsafe
            http://github.com/jquery/globalize0%Avira URL Cloudsafe
            https://payhip.one/?vvgjwowm100%Avira URL Cloudmalware
            https://cloudsharefiles.icu/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2Nsb30%Avira URL Cloudsafe
            https://github.com/douglascrockford/JSON-js0%Avira URL Cloudsafe
            https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.js0%Avira URL Cloudsafe
            https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback0%Avira URL Cloudsafe
            No contacted domains info
            NameMaliciousAntivirus DetectionReputation
            https://96814a23.3d37a4ae4892daf344c7add8.workers.dev/true
            • SlashNext: Credential Stealing type: Phishing & Social Engineering
            unknown
            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t5phh/0x4AAAAAAAfPSHq6Au1oXT_C/auto/fbE/normal/auto/false
              unknown
              https://outlook.office365.com/owa/prefetch.aspxfalse
                unknown
                NameSourceMaliciousAntivirus DetectionReputation
                http://github.com/jquery/globalizechromecache_207.7.drfalse
                • Avira URL Cloud: safe
                unknown
                https://cloudsharefiles.icu/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2Nsb3chromecache_206.7.drtrue
                • Avira URL Cloud: safe
                unknown
                https://login.microsoftonline.comchromecache_211.7.drfalse
                • URL Reputation: safe
                unknown
                http://www.opensource.org/licenses/mit-license.php)chromecache_209.7.dr, chromecache_220.7.dr, chromecache_208.7.dr, chromecache_229.7.drfalse
                • URL Reputation: safe
                unknown
                https://payhip.one/?vvgjwowmchromecache_210.7.dr, chromecache_232.7.dr, chromecache_231.7.drfalse
                • Avira URL Cloud: malware
                unknown
                http://knockoutjs.com/chromecache_209.7.dr, chromecache_220.7.dr, chromecache_208.7.dr, chromecache_229.7.drfalse
                • URL Reputation: safe
                unknown
                https://github.com/douglascrockford/JSON-jschromecache_208.7.dr, chromecache_229.7.drfalse
                • Avira URL Cloud: safe
                unknown
                https://login.windows-ppe.netchromecache_211.7.drfalse
                • URL Reputation: safe
                unknown
                https://js.monitor.azure.com/scripts/c/ms.analytics-web-2.min.jschromecache_209.7.dr, chromecache_220.7.drfalse
                • Avira URL Cloud: safe
                unknown
                https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallbackchromecache_210.7.dr, chromecache_232.7.dr, chromecache_231.7.drfalse
                • Avira URL Cloud: safe
                unknown
                http://www.json.org/json2.jschromecache_209.7.dr, chromecache_220.7.drfalse
                • URL Reputation: safe
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                104.21.5.142
                unknownUnited States
                13335CLOUDFLARENETUSfalse
                91.211.211.67
                unknownRussian Federation
                48719INTELSVYAZ-ASRUfalse
                13.107.246.45
                unknownUnited States
                8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                104.18.94.41
                unknownUnited States
                13335CLOUDFLARENETUSfalse
                172.67.154.166
                unknownUnited States
                13335CLOUDFLARENETUSfalse
                176.97.69.156
                unknownUnited Kingdom
                43658INTRAFFIC-ASUAfalse
                23.56.162.185
                unknownUnited States
                16625AKAMAI-ASUSfalse
                1.1.1.1
                unknownAustralia
                13335CLOUDFLARENETUSfalse
                142.250.185.68
                unknownUnited States
                15169GOOGLEUSfalse
                40.99.150.18
                unknownUnited States
                8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                104.18.95.41
                unknownUnited States
                13335CLOUDFLARENETUSfalse
                239.255.255.250
                unknownReserved
                unknownunknownfalse
                IP
                192.168.2.5
                192.168.2.11
                192.168.2.10
                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1480299
                Start date and time:2024-07-24 17:03:44 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 6m 13s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowspdfcookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:17
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Millich Law.pdf
                Detection:MAL
                Classification:mal80.phis.winPDF@33/104@0/15
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .pdf
                • Found PDF document
                • Close Viewer
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 184.28.88.176, 142.250.185.227, 142.250.185.142, 64.233.167.84, 52.22.41.97, 3.233.129.217, 52.6.155.20, 3.219.243.226, 172.64.41.3, 162.159.61.3, 34.104.35.123, 2.16.241.13, 2.16.241.15, 2.19.126.163, 2.19.126.137, 2.19.126.143, 2.19.126.149, 23.223.209.217, 23.223.209.207, 192.168.2.8, 216.58.212.131, 192.229.221.95, 217.20.57.21, 142.250.186.110, 93.184.221.240, 40.126.31.69, 20.190.159.64, 40.126.31.71, 20.190.159.75, 20.190.159.73, 20.190.159.68, 40.126.31.73, 20.190.159.0, 23.38.98.96, 23.38.98.104, 216.58.206.42, 142.250.185.74, 142.250.186.74, 172.217.18.10, 142.250.181.234, 216.58.212.138, 142.250.185.138, 172.217.16.138, 142.250.74.202, 216.58.206.74, 142.250.186.42, 142.250.184.202, 142.250.185.106, 142.250.185.170, 142.250.185.202, 142.250.185.234
                • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, acroipm2.adobe.com, wu.azureedge.net, dns.msftncsi.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, login.live.com, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, apps.identrust.com, wu-b-net.trafficmanager.net, clients1.google.com, e40491.dscg.akamaiedge.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, content-autofill.googleapis.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, aadcdnoriginwus2.azureedge.net, wu.ec.azureedge.net, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, aadcdn.msauth.net, p13n.adobe.io, login.msa.msidentity.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.del
                • Not all processes where analyzed, report is missing behavior information
                • VT rate limit hit for: Millich Law.pdf
                TimeTypeDescription
                11:04:53API Interceptor2x Sleep call for process: AcroCEF.exe modified
                SourceURL
                Screenshothttp://www.eaeunion.org/bitrix/redirect.php?goto=https%3A%2F%2F96814a23.3d37a4ae4892daf344c7add8.workers.dev
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                1.1.1.1PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                • 1.1.1.1/
                INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                Go.exeGet hashmaliciousUnknownBrowse
                • 1.1.1.1/
                104.21.5.142https://docs-paymentreceipts.infoGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                  13.107.246.45https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4Get hashmaliciousHTMLPhisherBrowse
                  • nam.dcv.ms/BxPVLH2cz4
                  23.56.162.185Bobier Sales_SKM_C590368369060_417161.pdf.pdfGet hashmaliciousHTMLPhisherBrowse
                    The Siedenburg Group #24-051-553861 Project.pdfGet hashmaliciousUnknownBrowse
                      The Siedenburg Group #24-051-553861 Project.pdfGet hashmaliciousUnknownBrowse
                        https://app.smartsheet.com/b/download/att/1/4551989320961924/a9qsrcukwyvga6dsz82rixnmpgGet hashmaliciousHTMLPhisherBrowse
                          OFS Consent Docs#878589(Revised).pdfGet hashmaliciousHTMLPhisherBrowse
                            Lakeland Regional Health - Service Agreement_data.pdfGet hashmaliciousUnknownBrowse
                              https://gres2eo-my.sharepoint.com/:f:/g/personal/ken_rogers_gres_com/Eq2myDCLZXtDtauKRajN9I0BogZj0lFAEi2MsRlm034R5w?e=gCwqLwGet hashmaliciousUnknownBrowse
                                Assigned File_ NO_84-7460327 Service Agreement_notice.emlGet hashmaliciousHTMLPhisherBrowse
                                  https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-inviteGet hashmaliciousUnknownBrowse
                                    phish_alert_iocp_v1.4.48 (6).emlGet hashmaliciousFake Captcha, HTMLPhisherBrowse
                                      104.18.94.41securedoc_20240724T165428.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                        https://url.us.m.mimecastprotect.com/s/UkmpCmZgG1h5BO2ghBi2tR8UWK?domain=forms.office.comGet hashmaliciousHTMLPhisherBrowse
                                          https://skvbermeo.freshdesk.com/en/support/solutions/articles/154000168804-pedido-purchase-order-s124m0003aGet hashmaliciousHTMLPhisherBrowse
                                            https://skvbermeo.freshdesk.com/en/support/solutions/articles/154000168804-pedido-purchase-order-s124m0003aGet hashmaliciousHTMLPhisherBrowse
                                              https://pub-47b15c982a8d495da7002fa629c6f9a0.r2.dev/www.outlook.office365.cozsidAAQkADZiMjRkdgdMm0000dgdfZDktNGEzNS04ZW000000000000ftekjsguwmgde000000.htmlGet hashmaliciousUnknownBrowse
                                                https://presentationprojectconvini.dorik.io/Get hashmaliciousUnknownBrowse
                                                  https://securepubads.g.doubleclick.net/pcs/view?adurl=https://vefzrlhbb.cc.rs6.net/tn.jsp?f=001vXBf4j0AOa0SyR61aoskl_kad2s3858SYUG04aj8L2kKTSpWcYbZEk2UMvbh0XebT2eWfL1GAJ0EZ6QeagXutmieHF2Fb3P4PPVJvp3UegO_mBnTOYzTw6oPPzwS7g9CVUPGu1cUXuOvLv7yoqcYQ9mI3dPTVj8oNFvg7X-EdC_OlekTnk5rmk543EGhrzmRJvugLF6hiB7mYWarSmDTz_CXnZiGPCogPIPB3pv-YynKZ9dppazt1UsAqxMOiLFo1N7tH4SrQ3Vio_ouLFK7q7WcIyM95p4-nt6YQDZuP_sNzSUF6di8p-PRJIoHXQb_vMZ3b5t1jqbCnXkcyXpTNrZLcmdU7kOz5cQ7jssGeYRD71eDi5kDkqAikjUSnoxWIlv3zJrKULQQC3SOHdC-A1ERuI0uCK6YtsPx5ywLHc2HKJc9llBKoVLjNsb5Vv5ZDMiyiOiMhS6lEpfNPX4-R-LNRX_pl-bEqqKNM338vrX-5cUKCGVFT9mhH8cUNHx_nSTlNlOOcNWmiMTdubvIy2joYxTP3X2W5r8JBfeKzz3IBjse-QDrA2oPrPvb0FMMmRZCJ4uhSJDtg3hcYx-YqvvmOawj6hLMQEP4E_kFHItvwrl4Nizos7bPsSUAenzH&c=&ch=Get hashmaliciousHTMLPhisherBrowse
                                                    https://lailaf50897.clickfunnels.com/auto-webinar-registration1721805327948Get hashmaliciousHTMLPhisherBrowse
                                                      https://web1.storegate.com/share/WYx9wapGet hashmaliciousHTMLPhisherBrowse
                                                        https://forms.office.com/Pages/ResponsePage.aspx?id=1Q-W37eeFkOVQFk99a-XlFYn76Ck1HRGrw1irS-ELQ9URTlQNkZEQk9aR1UyU0ZYQzNDUjVRWk1YUi4uGet hashmaliciousUnknownBrowse
                                                          172.67.154.166https://docs-paymentreceipts.infoGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                            No context
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            MICROSOFT-CORP-MSN-AS-BLOCKUShttps://rb.gy/ExNW8QGet hashmaliciousUnknownBrowse
                                                            • 13.107.42.14
                                                            VaajyQsbTV.exeGet hashmaliciousGhostRat, NitolBrowse
                                                            • 13.107.246.42
                                                            http://link.mail.beehiiv.com/ss/c/u001.6C5fb2jgNhK_7sih4vM3VdXQvrvE9q5c82BetVgY4Tn_3vzvYophOo2JT7xoV-WSpIvcZOkxKRXavgDLqT8WDs81Kxwhn4ndaTj0SIW8pbE34PI3c8z85y8KF4b-3ctNBArb85FAtL-FvZ40umZH9aQETjMP7rTEiG1euALUwnOXxEOVey2ATbLesbQR6xxXmVQHnmd4pAMEpmvli0DXS3xWhmye0azQAc3gRlzrGWVUMzqfQog2yJQHz6Mdmf6a4nCgejh2JKgdwU-dC7d7RpcWEcgULfqQmicxg_xKRYc1aJrR3j1E3jT9fZxZO7WhDsQCbeMl8Mpj69s5RbxkO_huRS08Z3pfl78-scr41jA/47y/YxEtkvUcQDyArHo9NWTE1A/h6/h001.EMfOFVR5jhkE5RSbP1E9Z3FDv6QlJukJxLDJqd6igsM#DB87@OFSOPTICS.COMGet hashmaliciousHTMLPhisherBrowse
                                                            • 13.107.246.45
                                                            https://www.google.co.uk/amp/s/microsof0nline.blob.core.windows.net/login/index.htmlGet hashmaliciousUnknownBrowse
                                                            • 20.150.85.196
                                                            https://www.dropbox.com/l/scl/AAAGZgqGD2VsOM3BmcwwRTtQakzHTKGjOQQGet hashmaliciousUnknownBrowse
                                                            • 13.107.42.16
                                                            https://netorgft13071175-my.sharepoint.com/:o:/g/personal/ron_paans_eosos_de/EVr6FZBbEFNKsxZzeT-AGJ4By1OBnTGB6A7gZiaEWkJe0Q?e=4%3aRHiujJ&at=9Get hashmaliciousUnknownBrowse
                                                            • 13.107.136.10
                                                            4E20A72F2791A602F8EE9999765A9365729FF929DA4D5FA6BE7BFB4C20E9989E.exeGet hashmaliciousUnknownBrowse
                                                            • 13.107.246.60
                                                            4D8B9771E44C71F5D5442559FAD0B99581C6E33B339AF9ECEC54095A18AAFE82.exeGet hashmaliciousUnknownBrowse
                                                            • 13.107.246.60
                                                            4758A405897A4558947128A98D33E22BDFCD3802E6D843BB451FF06CBBCD24E9.exeGet hashmaliciousUnknownBrowse
                                                            • 13.107.246.60
                                                            44FCBF4B6194A2835B5193606C9AD3AC9AA62B3FE6F724201F8B8EDFD3B24076.exeGet hashmaliciousUnknownBrowse
                                                            • 13.107.246.45
                                                            CLOUDFLARENETUShttps://mfgvendor.feeco.com:8081/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://mfgvendor.feeco.com:8081/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://rb.gy/ExNW8QGet hashmaliciousUnknownBrowse
                                                            • 188.114.96.3
                                                            securedoc_20240724T165428.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                            • 104.17.25.14
                                                            http://redapplelaw.redappledigitalsolutions.com/auth/registerGet hashmaliciousUnknownBrowse
                                                            • 104.26.1.216
                                                            http://link.mail.beehiiv.com/ss/c/u001.6C5fb2jgNhK_7sih4vM3VdXQvrvE9q5c82BetVgY4Tn_3vzvYophOo2JT7xoV-WSpIvcZOkxKRXavgDLqT8WDs81Kxwhn4ndaTj0SIW8pbE34PI3c8z85y8KF4b-3ctNBArb85FAtL-FvZ40umZH9aQETjMP7rTEiG1euALUwnOXxEOVey2ATbLesbQR6xxXmVQHnmd4pAMEpmvli0DXS3xWhmye0azQAc3gRlzrGWVUMzqfQog2yJQHz6Mdmf6a4nCgejh2JKgdwU-dC7d7RpcWEcgULfqQmicxg_xKRYc1aJrR3j1E3jT9fZxZO7WhDsQCbeMl8Mpj69s5RbxkO_huRS08Z3pfl78-scr41jA/47y/YxEtkvUcQDyArHo9NWTE1A/h6/h001.EMfOFVR5jhkE5RSbP1E9Z3FDv6QlJukJxLDJqd6igsM#DB87@OFSOPTICS.COMGet hashmaliciousHTMLPhisherBrowse
                                                            • 104.18.69.40
                                                            SecuriteInfo.com.W32.Lokibot.N.gen.Eldorado.28246.8151.exeGet hashmaliciousLokibotBrowse
                                                            • 104.21.65.79
                                                            https://u45839844.ct.sendgrid.net/ls/click?upn=u001.DllELGnMN-2FgwhPuw-2Bw-2BNgnmCFrfnsrctB8UQDAzNXZjNxpXpR2XKCBH3KthzekeYjaQbAA5LVcSujhMLVBWSnb2uqKjideDrmtYjteyHbcY-3DVOSG_eH7kZOEBJckm0lbfavKeEjXQgDcXEoTs4hlXzovVib9ds-2F8T92pqONkaTjg8DIkzupCO8NGtXqlMZORh0VZrRebaYQDw-2F1cs5cZjQ3jKjnAbQSx6JHPZK1-2F-2Fim0iGhiJRpXS6CHLx2XY2QhyuOQPi1BQNckNSrlGnSo7tfNz-2FxLDU3SSyPj0JdUOc8e0dUZYwAsbzZEsHLw-2BsqGT9chBpfiKB7hSzPykCsWC3EnYNmGZXURKkY9cgFlX1wiFMuvEj1REXgr7jFKZfJeau8BuLIsBDEBB-2BSoYK-2BycEZ38w7bCu3IQro31ke-2FAq552arUSFCi2TKQJQbpRwV6wPpGIs8IoqSrpuMw1ckBevCdjFAGXvbVOwe-2B7ojm5NPUPfO28yeCN37VpJ6C-2Fy-2ByuFcAeHd0ltdClYFVsrlLry5vSoVoMBxOXyION2UWcfwbT1J08TpTRcrl2WJmakRx3o1eJ30Rj5nuZyBG3dTZU4osRARY4Ei-2Ba-2F78IkgHV6qqnFiCC00dgTWTaTSAFSz5SIHRu6ppjaFaGzM0I0-2FCIYXBT-2BRzqQZUh-2FAuxfn1vfL9Ofh8Ez-2Fh2cqCwHTWqaCiOUZX-2B7g-3D-3D#john@steinborn.comGet hashmaliciousHTMLPhisherBrowse
                                                            • 104.18.3.35
                                                            4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                            • 104.21.4.208
                                                            PXTCFXKM.exeGet hashmaliciousLummaCBrowse
                                                            • 188.114.97.3
                                                            INTELSVYAZ-ASRUhttps://eec.eaeunion.org/Get hashmaliciousUnknownBrowse
                                                            • 91.211.211.109
                                                            INTRAFFIC-ASUAMh578aJbfT.exeGet hashmaliciousMars Stealer, PrivateLoader, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                            • 176.97.76.106
                                                            1CMweaqlKp.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                            • 176.97.76.106
                                                            U8uFcjIjAR.exeGet hashmaliciousLummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                                            • 176.97.76.106
                                                            JlvRdFpwOD.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRATBrowse
                                                            • 176.97.76.106
                                                            t8rEZVhm8F.exeGet hashmaliciousPureLog Stealer, RedLine, SectopRAT, zgRATBrowse
                                                            • 176.97.76.106
                                                            LpCkcXmzD1.exeGet hashmaliciousPureLog Stealer, RedLine, SectopRAT, zgRATBrowse
                                                            • 176.97.76.106
                                                            A4eSWqbQPf.exeGet hashmaliciousMars Stealer, RedLine, SectopRAT, Stealc, VidarBrowse
                                                            • 176.97.76.106
                                                            cdII5mhga0.exeGet hashmaliciousPureLog Stealer, RedLine, SectopRAT, Stealc, zgRATBrowse
                                                            • 176.97.76.106
                                                            vUHPxHrwaD.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                            • 176.97.76.106
                                                            u7p2rff5aP.exeGet hashmaliciousMars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRATBrowse
                                                            • 176.97.76.106
                                                            CLOUDFLARENETUShttps://mfgvendor.feeco.com:8081/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://mfgvendor.feeco.com:8081/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://rb.gy/ExNW8QGet hashmaliciousUnknownBrowse
                                                            • 188.114.96.3
                                                            securedoc_20240724T165428.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                            • 104.17.25.14
                                                            http://redapplelaw.redappledigitalsolutions.com/auth/registerGet hashmaliciousUnknownBrowse
                                                            • 104.26.1.216
                                                            http://link.mail.beehiiv.com/ss/c/u001.6C5fb2jgNhK_7sih4vM3VdXQvrvE9q5c82BetVgY4Tn_3vzvYophOo2JT7xoV-WSpIvcZOkxKRXavgDLqT8WDs81Kxwhn4ndaTj0SIW8pbE34PI3c8z85y8KF4b-3ctNBArb85FAtL-FvZ40umZH9aQETjMP7rTEiG1euALUwnOXxEOVey2ATbLesbQR6xxXmVQHnmd4pAMEpmvli0DXS3xWhmye0azQAc3gRlzrGWVUMzqfQog2yJQHz6Mdmf6a4nCgejh2JKgdwU-dC7d7RpcWEcgULfqQmicxg_xKRYc1aJrR3j1E3jT9fZxZO7WhDsQCbeMl8Mpj69s5RbxkO_huRS08Z3pfl78-scr41jA/47y/YxEtkvUcQDyArHo9NWTE1A/h6/h001.EMfOFVR5jhkE5RSbP1E9Z3FDv6QlJukJxLDJqd6igsM#DB87@OFSOPTICS.COMGet hashmaliciousHTMLPhisherBrowse
                                                            • 104.18.69.40
                                                            SecuriteInfo.com.W32.Lokibot.N.gen.Eldorado.28246.8151.exeGet hashmaliciousLokibotBrowse
                                                            • 104.21.65.79
                                                            https://u45839844.ct.sendgrid.net/ls/click?upn=u001.DllELGnMN-2FgwhPuw-2Bw-2BNgnmCFrfnsrctB8UQDAzNXZjNxpXpR2XKCBH3KthzekeYjaQbAA5LVcSujhMLVBWSnb2uqKjideDrmtYjteyHbcY-3DVOSG_eH7kZOEBJckm0lbfavKeEjXQgDcXEoTs4hlXzovVib9ds-2F8T92pqONkaTjg8DIkzupCO8NGtXqlMZORh0VZrRebaYQDw-2F1cs5cZjQ3jKjnAbQSx6JHPZK1-2F-2Fim0iGhiJRpXS6CHLx2XY2QhyuOQPi1BQNckNSrlGnSo7tfNz-2FxLDU3SSyPj0JdUOc8e0dUZYwAsbzZEsHLw-2BsqGT9chBpfiKB7hSzPykCsWC3EnYNmGZXURKkY9cgFlX1wiFMuvEj1REXgr7jFKZfJeau8BuLIsBDEBB-2BSoYK-2BycEZ38w7bCu3IQro31ke-2FAq552arUSFCi2TKQJQbpRwV6wPpGIs8IoqSrpuMw1ckBevCdjFAGXvbVOwe-2B7ojm5NPUPfO28yeCN37VpJ6C-2Fy-2ByuFcAeHd0ltdClYFVsrlLry5vSoVoMBxOXyION2UWcfwbT1J08TpTRcrl2WJmakRx3o1eJ30Rj5nuZyBG3dTZU4osRARY4Ei-2Ba-2F78IkgHV6qqnFiCC00dgTWTaTSAFSz5SIHRu6ppjaFaGzM0I0-2FCIYXBT-2BRzqQZUh-2FAuxfn1vfL9Ofh8Ez-2Fh2cqCwHTWqaCiOUZX-2B7g-3D-3D#john@steinborn.comGet hashmaliciousHTMLPhisherBrowse
                                                            • 104.18.3.35
                                                            4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                            • 104.21.4.208
                                                            PXTCFXKM.exeGet hashmaliciousLummaCBrowse
                                                            • 188.114.97.3
                                                            CLOUDFLARENETUShttps://mfgvendor.feeco.com:8081/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://mfgvendor.feeco.com:8081/Get hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            https://rb.gy/ExNW8QGet hashmaliciousUnknownBrowse
                                                            • 188.114.96.3
                                                            securedoc_20240724T165428.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                            • 104.17.25.14
                                                            http://redapplelaw.redappledigitalsolutions.com/auth/registerGet hashmaliciousUnknownBrowse
                                                            • 104.26.1.216
                                                            http://link.mail.beehiiv.com/ss/c/u001.6C5fb2jgNhK_7sih4vM3VdXQvrvE9q5c82BetVgY4Tn_3vzvYophOo2JT7xoV-WSpIvcZOkxKRXavgDLqT8WDs81Kxwhn4ndaTj0SIW8pbE34PI3c8z85y8KF4b-3ctNBArb85FAtL-FvZ40umZH9aQETjMP7rTEiG1euALUwnOXxEOVey2ATbLesbQR6xxXmVQHnmd4pAMEpmvli0DXS3xWhmye0azQAc3gRlzrGWVUMzqfQog2yJQHz6Mdmf6a4nCgejh2JKgdwU-dC7d7RpcWEcgULfqQmicxg_xKRYc1aJrR3j1E3jT9fZxZO7WhDsQCbeMl8Mpj69s5RbxkO_huRS08Z3pfl78-scr41jA/47y/YxEtkvUcQDyArHo9NWTE1A/h6/h001.EMfOFVR5jhkE5RSbP1E9Z3FDv6QlJukJxLDJqd6igsM#DB87@OFSOPTICS.COMGet hashmaliciousHTMLPhisherBrowse
                                                            • 104.18.69.40
                                                            SecuriteInfo.com.W32.Lokibot.N.gen.Eldorado.28246.8151.exeGet hashmaliciousLokibotBrowse
                                                            • 104.21.65.79
                                                            https://u45839844.ct.sendgrid.net/ls/click?upn=u001.DllELGnMN-2FgwhPuw-2Bw-2BNgnmCFrfnsrctB8UQDAzNXZjNxpXpR2XKCBH3KthzekeYjaQbAA5LVcSujhMLVBWSnb2uqKjideDrmtYjteyHbcY-3DVOSG_eH7kZOEBJckm0lbfavKeEjXQgDcXEoTs4hlXzovVib9ds-2F8T92pqONkaTjg8DIkzupCO8NGtXqlMZORh0VZrRebaYQDw-2F1cs5cZjQ3jKjnAbQSx6JHPZK1-2F-2Fim0iGhiJRpXS6CHLx2XY2QhyuOQPi1BQNckNSrlGnSo7tfNz-2FxLDU3SSyPj0JdUOc8e0dUZYwAsbzZEsHLw-2BsqGT9chBpfiKB7hSzPykCsWC3EnYNmGZXURKkY9cgFlX1wiFMuvEj1REXgr7jFKZfJeau8BuLIsBDEBB-2BSoYK-2BycEZ38w7bCu3IQro31ke-2FAq552arUSFCi2TKQJQbpRwV6wPpGIs8IoqSrpuMw1ckBevCdjFAGXvbVOwe-2B7ojm5NPUPfO28yeCN37VpJ6C-2Fy-2ByuFcAeHd0ltdClYFVsrlLry5vSoVoMBxOXyION2UWcfwbT1J08TpTRcrl2WJmakRx3o1eJ30Rj5nuZyBG3dTZU4osRARY4Ei-2Ba-2F78IkgHV6qqnFiCC00dgTWTaTSAFSz5SIHRu6ppjaFaGzM0I0-2FCIYXBT-2BRzqQZUh-2FAuxfn1vfL9Ofh8Ez-2Fh2cqCwHTWqaCiOUZX-2B7g-3D-3D#john@steinborn.comGet hashmaliciousHTMLPhisherBrowse
                                                            • 104.18.3.35
                                                            4FE08CC381F8F4EA6E3D8E34FDDF094193CCBBCC1CAE7217F0233893B9C566A2.exeGet hashmaliciousBabadeda, BdaejecBrowse
                                                            • 104.21.4.208
                                                            PXTCFXKM.exeGet hashmaliciousLummaCBrowse
                                                            • 188.114.97.3
                                                            No context
                                                            No context
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):291
                                                            Entropy (8bit):5.194984952903849
                                                            Encrypted:false
                                                            SSDEEP:6:BMbU9PPIq2PCHhJ2nKuAl9OmbnIFUt84MbU9P9Zmw+4MbU9P+kwOCHhJ2nKuAl91:8wPIvBHAahFUt8Lw9/+Lw+56HAaSJ
                                                            MD5:FCEB4162656BB6517CFDC4F07D828EF7
                                                            SHA1:143DE2DEE8A0A0E227379B13F0B31673CA6AD35B
                                                            SHA-256:AA16222BD073F83C08F3318F8582FA4D1D733DC1A0F9A276E423C96973FA904F
                                                            SHA-512:09DAFDC92BD08E576053D8987D67183AF0A940316334FF6C6B009AE41E25560076D74607AE5C38BACF559C64A64322EA2CC82192FA62B2054E40D3D767421179
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:2024/07/24-11:04:44.583 b24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/24-11:04:44.587 b24 Recovering log #3.2024/07/24-11:04:44.588 b24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):291
                                                            Entropy (8bit):5.194984952903849
                                                            Encrypted:false
                                                            SSDEEP:6:BMbU9PPIq2PCHhJ2nKuAl9OmbnIFUt84MbU9P9Zmw+4MbU9P+kwOCHhJ2nKuAl91:8wPIvBHAahFUt8Lw9/+Lw+56HAaSJ
                                                            MD5:FCEB4162656BB6517CFDC4F07D828EF7
                                                            SHA1:143DE2DEE8A0A0E227379B13F0B31673CA6AD35B
                                                            SHA-256:AA16222BD073F83C08F3318F8582FA4D1D733DC1A0F9A276E423C96973FA904F
                                                            SHA-512:09DAFDC92BD08E576053D8987D67183AF0A940316334FF6C6B009AE41E25560076D74607AE5C38BACF559C64A64322EA2CC82192FA62B2054E40D3D767421179
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:2024/07/24-11:04:44.583 b24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/24-11:04:44.587 b24 Recovering log #3.2024/07/24-11:04:44.588 b24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):338
                                                            Entropy (8bit):5.150533770743598
                                                            Encrypted:false
                                                            SSDEEP:6:BMbU9PQDBZq2PCHhJ2nKuAl9Ombzo2jMGIFUt84MbU9PQDakZmw+4MbU9PQDqDkq:8wOBZvBHAa8uFUt8LwOH/+LwOQ56HAaU
                                                            MD5:391C5ADCEDF30C4FBF7C28C83779696D
                                                            SHA1:33C554A001DE40656B7633802A3E8E10955A0ED4
                                                            SHA-256:37BA06F77FBCCDCF97A9CA352E05FD0E2629294E094BD78E3068D67B62FD150D
                                                            SHA-512:EC2B814CD660C2C3C20741DBFA5E1A2C076F3858F5AD11C4C4F326EA78C4B889762ADFE0431E304D25A63A72254914955DA4404C786CDD62E449AA275DE9415D
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:2024/07/24-11:04:45.005 1cf4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/24-11:04:45.006 1cf4 Recovering log #3.2024/07/24-11:04:45.007 1cf4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):338
                                                            Entropy (8bit):5.150533770743598
                                                            Encrypted:false
                                                            SSDEEP:6:BMbU9PQDBZq2PCHhJ2nKuAl9Ombzo2jMGIFUt84MbU9PQDakZmw+4MbU9PQDqDkq:8wOBZvBHAa8uFUt8LwOH/+LwOQ56HAaU
                                                            MD5:391C5ADCEDF30C4FBF7C28C83779696D
                                                            SHA1:33C554A001DE40656B7633802A3E8E10955A0ED4
                                                            SHA-256:37BA06F77FBCCDCF97A9CA352E05FD0E2629294E094BD78E3068D67B62FD150D
                                                            SHA-512:EC2B814CD660C2C3C20741DBFA5E1A2C076F3858F5AD11C4C4F326EA78C4B889762ADFE0431E304D25A63A72254914955DA4404C786CDD62E449AA275DE9415D
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:2024/07/24-11:04:45.005 1cf4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/24-11:04:45.006 1cf4 Recovering log #3.2024/07/24-11:04:45.007 1cf4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:JSON data
                                                            Category:modified
                                                            Size (bytes):475
                                                            Entropy (8bit):4.950820601162769
                                                            Encrypted:false
                                                            SSDEEP:12:YH/um3RA8sq73WLSsBdOg2HXcaq3QYiub6P7E4TX:Y2sRdsgOdMHW3QYhbS7n7
                                                            MD5:8014877B787A776F104AC95863401AF7
                                                            SHA1:F5219C6DF5CF783CFB4D05899834075C38ECEDF5
                                                            SHA-256:A9BCC506AC97E91702D371E5C014B559A5191C7D60888EDEA93003A478761B13
                                                            SHA-512:39390313DA1E6D1D26853686E218B50C205D28B1B3592A5D7CE56CA1DA0933179ED71BDF6A0B31F115B708138BB183F53B863786373A1FCFD7E400CB426A9E7B
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13366393496554132","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":211821},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):475
                                                            Entropy (8bit):4.963247713778661
                                                            Encrypted:false
                                                            SSDEEP:12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4TX:Y2sRds9dMHX3QYhbS7n7
                                                            MD5:D46529E824E6E834D0D750C5560C136C
                                                            SHA1:E6597929E439E6AF24CE7249F0D303987F0760BF
                                                            SHA-256:818753A5C6D3C843FBA032CCB1B1681F6226C17B388A1E3052774B1DD8809C72
                                                            SHA-512:CE939B02393B7F46CE528527A40DCB56023CF6682B664D5685354CDA51388EE603FCAF018A428EFB08AD5800B68847F6F512B05F6D772E435507EE32BCEA0963
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341054937965898","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146333},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):475
                                                            Entropy (8bit):4.963247713778661
                                                            Encrypted:false
                                                            SSDEEP:12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4TX:Y2sRds9dMHX3QYhbS7n7
                                                            MD5:D46529E824E6E834D0D750C5560C136C
                                                            SHA1:E6597929E439E6AF24CE7249F0D303987F0760BF
                                                            SHA-256:818753A5C6D3C843FBA032CCB1B1681F6226C17B388A1E3052774B1DD8809C72
                                                            SHA-512:CE939B02393B7F46CE528527A40DCB56023CF6682B664D5685354CDA51388EE603FCAF018A428EFB08AD5800B68847F6F512B05F6D772E435507EE32BCEA0963
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341054937965898","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146333},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):475
                                                            Entropy (8bit):4.963247713778661
                                                            Encrypted:false
                                                            SSDEEP:12:YH/um3RA8sqRYSsBdOg2HEcaq3QYiub6P7E4TX:Y2sRds9dMHX3QYhbS7n7
                                                            MD5:D46529E824E6E834D0D750C5560C136C
                                                            SHA1:E6597929E439E6AF24CE7249F0D303987F0760BF
                                                            SHA-256:818753A5C6D3C843FBA032CCB1B1681F6226C17B388A1E3052774B1DD8809C72
                                                            SHA-512:CE939B02393B7F46CE528527A40DCB56023CF6682B664D5685354CDA51388EE603FCAF018A428EFB08AD5800B68847F6F512B05F6D772E435507EE32BCEA0963
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341054937965898","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146333},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):4288
                                                            Entropy (8bit):5.223676952417631
                                                            Encrypted:false
                                                            SSDEEP:96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+bzFo6lZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+bzFT
                                                            MD5:8DC3DCFBA7A8688A01C194483D8819F8
                                                            SHA1:B61AE94E5E72ADCC7729450100450B29C2AD2D14
                                                            SHA-256:323FB26FBD1CD15632CC083585421918B7ACC844E6118ECD96043DE597247A62
                                                            SHA-512:581FC0255CECA00BF99E2B28BA386A08838007D60CB7D11276127E9AB51D994ECAFCC2F0B45E29B03CB00653E133CFD337C5D0D6BF6964842032FCA88D60CD43
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:*...#................version.1..namespace-8..|o................next-map-id.1.Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/.0...dr................next-map-id.2.Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.2.$..o................next-map-id.4.Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/.3+...^...............Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/....^...............Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/T.3.a...............Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.U..a...............Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.$..o................next-map-id.5.Pnamespace-c66013b9_73b6_4b3f_b279_
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):326
                                                            Entropy (8bit):5.1514197664309975
                                                            Encrypted:false
                                                            SSDEEP:6:BMbU9PQ4FOq2PCHhJ2nKuAl9OmbzNMxIFUt84MbU9PQexZmw+4MbU9PQerkwOCHS:8wBFOvBHAa8jFUt8LwF/+LwX56HAa84J
                                                            MD5:BC44B26400D61CAB5D1547DB87CC0DEF
                                                            SHA1:B82D5A77F2A15B9D44D55BEA4B6531557A120C42
                                                            SHA-256:2131A009EB3588AF10D1994DB298294F8DD080DEB859C1B1F2F3C92684700121
                                                            SHA-512:D3FCB6537043AF57D82275567A1B2A81DCA8AB6874A8C557564C72B21EF5971A3C9F85C9B94FEE324D838FE7DE99E96027228D85506F44B377EAD3BC9AFF572A
                                                            Malicious:false
                                                            Preview:2024/07/24-11:04:45.210 1cf4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/24-11:04:45.212 1cf4 Recovering log #3.2024/07/24-11:04:45.212 1cf4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):326
                                                            Entropy (8bit):5.1514197664309975
                                                            Encrypted:false
                                                            SSDEEP:6:BMbU9PQ4FOq2PCHhJ2nKuAl9OmbzNMxIFUt84MbU9PQexZmw+4MbU9PQerkwOCHS:8wBFOvBHAa8jFUt8LwF/+LwX56HAa84J
                                                            MD5:BC44B26400D61CAB5D1547DB87CC0DEF
                                                            SHA1:B82D5A77F2A15B9D44D55BEA4B6531557A120C42
                                                            SHA-256:2131A009EB3588AF10D1994DB298294F8DD080DEB859C1B1F2F3C92684700121
                                                            SHA-512:D3FCB6537043AF57D82275567A1B2A81DCA8AB6874A8C557564C72B21EF5971A3C9F85C9B94FEE324D838FE7DE99E96027228D85506F44B377EAD3BC9AFF572A
                                                            Malicious:false
                                                            Preview:2024/07/24-11:04:45.210 1cf4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/24-11:04:45.212 1cf4 Recovering log #3.2024/07/24-11:04:45.212 1cf4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                            Category:dropped
                                                            Size (bytes):65110
                                                            Entropy (8bit):2.548278243490016
                                                            Encrypted:false
                                                            SSDEEP:384:PBrVhBW+a5DwlJHvzt6maO8YcihIDYNRv6o6CDQxJO1r31:PIgVt6maZ2IclSJarl
                                                            MD5:CEC69891250A20C83CCDD68C920FF206
                                                            SHA1:8FB15A3D1B7169CF8BAAA8A48A9589044EBE4777
                                                            SHA-256:7B4757F98081083D28BB6A9C021C0D73FD07F192388F91FFFC8207A5BC7514F9
                                                            SHA-512:20617EF8C405C2DB22535B8C12C72A798018B02BA140B32541BD2FE9C61016B75AB0EA1BD7C0F51D4D27B59B269DEC31DB52395B85800921C3A2625A2A35B22C
                                                            Malicious:false
                                                            Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 3
                                                            Category:dropped
                                                            Size (bytes):57344
                                                            Entropy (8bit):3.293454869125551
                                                            Encrypted:false
                                                            SSDEEP:192:/edRBYVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:/emci5H5FY+EUUUTTcHqFzqFP
                                                            MD5:18AFEF715E0F1A2ADD2E03A2D9CBC99A
                                                            SHA1:7966739E08FB5537942B5D0864B6ED45889CD319
                                                            SHA-256:AF65D610FA92D80F743F9DF8DD77B90D2547DDBA5C88D397BBFC9301E22C9ADF
                                                            SHA-512:7D7531077865BEBBE64FAE0C7B712824E6E662C36636BFF4F3154D5F1730D048605BCF8696E176356B1975FF33755C2A607C6266F77C4067135BB71C7F175808
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:SQLite Rollback Journal
                                                            Category:dropped
                                                            Size (bytes):8720
                                                            Entropy (8bit):2.2013210499787954
                                                            Encrypted:false
                                                            SSDEEP:24:7+t9H6MEWewKwqLazkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmv:7MxUwqemFTIF3XmHjBoGGR+jMz+Lhf
                                                            MD5:87F74AB536486748D2B537A3021415C3
                                                            SHA1:3436768C26609C3B344BB450619099EACBADAB86
                                                            SHA-256:97BB6370E31AE680F120C9A74A25114744D1522D588FDC822193D2795952BE9A
                                                            SHA-512:20D7382A2BA376A247BE2414EAECE8609F7C7BEF0B654BDE1E777265EA96B895CE5BF206C4B4C443FFE237E8D9DD3487B04B4819A3061FAABB4067DD35BBF58F
                                                            Malicious:false
                                                            Preview:.... .c....../.b........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                            Category:dropped
                                                            Size (bytes):71954
                                                            Entropy (8bit):7.996617769952133
                                                            Encrypted:true
                                                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                            Malicious:false
                                                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):893
                                                            Entropy (8bit):7.366016576663508
                                                            Encrypted:false
                                                            SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
                                                            MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                                                            SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                                                            SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                                                            SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                                                            Malicious:false
                                                            Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:data
                                                            Category:modified
                                                            Size (bytes):328
                                                            Entropy (8bit):3.1356875516282012
                                                            Encrypted:false
                                                            SSDEEP:6:kKe9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:5DnLNkPlE99SNxAhUe/3
                                                            MD5:DDA2141799A9CA3F76A6190DE001F2E0
                                                            SHA1:C75CFCEA1B851821B13F639BEB8A6A2A5159BE2C
                                                            SHA-256:8207EC61C7DFDA902ABB0CF8A422D880F83FA05A4318F25BCF5FF298BC6B7940
                                                            SHA-512:FE1FCD4DB31E71BA144485D8808D9B27AAB01767FABE6097329C4788E990057315C44AC24BB02FC9C75BC17F5B1583C0EE2A316117FCE8838E479D2C68EA758D
                                                            Malicious:false
                                                            Preview:p...... ........C.......(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):252
                                                            Entropy (8bit):3.026467887142631
                                                            Encrypted:false
                                                            SSDEEP:3:kkFklndfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnklG3:kKotxliBAIdQZV7I7kc3
                                                            MD5:A114ACBB48BFAEA96B35FEDDA6802D69
                                                            SHA1:AA5C37018883A5E803831E35446F569B497BEAA9
                                                            SHA-256:FCE5DD75597F6E0617B6D5A93DB398315000FDEDE40D4E62F64CB29EF9263CE6
                                                            SHA-512:ED28D7777A69E4C959DEF7304D051E4CD243025D614351208BC821064583D9866AD3C258772633D9BE065F5F6F5CC52886B6B9285B04B5BF1A3770F93ED681EF
                                                            Malicious:false
                                                            Preview:p...... ....`.....l.....(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):295
                                                            Entropy (8bit):5.3381311588276175
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXomQGpHNYvB3/dVlPIHAR0YMV5QgRTTJqoAvJM3g98kUwPeUkwRe9:YvXKXZQGHYvR/ZwHAIV5QgRfJZGMbLUU
                                                            MD5:DD0637097128034321E09DF752E8D134
                                                            SHA1:6FB42F8C7C9000C30748A7854D63D711A58211A7
                                                            SHA-256:B68A6ECCE8157FCD311EDD4DCD56A6568C1B8C04787144F1A39A0385C46E7794
                                                            SHA-512:D8EB2C3331DE56D52F82431D70DD39BF6A5B8C6FBF3BEEB1BE0AB097410D13985D68CFFFA59A63F91738B3A96CB6E4672A8C02EFD9BE02B263432CDD20120397
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):294
                                                            Entropy (8bit):5.275837109243188
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXomQGpHNYvB3/dVlPIHAR0YMV5QgRTTJqoAvJfBoTfXpnrPeUkwRe9:YvXKXZQGHYvR/ZwHAIV5QgRfJZGWTfX0
                                                            MD5:18E454EF8145751F5C5E8B4C3CE90164
                                                            SHA1:00D3200827051EC902B81EE89192AE065B5F2BCD
                                                            SHA-256:33024A5220578280C85C6DA7836A036A77403DAC821AA5343BA20592F7BECDBE
                                                            SHA-512:6293B01809EC1C1964F8598ACC93E9E27338A2CB247571D8045AE66CD36CCFFB3CBD1DFF03D2A2330A60BBD54A58EA94171E2800266103F045A4415968548124
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):294
                                                            Entropy (8bit):5.253309358446816
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXomQGpHNYvB3/dVlPIHAR0YMV5QgRTTJqoAvJfBD2G6UpnrPeUkwRe9:YvXKXZQGHYvR/ZwHAIV5QgRfJZGR22cZ
                                                            MD5:81C07AEDEBBEEA92115008970099A58E
                                                            SHA1:73FB6668A66589E6C3011310F99A279548199186
                                                            SHA-256:2BE79E4E2B9A98FC2FD668A211AB3D3AD5CF08F7196C3CEC15D55A1C8D7D48DA
                                                            SHA-512:1A9637943B0C30EBF71F77160E25C326987AAC4672396CE2EF408C28BAF19A0816D67D8769B6389A458FEFEC3214BC8D0630D3E9867E11BD7C55532ACC2A1628
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):285
                                                            Entropy (8bit):5.3141943640574905
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXomQGpHNYvB3/dVlPIHAR0YMV5QgRTTJqoAvJfPmwrPeUkwRe9:YvXKXZQGHYvR/ZwHAIV5QgRfJZGH56UU
                                                            MD5:EF7B2A23C4B44068E357273BF05AE6E2
                                                            SHA1:0CEF84F774BF804EBB6892911503B2F25B0A2F08
                                                            SHA-256:01881B8C6B2372AF9CCDFF486D9F4E76FF09F909057B627A44B81B931AA95AB1
                                                            SHA-512:32493EEC2BD66CF18ABC26AF40258E557268FCA635F2509FF18C1F767020E41F881DBA2D666CDA3285E879320DBDF39934DD3C9A0DAFEBAFD3C0C6C8B2E37061
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):1063
                                                            Entropy (8bit):5.665429721705713
                                                            Encrypted:false
                                                            SSDEEP:24:Yv6XZsJhS5EpLgEFqciGennl0RCmK8czOCY4w28:YvfJhS2hgLtaAh8cvYvf
                                                            MD5:FAEB622BB6F2107790120C6CD18F56EE
                                                            SHA1:6465C5DE61C03308670BD82C93B1D3A29BB421A9
                                                            SHA-256:25DB4042C518D524560C2BA76B210BE2C16C3C9A38B51C6B1DE4C2521DCEA144
                                                            SHA-512:35C70B8AAB624965B2FD59ABB47349870EECD14DFB741A68D49AAAE98227AE421156F435D693F2D683F34AA840EB6322E0527A9640D5A9BDC0B34F75E01C7A55
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):1050
                                                            Entropy (8bit):5.652537619879126
                                                            Encrypted:false
                                                            SSDEEP:24:Yv6XZsJhS5eVLgEF0c7sbnl0RCmK8czOCYHflEpwiV8:YvfJhSAFg6sGAh8cvYHWpwF
                                                            MD5:C171C07E6109AD2B9ECB6B021F7F2205
                                                            SHA1:96968ABE0B2E5C6FD4C3A0BD95C88E56FF003AF2
                                                            SHA-256:AB1B068ED35EF6A831BA326F915308F8AFA8EE8F47F03252D1BBDE01A5E723BC
                                                            SHA-512:D5C2FB051DA2D4CA2591B8A02FF3C13D31E376D8E01AFAFD6757D8B229277F797927CBD31ADB076F553CA47F1E62CC2C92D5F54601DF1C9A197C05846A834949
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):292
                                                            Entropy (8bit):5.262671615402571
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXomQGpHNYvB3/dVlPIHAR0YMV5QgRTTJqoAvJfQ1rPeUkwRe9:YvXKXZQGHYvR/ZwHAIV5QgRfJZGY16UU
                                                            MD5:3820A5B9D3611178A0B74D21ABC7F79A
                                                            SHA1:D6BFB089737765524C9D70370F3FC3B0CEFCCB70
                                                            SHA-256:7D0DC858C8BA55BD66FFCA6D28D996C6F88F76483676207A703419C134ED1428
                                                            SHA-512:BF7F0BF5011A7E72130847FF5133FF564A5E5A3B7023843AC394ABE597A25199013AEA4048CCA1B4649EAD96E51E875BB85499C57A52FD24825721A33805FAC5
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):1038
                                                            Entropy (8bit):5.64933855636431
                                                            Encrypted:false
                                                            SSDEEP:24:Yv6XZsJhS5r2LgEF7cciAXs0nl0RCmK8czOCAPtciB8:YvfJhSlogc8hAh8cvAy
                                                            MD5:DB44E94E764A171FC7BF06DBE819F6AD
                                                            SHA1:B25595EC1C579BEDD86065C37F56EDF21F184626
                                                            SHA-256:051E1BC58C874654668322370D15AE6B6720EE11BD5DD0CAFB6FCEFCBB309B75
                                                            SHA-512:1BFB67FC8F092117B34E7D47EA9CC2F0DA6F7D4A36CBFB1E754BC378F45963B27EFBD1F940A46D597E86A19C2E2C35AC9895BF19E5CFF9B03B1237487966F2E4
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):1164
                                                            Entropy (8bit):5.7004915182437275
                                                            Encrypted:false
                                                            SSDEEP:24:Yv6XZsJhS5nKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK58:YvfJhSNEgqprtrS5OZjSlwTmAfSKe
                                                            MD5:87C1C6986EF58E55EBCA45ABCF4591D5
                                                            SHA1:239E79C5953CF60E5BA42C52766373832943A279
                                                            SHA-256:C6254CE57611D5F475ADCE8CAC22CCE7DD284A016CE82C46DCBBF804F88569AD
                                                            SHA-512:3CDCEE3FBB97C6E48E0CF67E724BBD69137A05AC8EEF9349579B54B9B711DC4E16BF734C669936CA0F915E9EB224A61E02FD888F64C351B12CE3926A8B0ED0F8
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):289
                                                            Entropy (8bit):5.273938930208446
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXomQGpHNYvB3/dVlPIHAR0YMV5QgRTTJqoAvJfYdPeUkwRe9:YvXKXZQGHYvR/ZwHAIV5QgRfJZGg8Uk3
                                                            MD5:7BA99AD5EFEB2ACAEB1013192A11E1DE
                                                            SHA1:81B7A4CD6A2F9DBA512A8F269AEBE05C0D7CFC3A
                                                            SHA-256:18614B0DC6F33FF98E7F459286B48A3302FAFD4741F33E3466C3C5139C5A3F5F
                                                            SHA-512:C3E423A4593E31C197B9F6C71B8630D4EBA3C9B03CE0D9F3BD51E7A3522B7D8FDDC7ADAF8BB3C636871C8FBB7B9B1A1364808C5472AB12B0D5A20AC0F25BBF0E
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):1395
                                                            Entropy (8bit):5.774159650017709
                                                            Encrypted:false
                                                            SSDEEP:24:Yv6XZsJhS56rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNE:YvfJhSQHgDv3W2aYQfgB5OUupHrQ9FJe
                                                            MD5:C0B34C9CC27DE79D11314172F16A37EA
                                                            SHA1:389B4804E2146928C4EF642D51F22743D4BAC062
                                                            SHA-256:E39B701B123823B27384F364E055E80BF71BCA10FCA1F6A3F5492D3FC285C1EB
                                                            SHA-512:4153F91B4059B13D20EEC2D80D4B6AB114EE870523E4351222B30076876A94B7B2DA06929221E2BCE464DBD04FBCC948D910FA4BDFB05B85420DD7C46C3832A3
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):291
                                                            Entropy (8bit):5.257665141764037
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXomQGpHNYvB3/dVlPIHAR0YMV5QgRTTJqoAvJfbPtdPeUkwRe9:YvXKXZQGHYvR/ZwHAIV5QgRfJZGDV8UU
                                                            MD5:170A6336C12D44138086B4B094A28E5D
                                                            SHA1:CD37B7A1BE03683117FECE37146344AB688DA76C
                                                            SHA-256:FB7ED854A95CB553F29F88295D88C0A61EF6594262B9C2D8230426D878DA13F1
                                                            SHA-512:320B2985ADFF7466A076C38F6FA8DA33183C97404CB18B6C57E8339EA4179359AE76E57B2BEB654EDD7E9CDE0691E6CF2220E3ADF7FAC3A564CB7AAB67E24E81
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):287
                                                            Entropy (8bit):5.256032986269743
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXomQGpHNYvB3/dVlPIHAR0YMV5QgRTTJqoAvJf21rPeUkwRe9:YvXKXZQGHYvR/ZwHAIV5QgRfJZG+16UU
                                                            MD5:34FAD73C166660400CAF81825D11BBBC
                                                            SHA1:BA963418AFF70353C7FDDF3543EF0343FC72EB07
                                                            SHA-256:B58ABF3853EF5F4965797A905D32FA21756577559DA106BA4B325F002C1B3EAB
                                                            SHA-512:A26B9219D0361D48AA76FFDA1360C515084D63887CE54511409F72AB60CF66D846DEC4279AB3F01802E609AE4B94AE83A3234CED23974EFD00C783C4E10A4923
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):1058
                                                            Entropy (8bit):5.653108357224689
                                                            Encrypted:false
                                                            SSDEEP:24:Yv6XZsJhS5gamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8B8:YvfJhSkBguOAh8cv+NK3
                                                            MD5:3B5F896D42AB6EE4C8D40750C19FB078
                                                            SHA1:9D3D206B55A1F21963BA926D5CB3D815E65E0DF9
                                                            SHA-256:DCC65D59D6C4126CCAFC3E73E0E4D7F0B6496AAAE458CA3D4ED794122C8CF05F
                                                            SHA-512:3BB330955422100593CEE8A8E54C42600D2384EB70A1F5E41B259FEDD23289FFFC92694D518E40CF4B7E65236A5584B847811196518BAF46B1BAF553774F67A8
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):286
                                                            Entropy (8bit):5.231580445005139
                                                            Encrypted:false
                                                            SSDEEP:6:YEQXJ2HXomQGpHNYvB3/dVlPIHAR0YMV5QgRTTJqoAvJfshHHrPeUkwRe9:YvXKXZQGHYvR/ZwHAIV5QgRfJZGUUUk3
                                                            MD5:442223294F3F4584C2ECAE0EEDFF6982
                                                            SHA1:D720F9F80AD886760988EF8A2FE6AE7D2B62CAF9
                                                            SHA-256:186E510FDEA8B8753AEBBDAE11BB60A41FA2836C0DE8EA3AB909CDCCFA9863AC
                                                            SHA-512:F4FF25CF8939FD7F215F8A42214009D4256D73C72DB189835244FF2F9D847A6F83A4F4DB9B2C2DAA67006FF211C2647A4BFE6EA7B870EBF7BCB14C8FD78F214F
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):782
                                                            Entropy (8bit):5.362671528628384
                                                            Encrypted:false
                                                            SSDEEP:12:YvXKXZQGHYvR/ZwHAIV5QgRfJZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6E:Yv6XZsJhS5P168CgEXX5kcIfANhF
                                                            MD5:BC5AAD481FC1EACF04586BB6444375AC
                                                            SHA1:7B82FB7A1442FC94088ED033DED9DC978E03D192
                                                            SHA-256:1BC1029E28FCDFD5E54003F62822E06D12F4BE15AC49764DB4131CC2844B1323
                                                            SHA-512:31EE9A21F29795335A4D10BDAE01BF8E09F6DD81F838751F958E3DAE9028BA2C82D90867926CF537D443343F514A76D23AACECFC5E40CB7107AB76472D5BC278
                                                            Malicious:false
                                                            Preview:{"analyticsData":{"responseGUID":"338e8859-c359-4200-ab60-907967ccd87c","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1722006594466,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1721833494506}}}}
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):4
                                                            Entropy (8bit):0.8112781244591328
                                                            Encrypted:false
                                                            SSDEEP:3:e:e
                                                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                            Malicious:false
                                                            Preview:....
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:JSON data
                                                            Category:dropped
                                                            Size (bytes):2818
                                                            Entropy (8bit):5.143724924314406
                                                            Encrypted:false
                                                            SSDEEP:48:YPKC2BkYc8TDD8P9unFEmxYuFyqplI9gt:hC1YRTDD+9gFEmCuoamgt
                                                            MD5:63C6AB5DE66D6E81E4A16D1414E53DAA
                                                            SHA1:4A6B8965CA303B13E3A18B46288051161C8A57F0
                                                            SHA-256:E621DF546A36C644D83FE3653D568A8ECDA4F07211DDE1646F1A2F14000BCE16
                                                            SHA-512:33FC4C90E2FEC2161E8097511A75FBDCCE41FE0545A88B02A46E73962FEF511E75A5F8F453DFEA07D4B0DE7596BB6E22BD0D46E2F84E441FC5359B4F14214527
                                                            Malicious:false
                                                            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"564e4d3062f1b232c5955bd81df33dc9","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1721833494000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"2e85fa0d9bb89af2ea927f2d2251321d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1721833494000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"d21520ce5995b573cd30af7a9caa0bd6","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1721833494000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"e9ca4cfc223d8a4b02167ac94781459e","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1721833494000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"56b5e91c32924deb4d7f604ad8f9b4ab","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1721833494000},{"id":"Edit_InApp_Aug2020","info":{"dg":"d70bf2a67a838bfb525773841f7ed5ee","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                            Category:dropped
                                                            Size (bytes):12288
                                                            Entropy (8bit):1.3180044682226384
                                                            Encrypted:false
                                                            SSDEEP:48:TGufl2GL7ms9WR1CPmPbPahA5xypilIW5h:lNVms9WfMwbPahAD1P
                                                            MD5:173437396526539B498AF7618F9096FE
                                                            SHA1:3FE018C27E60C0705CE90F66ACC0DC7E67372DAB
                                                            SHA-256:0B4FD3115E995EFDD2AE56644BBA94070F84B12CFC8219A1C468032B1D2E9338
                                                            SHA-512:5E2EBF13F8D1221EDE4AE8D40E8F1A6B0DC84FC1C58695629884B33BE44DC0E60CA7C2E10396AAA03363AE197A759F559DFE511EEFD2CE1D0745D8FCFD78C666
                                                            Malicious:false
                                                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:SQLite Rollback Journal
                                                            Category:dropped
                                                            Size (bytes):8720
                                                            Entropy (8bit):1.781191498619183
                                                            Encrypted:false
                                                            SSDEEP:48:7Mt9WR1CPmPbPahA5UypilIKqFl2GL7ms+:7CWfMwbPahACXKVms+
                                                            MD5:9835990311215784AF0F0AFD27E10360
                                                            SHA1:0A7C6B104C28BB015BB57B8B29F5F8CFAF166816
                                                            SHA-256:595E9C4B2F362557D1E1F7986EAEA64C81D34A9603A3DC30119137CA59C1776C
                                                            SHA-512:1E5F82DD58911FBFBE8EAB3BAA2988BEE22C1CD671D537233B06B84D601986D34F7166DD88B23F2DEC26340E68A2564C8D43355AB1CDBBDAC9C01B71FB12D05C
                                                            Malicious:false
                                                            Preview:.... .c........5..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):246
                                                            Entropy (8bit):3.505069684106714
                                                            Encrypted:false
                                                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cVaoCH:Qw946cPbiOxDlbYnuRKHVdCH
                                                            MD5:35D995528B37BD212F96BDE5B1BF369D
                                                            SHA1:A62D2DFAA764EDBCCCFBFC9723ADB2A3A3571AD3
                                                            SHA-256:0E1A88AECF0E14365D915A292FD0DA949F3572DC4A2DF4B8433220938C753BF2
                                                            SHA-512:80988B67C7EEC3A807C9D2CE2F4692EADD6F9310055AD6756FB735AC6B985EA09357F15749D2188334CC1F5CF67FFFD76CA3BE9315634C35E48B40BA1DF15109
                                                            Malicious:false
                                                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.7./.2.0.2.4. . .1.1.:.0.4.:.5.2. .=.=.=.....
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
                                                            Category:dropped
                                                            Size (bytes):94208
                                                            Entropy (8bit):7.9921187121888275
                                                            Encrypted:true
                                                            SSDEEP:1536:uswQiIe3S/CGuM4ft5itfIQUL8aufqIpLKb3asbPc9QhtzC02G1Vwc8VWDIU6C/I:uswQeDPMQviqN8xfRmKMPcSnWlG1SS7O
                                                            MD5:BCA6634BCCA7945F9493579D5E61FD44
                                                            SHA1:4CB0F9586FBB7EB3D3340373404C7A1ADEE8A2D9
                                                            SHA-256:3249ED4DC27E0110CA2A8E446CCA0FCDF4D5E7CAEBA505F3CAD7C9210ADC361B
                                                            SHA-512:D6E4D7FFBEBD6C564DBAC01047B189876201EA6A8E1096AEBF7108509AA26D92BE1EF25273F21C5185ABC466CA0A362FD934F1EC57F2A6CD1DA835767D264451
                                                            Malicious:false
                                                            Preview:PK........,C.X...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........>.X..lz............message.xml.]Ys..~...r..S.c...-.K....v.Y.KEK...E.H*.......Z(...V.N.... ..p.s....(...$...o..=:.D..A.....w.....#....8..4;nGq.<.}?.>.#?.........,.Bq..G..v08....G.=.i.....~..Q.......4.....h...`............Z... ..~(.X.g.>..;8=...7.x.G.....v.{..^.y}s...#u+.. ...s.$.2.._t...Gyuz....x...&gO..8..$.hp#.W.@..V...x.OW.c.........."S.x...>.Y....L..1..I<..vL.{$......#.i...7X\l....S..^..?.)..9tX..V.=.3qL.a...b.Bv.....X|..O. y.5u.19...d..}{..q.d..p}......)..l..r.fk..<..v..(..o......-.f_....h..e ......Z....K.;Ka..cB<....:..x.(...v{(..!@.Z...Bg.n.<..PD.".+..0.A..5.Y...x....9.]..........d.2.h......<.j........~.+.g...8r.....].lS.9..RX@.;..........9.....8.A.......?tq....&....0..t..]...aW.....<.....Ka.=XO..C........~.F3.+.b..Y.\.,..Cq6.n..8..b`..b..{.8.......2o.S.J3U.bx;S..L..Y..L.v..LU.g....%..0U...*..\...P>...Q..e..p0#yKN.H.Br..Nh r..D..?..Vuh..q)o.D.]#h.M.A
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
                                                            Category:dropped
                                                            Size (bytes):127214
                                                            Entropy (8bit):7.992938944970855
                                                            Encrypted:true
                                                            SSDEEP:3072:uswQeDPMQviqN8xfRmKMPcSnWlG1SS7Zqc6DOR44IxtUsi5:uswtPMMrSx+0SWlG1SSO6cYsi
                                                            MD5:997CE5ED3633E8FF84C2F7D1F0E48E53
                                                            SHA1:D22617BDF6D8DCE13E5FCBE9BDD57A812EE1E237
                                                            SHA-256:E06C221FB5B43F5A25220D326EB501573C2E0CC9FBB31007BF79054B6F613907
                                                            SHA-512:CE187CD9CE4CAC28B91CD0B090A70B15E28BC59BE0CC2A1E58F4257ACBAD5C05B40D7E1ECC8F16B626BC51AFE6817E524A4326F09C3FBA85637285EA1F3291D8
                                                            Malicious:false
                                                            Preview:PK........,C.X...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........>.X..lz............message.xml.]Ys..~...r..S.c...-.K....v.Y.KEK...E.H*.......Z(...V.N.... ..p.s....(...$...o..=:.D..A.....w.....#....8..4;nGq.<.}?.>.#?.........,.Bq..G..v08....G.=.i.....~..Q.......4.....h...`............Z... ..~(.X.g.>..;8=...7.x.G.....v.{..^.y}s...#u+.. ...s.$.2.._t...Gyuz....x...&gO..8..$.hp#.W.@..V...x.OW.c.........."S.x...>.Y....L..1..I<..vL.{$......#.i...7X\l....S..^..?.)..9tX..V.=.3qL.a...b.Bv.....X|..O. y.5u.19...d..}{..q.d..p}......)..l..r.fk..<..v..(..o......-.f_....h..e ......Z....K.;Ka..cB<....:..x.(...v{(..!@.Z...Bg.n.<..PD.".+..0.A..5.Y...x....9.]..........d.2.h......<.j........~.+.g...8r.....].lS.9..RX@.;..........9.....8.A.......?tq....&....0..t..]...aW.....<.....Ka.=XO..C........~.F3.+.b..Y.\.,..Cq6.n..8..b`..b..{.8.......2o.S.J3U.bx;S..L..Y..L.v..LU.g....%..0U...*..\...P>...Q..e..p0#yKN.H.Br..Nh r..D..?..Vuh..q)o.D.]#h.M.A
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:ASCII text, with very long lines (393)
                                                            Category:dropped
                                                            Size (bytes):16525
                                                            Entropy (8bit):5.33860678500249
                                                            Encrypted:false
                                                            SSDEEP:384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B
                                                            MD5:C3FEDB046D1699616E22C50131AAF109
                                                            SHA1:C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D
                                                            SHA-256:EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD
                                                            SHA-512:845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185
                                                            Malicious:false
                                                            Preview:SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:080+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig:
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):15114
                                                            Entropy (8bit):5.347226814786363
                                                            Encrypted:false
                                                            SSDEEP:384:fQKxiQPBenqo5dbX4tud8ulIkXy9ibnxs3+qcYMRPzoLpoGV1WxM3E3u7KYSZYQY:Juq
                                                            MD5:C64593522FFB1B43A5DC5B48FDD16692
                                                            SHA1:377C631E4485FE5A4F97E0C37137DA730643B367
                                                            SHA-256:9D56583DEB2A86EB99E33C7FBFF681D761159C5030A4EA247C124B47CE0910A6
                                                            SHA-512:454E677B9CD078D300A458A68F0E8D49CC787E77EA0B5D80BB0805B009F7B4157DAD7F3F1108C2FC470E3D39A7D45462FCD1D47A45275CA9378F7260ECA9F99E
                                                            Malicious:false
                                                            Preview:SessionID=e2ea2b66-f587-45eb-ad8a-bfa4b00bf85e.1721833486779 Timestamp=2024-07-24T11:04:46:779-0400 ThreadID=3780 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=e2ea2b66-f587-45eb-ad8a-bfa4b00bf85e.1721833486779 Timestamp=2024-07-24T11:04:46:780-0400 ThreadID=3780 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=e2ea2b66-f587-45eb-ad8a-bfa4b00bf85e.1721833486779 Timestamp=2024-07-24T11:04:46:780-0400 ThreadID=3780 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=e2ea2b66-f587-45eb-ad8a-bfa4b00bf85e.1721833486779 Timestamp=2024-07-24T11:04:46:780-0400 ThreadID=3780 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=e2ea2b66-f587-45eb-ad8a-bfa4b00bf85e.1721833486779 Timestamp=2024-07-24T11:04:46:780-0400 ThreadID=3780 Component=ngl-lib_NglAppLib Description="SetConf
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):29752
                                                            Entropy (8bit):5.412895718107171
                                                            Encrypted:false
                                                            SSDEEP:192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cbgcbjwIlAUEcmKKUfBcb0yt:ceo4+rsC7tlAUEcmKKUf5yt
                                                            MD5:A376BF68DDDD4085E30C3CF47CF7E2E7
                                                            SHA1:C129AD0BF2CF4CB07B904F4D3FC3DEC9928931D7
                                                            SHA-256:27EF60148E1AC351325057EB5F7B734F2A96CDB0559AC683C5AFD4DF22F53DDD
                                                            SHA-512:EE2F2A151CDBD123697B63FAE2CDF70F4F9453050CBB5999012BE0DB775FDE0EDBFFDE9D263BDE400DE524217A07CF1B92531C0C0EE9980E8874B7864CD188ED
                                                            Malicious:false
                                                            Preview:05-10-2023 10:18:29:.---2---..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:18:29:.Closing File..05-10-
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                            Category:dropped
                                                            Size (bytes):386528
                                                            Entropy (8bit):7.9736851559892425
                                                            Encrypted:false
                                                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                            Malicious:false
                                                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                            Category:dropped
                                                            Size (bytes):1419751
                                                            Entropy (8bit):7.976496077007677
                                                            Encrypted:false
                                                            SSDEEP:24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
                                                            MD5:95F182500FC92778102336D2D5AADCC8
                                                            SHA1:BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
                                                            SHA-256:9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
                                                            SHA-512:D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
                                                            Malicious:false
                                                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                            Category:dropped
                                                            Size (bytes):758601
                                                            Entropy (8bit):7.98639316555857
                                                            Encrypted:false
                                                            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                            MD5:3A49135134665364308390AC398006F1
                                                            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                            Malicious:false
                                                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
                                                            Category:dropped
                                                            Size (bytes):1407294
                                                            Entropy (8bit):7.97605879016224
                                                            Encrypted:false
                                                            SSDEEP:24576:/VHdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZIeYIGNPJF:tX3mlind9i4ufFXpAXkrfUs0qWLxXGZG
                                                            MD5:859904F9B5855C57DC2A016C7CF5F05E
                                                            SHA1:DE82DF064FA9CB606D757EC757F09F46506EF055
                                                            SHA-256:A58DB05CD68DE9DFD4D97112FECAC31D550742FC277D01B11A392C1AF1C2FAF6
                                                            SHA-512:14C2D968A5538A0941545C9DEFF6285759E2BFB6C71D13A8FECF5A6683805A50C7B16F2B5FCBC51384C286E571CE9779C93711A8BC3F99EA8A284BE255C1D811
                                                            Malicious:false
                                                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):24
                                                            Entropy (8bit):3.66829583405449
                                                            Encrypted:false
                                                            SSDEEP:3:So6FwHn:So6FwHn
                                                            MD5:DD4A3BD8B9FF61628346391EA9987E1D
                                                            SHA1:474076C122CACAAF112469FC62976BB69187AA2B
                                                            SHA-256:7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
                                                            SHA-512:FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
                                                            Malicious:false
                                                            Preview:<</Settings [/c <<>>].>>
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):85893
                                                            Entropy (8bit):6.4285188239971465
                                                            Encrypted:false
                                                            SSDEEP:1536:Lh3s60i02RwxwFnZNt0zfIagnbSLDII+DY:LVs/i0C4IZN+gbE8pDY
                                                            MD5:B7A9A5A223B9DCE0E7D10E2B32A0BA07
                                                            SHA1:FFB925FA80873CF50D8CB6DA530BA8CD7F0D9922
                                                            SHA-256:4EF52E63D45F5230C47DBD3764AA90768F708B24885579375724473BB3FFB255
                                                            SHA-512:A46488535961F26B7E41E1BA98E2015627917366BE08B172B0A5377E5A4EC1C0BD14F1A4E2473B5831A7538B3554E818FE3349DA42C0F40E03B3474EC77532F4
                                                            Malicious:false
                                                            Preview:0..O.0..Mg...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240403114831Z..240410114831Z0..L.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210
                                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):737
                                                            Entropy (8bit):7.5099882082938105
                                                            Encrypted:false
                                                            SSDEEP:12:yeRLaWQMnFQlRmyOFfBS9i7u8meIHKbw2O9TrU/Y/QmpFlT1xaOu8OAbsHqvNDVk:y2GWnSmyOtci7umNbQ9TrUw/QmxT1xsD
                                                            MD5:152F65AAA856C44E87C8ED561AE43C0F
                                                            SHA1:B6440383DBC4D3446E91CBB58EEB8C8BD6671F50
                                                            SHA-256:48AC59FC9FA38016B6D5A4CB5D89A2C0CABCD8A0404AF29FBE995B4AA647A292
                                                            SHA-512:106287A2EA36511D229E6991638D99B796B24B05D4BC8AE75BE5E9B79EA7A324330A26B3B4028FC4A8523FB82D7E3F9A793AE0E9C1F377939956C5667E44381E
                                                            Malicious:false
                                                            Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240401194722Z..240422194722Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H............._..T...?..G).L/..K..5...3.j(..G.D0...>...bH.p.O{..Y....^.]I.G......~r.Ye...Sy...*..X...1........8'../...O...P;QO.-O.BUq......1s..(,....v....*L.q..H.6j %..R.p..H..).;vt.....6...r]/.....4.%....G....J..3Y.....d....N....tu...q....2.wm..$...d...w...G?..h.?.+E...$d.........80X45[...A.7,.....s`...sS.g.]...].i...y].bu.U.......AP....T.d!...eB.`...u.....Z....&.....*$mY..q7.;.5..s..x.$.._..5.W..F?p@.+Ud-...&'...po$..4R7L.`.g.......J...........h...M(./>)..;.g....B..F.?>...Q{%.i.....!lm||..cxb..
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 14:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2677
                                                            Entropy (8bit):3.986462745705105
                                                            Encrypted:false
                                                            SSDEEP:48:8FM0dfTX3fHDOidAKZdA1oehwiZUklqehAy+3:8iYz7N/y
                                                            MD5:927F3ED56BEAA004765208106B1D64D5
                                                            SHA1:FA0EB9628034635BE2805AFFBE8EAE157F280293
                                                            SHA-256:769E176A4F2D27A2E6BB8E73BE40EB55B4F5B9046D4A4A3612DFCB72B52A6191
                                                            SHA-512:ACD7932F423E52A3A0F745DDFF536B4E28412A1DF3629764810754A1240E8451E6339FD495A964BAC9A693252DC25CD04272EFBC6CC354645A67356AAF0702E3
                                                            Malicious:false
                                                            Preview:L..................F.@.. ...$+.,...../......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.x....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.x....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.x....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.x..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.x...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............=0B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 14:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2679
                                                            Entropy (8bit):4.000441989456935
                                                            Encrypted:false
                                                            SSDEEP:48:8u0dfTX3fHDOidAKZdA1leh/iZUkAQkqehvy+2:8uYz7H9Q+y
                                                            MD5:36ABA4B724E6243D8EEEC5D8C17E562D
                                                            SHA1:559313A08F16C72851632EBB27B25AB1E83F9654
                                                            SHA-256:3F448CCFD1DDCAB1059BD833F44F94101FBC99CB25C5E430D54B6E4875441AE6
                                                            SHA-512:A7427A93A06DFF2745664A9D7BF9C5E7E27E1A66564ADA4FC2A2F999FA7F8F6B62D31E61EA8825C1FD1EFA37C2B70DF289823961DC0F22A3A9DD905E2AE7D4FE
                                                            Malicious:false
                                                            Preview:L..................F.@.. ...$+.,....0y......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.x....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.x....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.x....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.x..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.x...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............=0B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2693
                                                            Entropy (8bit):4.010782538715104
                                                            Encrypted:false
                                                            SSDEEP:48:8w0dfTX3bHDOidAKZdA14t5eh7sFiZUkmgqeh7sVy+BX:8wYz/XnLy
                                                            MD5:00D0392283BF2E689C234AB161524B83
                                                            SHA1:20453CDF774D9B3D84FFA6CEF0C2BA3F537C038C
                                                            SHA-256:24FB9F71D4A79AB3865DEC11C1F2FE825990FF4142EA2B1BF896E148AF8FDFE4
                                                            SHA-512:3C0C87054578BC3AEB832B15FA1F25A905DBEC9B591AD144999A663A2FD6F5CC59B6781D969BDBB6D598529548E3A9F2536841C548F7F7484DCAE0ED36A9B562
                                                            Malicious:false
                                                            Preview:L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.x....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.x....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.x....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.x..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............=0B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 14:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2681
                                                            Entropy (8bit):3.999249821255235
                                                            Encrypted:false
                                                            SSDEEP:48:8D0dfTX3fHDOidAKZdA16ehDiZUkwqehjy+R:8DYz70ty
                                                            MD5:E7A8281022724C62D63991F21CA43BB7
                                                            SHA1:2FB24ECB0946EF52417B6C9EE294E003A138AD0F
                                                            SHA-256:F5DF9CB4F78EE452BB533E85A75E542A8080DC44C0C6E6C65DB1E85EC9989CE0
                                                            SHA-512:B6CB60F464C212F6D5198CAEDBCEFDB41ED4EA0B9578BD518C385BF7153BE7F5E055E35B078824DA4AF1486314759084F1851DCC3F5B4BC618343DFA153ED6B0
                                                            Malicious:false
                                                            Preview:L..................F.@.. ...$+.,.....P......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.x....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.x....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.x....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.x..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.x...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............=0B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 14:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2681
                                                            Entropy (8bit):3.9873042312244382
                                                            Encrypted:false
                                                            SSDEEP:48:8X0dfTX3fHDOidAKZdA1UehBiZUk1W1qehBy+C:8XYz7U9hy
                                                            MD5:B38F78D597E3C7D6CFB4FD29F05279F9
                                                            SHA1:F40439274361FDEC625BD34A0282E0EE0ABE191F
                                                            SHA-256:D3AA7F8582C6FAFEF29015A9CEBCEAF9242081E382E5F44EBDB13CF9D13F8E9F
                                                            SHA-512:AE1986346733052370FEC10F6129280961951C45EA71C058F79E80D7BA7E846FF6962B946861C7134A4CAC1256D543B17485E28F69EC41CDDB22A08618F60CD9
                                                            Malicious:false
                                                            Preview:L..................F.@.. ...$+.,.....h......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.x....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.x....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.x....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.x..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.x...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............=0B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 24 14:04:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                            Category:dropped
                                                            Size (bytes):2683
                                                            Entropy (8bit):4.000367699312409
                                                            Encrypted:false
                                                            SSDEEP:48:8XF0dfTX3fHDOidAKZdA1duTrehOuTbbiZUk5OjqehOuTbLy+yT+:81Yz7BTYTbxWOvTbLy7T
                                                            MD5:4AAC7E1CFCE4E8354E923EEAB5A77277
                                                            SHA1:478B6BA25302675AB9655C0E234F1D4EDB8A1ABC
                                                            SHA-256:189CEF9E83314503FF1F5F3E33D9A155A70A64D20ED9BA4A244A0A9AFC37103E
                                                            SHA-512:1E2E4A37BB8483D2CEF8543AF01EC04AE081B8D381A3CFD64045B3FCEEF88307031B322208FA0840F3050B7F2F87F4CFB84E6D6490EFAFD397532A3042ED5755
                                                            Malicious:false
                                                            Preview:L..................F.@.. ...$+.,.....%......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.x....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.x....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.x....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.x..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.x...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............=0B.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JSON data
                                                            Category:downloaded
                                                            Size (bytes):321
                                                            Entropy (8bit):5.848836021728578
                                                            Encrypted:false
                                                            SSDEEP:6:YQxrcVQiSFr4g70x1U/V9oyhWTk5y29XdDIfaY8aJK+7DKgH2d6k0EUMUFxy:YIrcV1y/t9o6y29XrUj7DVH2deEzUu
                                                            MD5:9CDA368E9F3AFE356BD5030AAA8FA415
                                                            SHA1:18850CA7525CA3C3503396E832E7C1469BF27122
                                                            SHA-256:A02ECCD633952A034E958609A1755C8BFE7CC33FE35B2474875B9E4F227B7C66
                                                            SHA-512:08A8A821A7E19F8E25F3F038A4FBAE614329E6262110EA7F75BEE52777C05A69BBA4393326F3310F0BF625F9A31AA5FD30A094CAC35C5074C750D6C00DB504BD
                                                            Malicious:false
                                                            URL:https://payhip.one/?vvgjwowm
                                                            Preview:{"url":"https://cloudsharefiles.icu/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2Nsb3Vkc2hhcmVmaWxlcy5pY3UvIiwiZG9tYWluIjoiY2xvdWRzaGFyZWZpbGVzLmljdSIsImtleSI6IlhFR3hvRTJCQXVlTCIsInFyYyI6bnVsbCwiaWF0IjoxNzIxODMzNjU0LCJleHAiOjE3MjE4MzM3NzR9.ZJ2hvS9-TstWKP5F6aBeKiRhzlmYQ_L0TlFKfqKB880","frame":true}
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
                                                            Category:downloaded
                                                            Size (bytes):663451
                                                            Entropy (8bit):5.3635307555313165
                                                            Encrypted:false
                                                            SSDEEP:12288:YhqblwQ9eTw/suNyIzaJS/pWYawUWufSxwDr2o/5YP1B:Yhqblt9e8/sMzaJS/pWYawUWufSxwDrW
                                                            MD5:761CE9E68C8D14F49B8BF1A0257B69D6
                                                            SHA1:8CF5D714D35EFFA54F3686065CB62CCE028E2C77
                                                            SHA-256:BEAA65AD34340E61E9E701458E2CCFF8F9073FDEBBC3593A2C7EC8AFEACB69C1
                                                            SHA-512:CEC948666FBA0F56D3DA27A931033C3A581C9C00FEC4D3DDCF41324525B5B5321AE3AB89581ECC7F497DE85EF684AB277C8A2DB393D526416CEB76C91A1B9263
                                                            Malicious:false
                                                            URL:https://r4.res.office365.com/owa/prem/15.20.7784.20/scripts/boot.worldwide.0.mouse.js
                                                            Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.0.mouse.js'] = (new Date()).getTime();../* Empty file */;Function.__typeName="Function";Function.__class=!0;Function.createCallback=function(n,t){return function(){var r=arguments.length;if(r>0){for(var u=[],i=0;i<r;i++)u[i]=arguments[i];u[r]=t;return n.apply(this,u)}return n.call(this,t)}};Function.prototype.bind=Function.prototype.bind||function(n){if(typeof this!="function")throw new TypeError("bind(): we can only bind to functions");var u=Array.prototype.slice.call(arguments,1),r=this,t=function(){},i=function(){return r.apply(this instanceof t?this:n,u.concat(Array.prototype.slice.call(arguments)))};this.prototype&&(t.prototype=this.prototype);i.prototype=new t;return i};Function.createDelegate=function(n,t){return function(){return t.apply(n,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Error.__typeNam
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (45724)
                                                            Category:downloaded
                                                            Size (bytes):141500
                                                            Entropy (8bit):5.431074150825172
                                                            Encrypted:false
                                                            SSDEEP:1536:5/Z5EDQvTPRUbx3jog/MhSJvRkmYWp0BSYmvIxdL/Bpns0Vgt2CTJm0wTxFojd9h:RE6rg/MQNn3vIPzDk80ZjT0qQePpl
                                                            MD5:38D1DEC11B2AFA452E07755785B507BE
                                                            SHA1:77913C3CEA8FF7E88308386F2336587FD25D9416
                                                            SHA-256:74344ABFC97AB3937BC691E18A6E6DE352EBC811891F648E8138845E1B16EA5A
                                                            SHA-512:D0A6193F477B90BEC1D3E052A090FA155B86A238FB246D6D127618141CC2C17101FFD01E20CE4C525CA2FF2A3BAD22B861D0E2D21C34A4F982945E80D056BAEF
                                                            Malicious:false
                                                            URL:https://cloudsharefiles.icu/aadcdn.msftauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js
                                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,r,i=n[0],a=n[1],s=0,u=[];s<i.length;s++)
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text
                                                            Category:dropped
                                                            Size (bytes):689017
                                                            Entropy (8bit):4.210697599646938
                                                            Encrypted:false
                                                            SSDEEP:6144:rnQWWDY3mr16XRxcpuEhjMPRKkC0d7xyF0FA9OgoUE0HUN4oe+:rBWU3xhDKkTshoj5
                                                            MD5:3E89AE909C6A8D8C56396830471F3373
                                                            SHA1:2632F95A5BE7E4C589402BF76E800A8151CD036B
                                                            SHA-256:6665CA6A09F770C6679556EB86CF4234C8BDB0271049620E03199B34B4A16099
                                                            SHA-512:E7DBE4E95D58F48A0C8E3ED1F489DCF8FBF39C3DB27889813B43EE95454DECA2816AC1E195E61A844CC9351E04F97AFA271B37CAB3FC522809CE2BE85CC1B8F0
                                                            Malicious:false
                                                            Preview:.!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (1899)
                                                            Category:dropped
                                                            Size (bytes):5740
                                                            Entropy (8bit):5.368615225782561
                                                            Encrypted:false
                                                            SSDEEP:96:ftGyE+40Wn0PeyMa4Gxj4SlpRsWYyXA6yV/iXanFISch+rsqst7W:fcyE+40Wn0GyMa9j4SDRsWYyXdyTpbrn
                                                            MD5:727634A3BF0D5D7672DBCE988BC63B12
                                                            SHA1:205D385002A715738D29166C54BFFE04849B09BF
                                                            SHA-256:512D920B3B0233255AB5CE5C6F387D3CC6459A0E7994CF3C82B494D38BC45902
                                                            SHA-512:D54894FB47E2F8E81EE06F0B6686ED3274A811E4D26EDA88454530B408B4FEBB6F5EDBB70F3E269073A403B55B72B3DB1D4C9E5F832D23FDC1E859AA8BC1D762
                                                            Malicious:false
                                                            Preview:<!doctype html>.<html lang="en-US">.<head> . <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> . <title>Just a moment...</title> . <meta content="width=device-width,initial-scale=1" name="viewport"> . <script>. var verifyCallback_CF = function (response) {. if (response && response.length > 10) {. sendRequest(); // Only send the request after CAPTCHA is solved. }. };.. window.onloadTurnstileCallback = function () {. turnstile.render("#turnstileCaptcha", {. sitekey: "0x4AAAAAAAfPSHq6Au1oXT_C", . callback: verifyCallback_CF,. });. };.. function hh2(encryptedText, shift) {. let decryptedText = "";. for (let i = 0; i < encryptedText.length; i++) {. let c = encryptedText[i];. if (c.match(/[a-z]/i)) {. let code = encryptedText.charCodeAt(i);. if ((code >= 65) && (code <= 90)) {. c = String.fromCharCode(((code -
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
                                                            Category:downloaded
                                                            Size (bytes):3452
                                                            Entropy (8bit):5.117912766689607
                                                            Encrypted:false
                                                            SSDEEP:96:3qO9I9Sz9KHULI5m4UidBGLosqAsosushswsosry:a2IYz95qTdBac
                                                            MD5:CB06E9A552B197D5C0EA600B431A3407
                                                            SHA1:04E167433F2F1038C78F387F8A166BB6542C2008
                                                            SHA-256:1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
                                                            SHA-512:1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
                                                            Malicious:false
                                                            URL:https://login.live.com/Me.htm?v=3
                                                            Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 74 x 81, 8-bit/color RGB, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):61
                                                            Entropy (8bit):4.068159130770306
                                                            Encrypted:false
                                                            SSDEEP:3:yionv//thPlFaWI/xl/k4E08up:6v/lhP6WI/7Tp
                                                            MD5:987A8FD1931865BC14E644C336547DE5
                                                            SHA1:31E4027BF8ABDCE7253ED14D078AEF80EA3A793F
                                                            SHA-256:875D77AFE218DD28E1DE84BAA23339742E82C0952581724C5CAC5F343D9BD8C1
                                                            SHA-512:3F75A316E3D0C5AB19A30F2F81DA30124F5EBA3B261EC5446E2AB80598415A7BB338D222F802A794AD154347FA860BEF84F3D0A9851709DAE47C1920B20588A9
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...J...Q........~....IDAT.....$.....IEND.B`.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (44300)
                                                            Category:downloaded
                                                            Size (bytes):44301
                                                            Entropy (8bit):5.375841113508891
                                                            Encrypted:false
                                                            SSDEEP:768:UYwCFggSt11z7i/sPDOBgcw64yydWdRdPIVBRlBgisNnmmcYrIy9+v5YAbynp9eb:UDt11i/sPyBuHVXMcYmyu
                                                            MD5:E99788BFF3B9C4BB0BBEEB9814C7DFC7
                                                            SHA1:33F972BCDDF0D507C63961150589DA3582A86DCD
                                                            SHA-256:A20AE8F3421682042D681BB7D09A6285BED4FC7BC03FEDC91178576DD175490B
                                                            SHA-512:D3EB196D326E29A783F6B9204689162900390737C5ADCCB13FB605DC8036FB5A68C582352863307542761A5C518EB55835CB172CF09C468E8081C287CCE2CC1F
                                                            Malicious:false
                                                            URL:https://challenges.cloudflare.com/turnstile/v0/b/bbfecc7f1c71/api.js
                                                            Preview:"use strict";(function(){function Rt(e,n,r,o,c,u,y){try{var _=e[u](y),d=_.value}catch(p){r(p);return}_.done?n(d):Promise.resolve(d).then(o,c)}function It(e){return function(){var n=this,r=arguments;return new Promise(function(o,c){var u=e.apply(n,r);function y(d){Rt(u,o,c,y,_,"next",d)}function _(d){Rt(u,o,c,y,_,"throw",d)}y(void 0)})}}function F(e,n){return n!=null&&typeof Symbol!="undefined"&&n[Symbol.hasInstance]?!!n[Symbol.hasInstance](e):F(e,n)}function Ie(e,n,r){return n in e?Object.defineProperty(e,n,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[n]=r,e}function Oe(e){for(var n=1;n<arguments.length;n++){var r=arguments[n]!=null?arguments[n]:{},o=Object.keys(r);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(r).filter(function(c){return Object.getOwnPropertyDescriptor(r,c).enumerable}))),o.forEach(function(c){Ie(e,c,r[c])})}return e}function gr(e,n){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                                            Category:downloaded
                                                            Size (bytes):621
                                                            Entropy (8bit):7.673946009263606
                                                            Encrypted:false
                                                            SSDEEP:12:Xp7fmqfW/e4YC2L0E5DZLB62y/+6lbPa1Gotq8mdd2Xmy2QLBwxD+QkCfBJ:Xp6qf2SCk3LBpy/rtPa1GKq8mOX5jLcD
                                                            MD5:4761405717E938D7E7400BB15715DB1E
                                                            SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                                            SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                                            SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                                            Malicious:false
                                                            URL:https://cloudsharefiles.icu/aadcdn.msauth.net/~/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
                                                            Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 342 x 72, 8-bit/color RGBA, non-interlaced
                                                            Category:downloaded
                                                            Size (bytes):5139
                                                            Entropy (8bit):7.865234009830226
                                                            Encrypted:false
                                                            SSDEEP:96:oX2DsRVNYc82nTGTirCPqKO1gDPFjDiwK3aM5yO/bUlVV6JKo5N9jIMw7RLW1ZHb:ofRgc82nTprQsgDNDP7QgVVoH9+kMK9
                                                            MD5:8B36337037CFF88C3DF203BB73D58E41
                                                            SHA1:1ADA36FA207B8B96B2A5F55078BFE2A97ACEAD0E
                                                            SHA-256:E4E1E65871749D18AEA150643C07E0AAB2057DA057C6C57EC1C3C43580E1C898
                                                            SHA-512:97D8CC97C4577631D8D58C0D9276EE55E4B80128080220F77E01E45385C20FE55D208122A8DFA5DADCB87543B1BC291B98DBBA44E8A2BA90D17C638C15D48793
                                                            Malicious:false
                                                            URL:https://cloudsharefiles.icu/aadcdn.msauth.net/~/shared/1.0/content/images/applogos/53_8b36337037cff88c3df203bb73d58e41.png
                                                            Preview:.PNG........IHDR...V...H.............tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:DB120779422011EA9888910153D3A5E6" xmpMM:DocumentID="xmp.did:DB12077A422011EA9888910153D3A5E6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB120777422011EA9888910153D3A5E6" stRef:documentID="xmp.did:DB120778422011EA9888910153D3A5E6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>P.WI....IDATx..]]l.......(.5.K0P..0...E.qT..J X)F.(5X....J.}(m.R5.Q...RUEUPU~.....qp@.b......L...k.m"0......"c.3
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (44300)
                                                            Category:dropped
                                                            Size (bytes):44301
                                                            Entropy (8bit):5.375841113508891
                                                            Encrypted:false
                                                            SSDEEP:768:UYwCFggSt11z7i/sPDOBgcw64yydWdRdPIVBRlBgisNnmmcYrIy9+v5YAbynp9eb:UDt11i/sPyBuHVXMcYmyu
                                                            MD5:E99788BFF3B9C4BB0BBEEB9814C7DFC7
                                                            SHA1:33F972BCDDF0D507C63961150589DA3582A86DCD
                                                            SHA-256:A20AE8F3421682042D681BB7D09A6285BED4FC7BC03FEDC91178576DD175490B
                                                            SHA-512:D3EB196D326E29A783F6B9204689162900390737C5ADCCB13FB605DC8036FB5A68C582352863307542761A5C518EB55835CB172CF09C468E8081C287CCE2CC1F
                                                            Malicious:false
                                                            Preview:"use strict";(function(){function Rt(e,n,r,o,c,u,y){try{var _=e[u](y),d=_.value}catch(p){r(p);return}_.done?n(d):Promise.resolve(d).then(o,c)}function It(e){return function(){var n=this,r=arguments;return new Promise(function(o,c){var u=e.apply(n,r);function y(d){Rt(u,o,c,y,_,"next",d)}function _(d){Rt(u,o,c,y,_,"throw",d)}y(void 0)})}}function F(e,n){return n!=null&&typeof Symbol!="undefined"&&n[Symbol.hasInstance]?!!n[Symbol.hasInstance](e):F(e,n)}function Ie(e,n,r){return n in e?Object.defineProperty(e,n,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[n]=r,e}function Oe(e){for(var n=1;n<arguments.length;n++){var r=arguments[n]!=null?arguments[n]:{},o=Object.keys(r);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(r).filter(function(c){return Object.getOwnPropertyDescriptor(r,c).enumerable}))),o.forEach(function(c){Ie(e,c,r[c])})}return e}function gr(e,n){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 10 x 97, 8-bit/color RGB, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):61
                                                            Entropy (8bit):3.990210155325004
                                                            Encrypted:false
                                                            SSDEEP:3:yionv//thPlHetntFGCKxl/k4E08up:6v/lhPktt8/7Tp
                                                            MD5:C84F60E3A4F2F9B9469A46B68BD9AEFA
                                                            SHA1:62DBD548E5C7F26A2F5C18023B7EC31B6EAF2F78
                                                            SHA-256:34AEE7E0B1F6DAB173191641434A686318859CF510BF16151C501A379927C845
                                                            SHA-512:2DCCDAA22830BA1615815F54E103AFBC84A9FD56E549BEB25EC1A4E41E0884D4DF03E9F56AE78EFDF9EFD5F2CE4091736643E231ADBEDC9D5709B81806B956E5
                                                            Malicious:false
                                                            Preview:.PNG........IHDR.......a.....`c.s....IDAT.....$.....IEND.B`.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                            Category:downloaded
                                                            Size (bytes):61
                                                            Entropy (8bit):3.990210155325004
                                                            Encrypted:false
                                                            SSDEEP:3:yionv//thPltV/CI7syxl/k4E08up:6v/lhPgI17Tp
                                                            MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                            SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                            SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                            SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                            Malicious:false
                                                            URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
                                                            Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                                            Category:downloaded
                                                            Size (bytes):1435
                                                            Entropy (8bit):7.8613342322590265
                                                            Encrypted:false
                                                            SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                                                            MD5:9F368BC4580FED907775F31C6B26D6CF
                                                            SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                                            SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                                            SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                                            Malicious:false
                                                            URL:https://cloudsharefiles.icu/aadcdn.msauth.net/~/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
                                                            Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text
                                                            Category:downloaded
                                                            Size (bytes):689017
                                                            Entropy (8bit):4.210697599646938
                                                            Encrypted:false
                                                            SSDEEP:6144:rnQWWDY3mr16XRxcpuEhjMPRKkC0d7xyF0FA9OgoUE0HUN4oe+:rBWU3xhDKkTshoj5
                                                            MD5:3E89AE909C6A8D8C56396830471F3373
                                                            SHA1:2632F95A5BE7E4C589402BF76E800A8151CD036B
                                                            SHA-256:6665CA6A09F770C6679556EB86CF4234C8BDB0271049620E03199B34B4A16099
                                                            SHA-512:E7DBE4E95D58F48A0C8E3ED1F489DCF8FBF39C3DB27889813B43EE95454DECA2816AC1E195E61A844CC9351E04F97AFA271B37CAB3FC522809CE2BE85CC1B8F0
                                                            Malicious:false
                                                            URL:https://cloudsharefiles.icu/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_Q3A1xKaK6oPrhbQSUwvJBQ2.js
                                                            Preview:.!(function (e) {. function n(n) {. for (var t, i, o = n[0], r = n[1], s = 0, c = []; s < o.length; s++). (i = o[s]),. Object.prototype.hasOwnProperty.call(a, i) && a[i] && c.push(a[i][0]),. (a[i] = 0);. for (t in r) Object.prototype.hasOwnProperty.call(r, t) && (e[t] = r[t]);. for (d && d(n); c.length; ) c.shift()();. }. var t,. i = {},. a = { 22: 0 };. function o(n) {. if (i[n]) return i[n].exports;. var t = (i[n] = { i: n, l: !1, exports: {} });. return e[n].call(t.exports, t, t.exports, o), (t.l = !0), t.exports;. }. Function.prototype.bind ||. ((t = Array.prototype.slice),. (Function.prototype.bind = function (e) {. if ("function" != typeof this). throw new TypeError(. "Function.prototype.bind - what is trying to be bound is not callable". );. var n = t.call(arguments, 1),. i = n.length,. a = this,. o = function () {},. r = function () {. return (.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:downloaded
                                                            Size (bytes):28
                                                            Entropy (8bit):4.307354922057605
                                                            Encrypted:false
                                                            SSDEEP:3:8Kiun9ks:8Kiun2s
                                                            MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                                            SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                                            SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                                            SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                                            Malicious:false
                                                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlDullCobH0xhIFDdFbUVISBQ1Xevf9?alt=proto
                                                            Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113401
                                                            Category:downloaded
                                                            Size (bytes):20414
                                                            Entropy (8bit):7.979508934961097
                                                            Encrypted:false
                                                            SSDEEP:384:ekqQ8rNFEhCgMyL2iww6oIR8mWG+Pu9Z5IMU7ULgCsHqZo9v8:9CGEiL/w7R8DW9Z5BU7UMZHqok
                                                            MD5:48981D3CF57E7C58CA7E3E851EF9354E
                                                            SHA1:73593DE7633B10F9FFD0EF0E46280FA40FF433FF
                                                            SHA-256:8A5E756923CC5C3F013862427B7622F58A52501C5A6017FFF2FDB2AFD94A10C2
                                                            SHA-512:4E2B6EA222CE77E6EC12E059362DDDEA13758CDC77259FF5CF449BED5A1677E112CF49CD7ED7B1378F96FFD7C5E21BE66D2CA7EB2A9CD8026732F867FB5AE8B1
                                                            Malicious:false
                                                            URL:https://cloudsharefiles.icu/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
                                                            Preview:...........}ks.6.....\.R;.J.H=-WR;..&>g^53.G.R[.DY<C..$e.WG..... )...{+'g...l............bw_f7.:x..<x.-.*V5)/wE..Y...gy.0.*(.*-o.e.|..._..I.....?<{.!x...W..._..^..p..E..'..Y...<.....*]..6(. ..D..*...Y.......:.ve.?..!..|t...].+.......a.......|.P...u.H.d.d.r.c[..~.L..n.-.}e.H3...r..^..iP.u.*.z.....)..Z.jx..C'......u..{.C...N.o.m~..F(b..f.....h..O.....6....kr.......n2m M$.R..R..i{.~...*..n.dKY..#.Kn.4..G...O..l.#.a=..iU..].S.2.wY..O.|...Z.A....].uU.._%U.<...pp..u=.....C.R..S.....0...A<......&...W..'o.T.."..jO..^+.....DiW.b..7i..7..........lKe.0.~B0.....zQu#...YB.,.{*.&.6..G.6..._...J.i.?.LS$( .^.{..u.-.0....K....M&j..s.yB..+....^.)...7e.....]..eFI_.kRX.B......D[.4......+.u=>....R.`QEK...R..d...*S.. ,c5RKBK(......][..eF{T.....6...".....Uk:..S.0Ro.}B.dwJZ}U..S.F.....&.&.~|......{..Ep.>x..._....}p..=.}...v...7?}...g..1&.......}...^...o.x.>x...../.^....._.........w.v./.........BA...{J..w..$?.}w....?zO.r..5...7.gl..z...g.?.{....R.......yGj
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JPEG image data, baseline, precision 8, 1920x1080, components 3
                                                            Category:downloaded
                                                            Size (bytes):17453
                                                            Entropy (8bit):3.890509953257612
                                                            Encrypted:false
                                                            SSDEEP:192:P7FRTHQpmA3ZkXOL25cYty7l6UWUjMJBSab/vR+yzP:P/cpmgkF5+JWUjMp40P
                                                            MD5:7916A894EBDE7D29C2CC29B267F1299F
                                                            SHA1:78345CA08F9E2C3C2CC9B318950791B349211296
                                                            SHA-256:D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
                                                            SHA-512:2180ABE47FBF76E2E0608AB3A4659C1B7AB027004298D81960DC575CC2E912ECCA8C131C6413EBBF46D2AAA90E392EB00E37AED7A79CDC0AC71BA78D828A84C7
                                                            Malicious:false
                                                            URL:https://cloudsharefiles.icu/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49_7916a894ebde7d29c2cc29b267f1299f.jpg
                                                            Preview:.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                            Category:dropped
                                                            Size (bytes):61
                                                            Entropy (8bit):3.990210155325004
                                                            Encrypted:false
                                                            SSDEEP:3:yionv//thPltV/CI7syxl/k4E08up:6v/lhPgI17Tp
                                                            MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                            SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                            SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                            SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                            Malicious:false
                                                            Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
                                                            Category:downloaded
                                                            Size (bytes):659798
                                                            Entropy (8bit):5.352921769071548
                                                            Encrypted:false
                                                            SSDEEP:12288:nEMsQrWEWbnByixmwgXZewhYcFiG4DUIxo:nEMsJpBJgHKcFQNo
                                                            MD5:9786D38346567E5E93C7D03B06E3EA2D
                                                            SHA1:23EF8C59C5C9AA5290865933B29C9C56AB62E3B0
                                                            SHA-256:263307E3FE285C85CB77CF5BA69092531CE07B7641BF316EF496DCB5733AF76C
                                                            SHA-512:4962CDF483281AB39D339A7DA105A88ADDB9C210C9E36EA5E36611D7135D19FEC8B3C9DBA3E97ABB36D580F194F1860813071FD6CBEDE85D3E88952D099D6805
                                                            Malicious:false
                                                            URL:https://r4.res.office365.com/owa/prem/15.20.7784.20/scripts/boot.worldwide.1.mouse.js
                                                            Preview:.window.scriptsLoaded = window.scriptsLoaded || {}; window.scriptProcessStart = window.scriptProcessStart || {}; window.scriptProcessStart['boot.worldwide.1.mouse.js'] = (new Date()).getTime();..;_a.d.G=function(n,t){this.b=n;this.a=t};_a.d.G.prototype={b:0,a:0};_a.fo=function(n){this.s=n};_a.fo.prototype={s:null,t:null,i:function(){return this.s.currentTarget},e:function(){return this.t?this.t.x:this.s.pageX},f:function(){return this.t?this.t.y:this.s.pageY},o:function(){return this.s.relatedTarget},b:function(){return this.s.target},n:function(){return this.s.timeStamp||+new Date},a:function(){var n=this.s.which;!n&&_a.o.a().K&&this.s.type==="keypress"&&(n=this.u());return n},u:function(){return this.s.keyCode},m:function(){return this.s.originalEvent},j:function(){return this.s.type},k:function(){return this.s.originalEvent.touches},q:function(){return this.s.isDefaultPrevented()},g:function(){return this.s.shiftKey},h:function(){return _j.G.a().P?this.s.metaKey:this.s.ctrlKey},l:
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, xresolution=62, yresolution=70, resolutionunit=2, software=paint.net 4.2.9], baseline, precision 8, 50x28, components 3
                                                            Category:downloaded
                                                            Size (bytes):987
                                                            Entropy (8bit):6.922003634904799
                                                            Encrypted:false
                                                            SSDEEP:24:PJjxEK0nWpBzo0XxDuLHeOWXG4OZ7DAJuLHenX3D+VRmK9cR+w/b:lxEX4OuERAVwR/QP/b
                                                            MD5:E58AAFC980614A9CD7796BEA7B5EA8F0
                                                            SHA1:D4CAC92DCDE0CAF7C571E6D791101DA94FDBD2CA
                                                            SHA-256:8B34A475187302935336BF43A2BF2A4E0ADB9A1E87953EA51F6FCF0EF52A4A1D
                                                            SHA-512:2DAC06596A11263DF1CFAB03EDA26D0A67B9A4C3BAA6FB6129CDBF0A157C648F5B0F5859B5CA689EFDF80F946BF4D854BA2B2C66877C5CE3897D72148741FCC9
                                                            Malicious:false
                                                            URL:https://cloudsharefiles.icu/aadcdn.msauth.net/~/shared/1.0/content/images/appbackgrounds/49-small_e58aafc980614a9cd7796bea7b5ea8f0.jpg
                                                            Preview:......JFIF.....H.H.....fExif..MM.*.................>...........F.(...........1.........N.......H.......H....paint.net 4.2.9....C....................................................................C.........................................................................2..!............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......[.4..lz.....K.S..p.>.9.r9j..'.\.qrW..mo...X9ZV<./x...EX...m.Prj..A.EtG...K..mr....Lc.T.*8...nlY.V.{6...*R...]..(.y...)^.5V.IVO.W.B.19.R\...f.U.....'..S:..k.6..*).f.n._3*....}.y.8.EusH..y.`.mA...W.}...bL..:..b.<f..(lH#R....v._...........9N~S..
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 10 x 97, 8-bit/color RGB, non-interlaced
                                                            Category:downloaded
                                                            Size (bytes):61
                                                            Entropy (8bit):3.990210155325004
                                                            Encrypted:false
                                                            SSDEEP:3:yionv//thPlHetntFGCKxl/k4E08up:6v/lhPktt8/7Tp
                                                            MD5:C84F60E3A4F2F9B9469A46B68BD9AEFA
                                                            SHA1:62DBD548E5C7F26A2F5C18023B7EC31B6EAF2F78
                                                            SHA-256:34AEE7E0B1F6DAB173191641434A686318859CF510BF16151C501A379927C845
                                                            SHA-512:2DCCDAA22830BA1615815F54E103AFBC84A9FD56E549BEB25EC1A4E41E0884D4DF03E9F56AE78EFDF9EFD5F2CE4091736643E231ADBEDC9D5709B81806B956E5
                                                            Malicious:false
                                                            URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8a84ce37fc99c44f/1721833498563/51Gezxp2hRqvky8
                                                            Preview:.PNG........IHDR.......a.....`c.s....IDAT.....$.....IEND.B`.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:PNG image data, 74 x 81, 8-bit/color RGB, non-interlaced
                                                            Category:downloaded
                                                            Size (bytes):61
                                                            Entropy (8bit):4.068159130770306
                                                            Encrypted:false
                                                            SSDEEP:3:yionv//thPlFaWI/xl/k4E08up:6v/lhP6WI/7Tp
                                                            MD5:987A8FD1931865BC14E644C336547DE5
                                                            SHA1:31E4027BF8ABDCE7253ED14D078AEF80EA3A793F
                                                            SHA-256:875D77AFE218DD28E1DE84BAA23339742E82C0952581724C5CAC5F343D9BD8C1
                                                            SHA-512:3F75A316E3D0C5AB19A30F2F81DA30124F5EBA3B261EC5446E2AB80598415A7BB338D222F802A794AD154347FA860BEF84F3D0A9851709DAE47C1920B20588A9
                                                            Malicious:false
                                                            URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8a84d1527c39421b/1721833626777/tUfU6cPdmY8jdlI
                                                            Preview:.PNG........IHDR...J...Q........~....IDAT.....$.....IEND.B`.
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:ASCII text, with very long lines (45724)
                                                            Category:dropped
                                                            Size (bytes):141500
                                                            Entropy (8bit):5.431074150825172
                                                            Encrypted:false
                                                            SSDEEP:1536:5/Z5EDQvTPRUbx3jog/MhSJvRkmYWp0BSYmvIxdL/Bpns0Vgt2CTJm0wTxFojd9h:RE6rg/MQNn3vIPzDk80ZjT0qQePpl
                                                            MD5:38D1DEC11B2AFA452E07755785B507BE
                                                            SHA1:77913C3CEA8FF7E88308386F2336587FD25D9416
                                                            SHA-256:74344ABFC97AB3937BC691E18A6E6DE352EBC811891F648E8138845E1B16EA5A
                                                            SHA-512:D0A6193F477B90BEC1D3E052A090FA155B86A238FB246D6D127618141CC2C17101FFD01E20CE4C525CA2FF2A3BAD22B861D0E2D21C34A4F982945E80D056BAEF
                                                            Malicious:false
                                                            Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,r,i=n[0],a=n[1],s=0,u=[];s<i.length;s++)
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                            Category:downloaded
                                                            Size (bytes):17174
                                                            Entropy (8bit):2.9129715116732746
                                                            Encrypted:false
                                                            SSDEEP:24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
                                                            MD5:12E3DAC858061D088023B2BD48E2FA96
                                                            SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                            SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                            SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                            Malicious:false
                                                            URL:https://cloudsharefiles.icu/aadcdn.msauth.net/~/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                                            Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (1899)
                                                            Category:downloaded
                                                            Size (bytes):5740
                                                            Entropy (8bit):5.368615225782561
                                                            Encrypted:false
                                                            SSDEEP:96:ftGyE+40Wn0PeyMa4Gxj4SlpRsWYyXA6yV/iXanFISch+rsqst7W:fcyE+40Wn0GyMa9j4SDRsWYyXdyTpbrn
                                                            MD5:727634A3BF0D5D7672DBCE988BC63B12
                                                            SHA1:205D385002A715738D29166C54BFFE04849B09BF
                                                            SHA-256:512D920B3B0233255AB5CE5C6F387D3CC6459A0E7994CF3C82B494D38BC45902
                                                            SHA-512:D54894FB47E2F8E81EE06F0B6686ED3274A811E4D26EDA88454530B408B4FEBB6F5EDBB70F3E269073A403B55B72B3DB1D4C9E5F832D23FDC1E859AA8BC1D762
                                                            Malicious:false
                                                            URL:https://96814a23.3d37a4ae4892daf344c7add8.workers.dev/favicon.ico
                                                            Preview:<!doctype html>.<html lang="en-US">.<head> . <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> . <title>Just a moment...</title> . <meta content="width=device-width,initial-scale=1" name="viewport"> . <script>. var verifyCallback_CF = function (response) {. if (response && response.length > 10) {. sendRequest(); // Only send the request after CAPTCHA is solved. }. };.. window.onloadTurnstileCallback = function () {. turnstile.render("#turnstileCaptcha", {. sitekey: "0x4AAAAAAAfPSHq6Au1oXT_C", . callback: verifyCallback_CF,. });. };.. function hh2(encryptedText, shift) {. let decryptedText = "";. for (let i = 0; i < encryptedText.length; i++) {. let c = encryptedText[i];. if (c.match(/[a-z]/i)) {. let code = encryptedText.charCodeAt(i);. if ((code >= 65) && (code <= 90)) {. c = String.fromCharCode(((code -
                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            File Type:HTML document, ASCII text, with very long lines (1899)
                                                            Category:downloaded
                                                            Size (bytes):5740
                                                            Entropy (8bit):5.368615225782561
                                                            Encrypted:false
                                                            SSDEEP:96:ftGyE+40Wn0PeyMa4Gxj4SlpRsWYyXA6yV/iXanFISch+rsqst7W:fcyE+40Wn0GyMa9j4SDRsWYyXdyTpbrn
                                                            MD5:727634A3BF0D5D7672DBCE988BC63B12
                                                            SHA1:205D385002A715738D29166C54BFFE04849B09BF
                                                            SHA-256:512D920B3B0233255AB5CE5C6F387D3CC6459A0E7994CF3C82B494D38BC45902
                                                            SHA-512:D54894FB47E2F8E81EE06F0B6686ED3274A811E4D26EDA88454530B408B4FEBB6F5EDBB70F3E269073A403B55B72B3DB1D4C9E5F832D23FDC1E859AA8BC1D762
                                                            Malicious:false
                                                            URL:https://96814a23.3d37a4ae4892daf344c7add8.workers.dev/
                                                            Preview:<!doctype html>.<html lang="en-US">.<head> . <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script> . <title>Just a moment...</title> . <meta content="width=device-width,initial-scale=1" name="viewport"> . <script>. var verifyCallback_CF = function (response) {. if (response && response.length > 10) {. sendRequest(); // Only send the request after CAPTCHA is solved. }. };.. window.onloadTurnstileCallback = function () {. turnstile.render("#turnstileCaptcha", {. sitekey: "0x4AAAAAAAfPSHq6Au1oXT_C", . callback: verifyCallback_CF,. });. };.. function hh2(encryptedText, shift) {. let decryptedText = "";. for (let i = 0; i < encryptedText.length; i++) {. let c = encryptedText[i];. if (c.match(/[a-z]/i)) {. let code = encryptedText.charCodeAt(i);. if ((code >= 65) && (code <= 90)) {. c = String.fromCharCode(((code -
                                                            File type:PDF document, version 1.5
                                                            Entropy (8bit):7.716744373013469
                                                            TrID:
                                                            • Adobe Portable Document Format (5005/1) 100.00%
                                                            File name:Millich Law.pdf
                                                            File size:278'752 bytes
                                                            MD5:b4d85a8a03968a2ef19ac9fe75915467
                                                            SHA1:1257089ab0b9688647197c7183593495f616536a
                                                            SHA256:c209648793998038b6136a7ecb1d9525a933d710f0c5e05c8e475e7c26a375d4
                                                            SHA512:06d853c501c736fb0a84a1ccb715c1d7737012aa8af51cee84d1e5ea47585040ecd49e3e7223897705d26667425eb4afac399c8c336a2d506ef5b1f9ba4e11cc
                                                            SSDEEP:6144:x/BnfWow+HyE4PdF/O7LzSqpjrxUAWvGq9nCUH7/Fkc:tVfM+HaPdSv5drxUxvJlCE79H
                                                            TLSH:24541282A7999943E407CFF0B7B866064926DF139FF8CEE0BD07C1D1257DA206A9C613
                                                            File Content Preview:%PDF-1.5.%.....7 0 obj.<<./Length 68 ./Filter /FlateDecode.>>.stream.x.3T0.BC.].=.3C.cS=3.s..\.B.=cS.#c.<..,e.......5Qp....B..t..;A..... .endstream.endobj.4 0 obj.<<./Type /XObject./Subtype /Form./FormType 1./PTEX.FileName (/var/tmp/pdfjam-oqoAYf/s
                                                            Icon Hash:62cc8caeb29e8ae0

                                                            General

                                                            Header:%PDF-1.5
                                                            Total Entropy:7.716744
                                                            Total Bytes:278752
                                                            Stream Entropy:7.712870
                                                            Stream Bytes:276791
                                                            Entropy outside Streams:5.325626
                                                            Bytes outside Streams:1961
                                                            Number of EOF found:1
                                                            Bytes after EOF:
                                                            NameCount
                                                            obj12
                                                            endobj12
                                                            stream11
                                                            endstream11
                                                            xref0
                                                            trailer0
                                                            startxref1
                                                            /Page0
                                                            /Encrypt0
                                                            /ObjStm1
                                                            /URI0
                                                            /JS0
                                                            /JavaScript0
                                                            /AA0
                                                            /OpenAction0
                                                            /AcroForm0
                                                            /JBIG2Decode0
                                                            /RichMedia0
                                                            /Launch0
                                                            /EmbeddedFile0

                                                            Image Streams

                                                            IDDHASHMD5Preview
                                                            150c4c603f232b3b1b69b5df9e54583b63c9cad0387ec879c3
                                                            1650020a8192c9cbc96b368a55bbcec9f5b4485a3be7c1d0ca
                                                            190000000000000000fc99a10faa9c7c89d144476ef1ca5fd2
                                                            No network behavior found

                                                            Click to jump to process

                                                            Click to jump to process

                                                            Click to dive into process behavior distribution

                                                            Click to jump to process

                                                            Target ID:0
                                                            Start time:11:04:43
                                                            Start date:24/07/2024
                                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Millich Law.pdf"
                                                            Imagebase:0x7ff6e8200000
                                                            File size:5'641'176 bytes
                                                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:2
                                                            Start time:11:04:44
                                                            Start date:24/07/2024
                                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                            Imagebase:0x7ff79c940000
                                                            File size:3'581'912 bytes
                                                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:4
                                                            Start time:11:04:44
                                                            Start date:24/07/2024
                                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1624,i,5222917639339854965,16251421876046146031,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                            Imagebase:0x7ff79c940000
                                                            File size:3'581'912 bytes
                                                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Target ID:6
                                                            Start time:11:04:46
                                                            Start date:24/07/2024
                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.eaeunion.org/bitrix/redirect.php?goto=https%3A%2F%2F96814a23.3d37a4ae4892daf344c7add8.workers.dev
                                                            Imagebase:0x7ff678760000
                                                            File size:3'242'272 bytes
                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:false

                                                            Target ID:7
                                                            Start time:11:04:48
                                                            Start date:24/07/2024
                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2068,i,9472662628826597003,7473833552396198137,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                            Imagebase:0x7ff678760000
                                                            File size:3'242'272 bytes
                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:false

                                                            No disassembly