Edit tour

Windows Analysis Report
75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z

Overview

General Information

Sample name:	75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z
Analysis ID:	1525106
MD5:	38984a7c2ac3802d4ac0c6d0bfb388e5
SHA1:	4b2c3de7ec9f95a59e1ffb853df4fc18607d178c
SHA256:	ef26675fcf2460ba924c36fc141075e31e827312da5f208b726b50f43c7d8c7e
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Machine Learning detection for dropped file

Switches to a custom stack to bypass stack traces

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

7zG.exe (PID: 5948 cmdline: "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap9639:184:7zEvent17120 MD5: 50F289DF0C19484E970849AAC4E6F977)

75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe (PID: 5028 cmdline: "C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe" MD5: CF03EC0C0C97DEE890502911AC4C3A0D)

Acrobat.exe (PID: 452 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Documento-829FF6CF-E07C-D701-B178-0A934A03C140.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 1348 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 1836 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1612,i,14598653273230916917,1414466432087284256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 2484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1824,i,11757118084596498257,11673603086053957395,262144 /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	Avira: detection malicious, Label: HEUR/AGEN.1315437
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	Avira: detection malicious, Label: HEUR/AGEN.1315437
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	Avira: detection malicious, Label: HEUR/AGEN.1315437

Machine Learning detection for dropped file

Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	Joe Sandbox ML: detected

Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.18:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.181:443 -> 192.168.2.18:49730 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 2MB later: 27MB

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.209.181
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www1.secure.hsbcnet.com
Source: global traffic	DNS traffic detected: DNS query: cdn.hsbcnet.com
Source: global traffic	DNS traffic detected: DNS query: tags.tiqcdn.com
Source: global traffic	DNS traffic detected: DNS query: mwd.hsbcnet.com
Source: global traffic	DNS traffic detected: DNS query: cdn.appdynamics.com
Source: global traffic	DNS traffic detected: DNS query: akamai.tiqcdn.com
Source: global traffic	DNS traffic detected: DNS query: learningcentre.creativevirtual.com
Source: global traffic	DNS traffic detected: DNS query: lptag.liveperson.net
Source: global traffic	DNS traffic detected: DNS query: collect.tealiumiq.com
Source: global traffic	DNS traffic detected: DNS query: visitor-service-eu-central-1.tealiumiq.com
Source: global traffic	DNS traffic detected: DNS query: accdn.lpsnmedia.net
Source: global traffic	DNS traffic detected: DNS query: lpcdn.lpsnmedia.net
Source: global traffic	DNS traffic detected: DNS query: lo.v.liveperson.net

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 40.126.32.134:443 -> 192.168.2.18:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.181:443 -> 192.168.2.18:49730 version: TLS 1.2

Source: classification engine

Classification label: mal56.evad.win7Z@54/60@32/89

Source: C:\Program Files\7-Zip\7zG.exe

File created: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb

Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe

File created: C:\Users\user\AppData\Local\Temp\Documento-829FF6CF-E07C-D701-B178-0A934A03C140.pdf

Source: C:\Program Files\7-Zip\7zG.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap9639:184:7zEvent17120
Source: unknown	Process created: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe "C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Documento-829FF6CF-E07C-D701-B178-0A934A03C140.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1612,i,14598653273230916917,1414466432087284256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1612,i,14598653273230916917,1414466432087284256,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding E4A09C1EA4C9FDDA7ABE8B0648AEDFFC
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1824,i,11757118084596498257,11673603086053957395,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1824,i,11757118084596498257,11673603086053957395,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textshaping.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Section loaded: sxs.dll
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Section loaded: onecoreuapcommonproxystub.dll

Source: C:\Program Files\7-Zip\7zG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z

Static file information: File size 4427418 > 1048576

Source: C:\Program Files\7-Zip\7zG.exe

File created: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb

Jump to dropped file

Source: C:\Program Files\7-Zip\7zG.exe

File created: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	API/Special instruction interceptor: Address: 4034C2
Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe	API/Special instruction interceptor: Address: D1C301

Source: C:\Program Files\7-Zip\7zG.exe

Dropped PE file which has not been started: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb

Jump to dropped file

Source: C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Process Injection	LSASS Memory	12 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Extra Window Memory Injection	1 Extra Window Memory Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label
C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	100%	Avira	HEUR/AGEN.1315437
C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	100%	Joe Sandbox ML
C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	100%	Avira	HEUR/AGEN.1315437
C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	100%	Joe Sandbox ML
C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	100%	Avira	HEUR/AGEN.1315437
C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
cdn.appdynamics.com	3.160.150.62	true	false	unknown
learningcentre.creativevirtual.biz	159.253.212.101	true	false	unknown
collect.tealiumiq.com	3.124.31.143	true	false	unknown
www.google.com	142.250.185.132	true	false	unknown
mwd-hsbcnet-1684476737.eu-west-1.elb.amazonaws.com	52.31.5.138	true	false	unknown
lo.v.liveperson.net	178.249.97.70	true	false	unknown
dzfq4ouujrxm8.cloudfront.net	13.33.187.58	true	false	unknown
visitor-service-eu-central-1.tealiumiq.com	3.77.208.154	true	false	unknown
lpcdn.lpsnmedia.net	unknown	unknown	false	unknown
cdn.hsbcnet.com	unknown	unknown	false	unknown
akamai.tiqcdn.com	unknown	unknown	false	unknown
accdn.lpsnmedia.net	unknown	unknown	false	unknown
learningcentre.creativevirtual.com	unknown	unknown	false	unknown
www1.secure.hsbcnet.com	unknown	unknown	false	unknown
tags.tiqcdn.com	unknown	unknown	false	unknown
mwd.hsbcnet.com	unknown	unknown	false	unknown
lptag.liveperson.net	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.74.202	unknown	United States	15169	GOOGLEUS	false
159.253.212.101	learningcentre.creativevirtual.biz	United Kingdom	61323	UKFASTGB	false
3.124.31.143	collect.tealiumiq.com	United States	16509	AMAZON-02US	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false
13.33.187.58	dzfq4ouujrxm8.cloudfront.net	United States	16509	AMAZON-02US	false
178.249.97.99	unknown	United Kingdom	11054	LIVEPERSONUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
3.77.208.154	visitor-service-eu-central-1.tealiumiq.com	United States	16509	AMAZON-02US	false
34.120.154.120	unknown	United States	15169	GOOGLEUS	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
52.31.5.138	mwd-hsbcnet-1684476737.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
23.201.242.43	unknown	United States	16625	AKAMAI-ASUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
23.201.253.231	unknown	United States	16625	AKAMAI-ASUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
3.160.150.62	cdn.appdynamics.com	United States	16509	AMAZON-02US	false
2.18.64.34	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
2.18.64.12	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
178.249.97.23	unknown	United Kingdom	11054	LIVEPERSONUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.5.13.197	unknown	United States	14618	AMAZON-AESUS	false
64.233.184.84	unknown	United States	15169	GOOGLEUS	false
142.250.186.42	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.18

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525106
Start date and time:	2024-10-03 17:24:59 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z
Detection:	MAL
Classification:	mal56.evad.win7Z@54/60@32/89

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 184.28.90.27
Excluded domains from analysis (whitelisted): fs.microsoft.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: 75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.1820625449749
Encrypted:	false
SSDEEP:
MD5:	DBA33928C6708D5B6055C54E38B5F548
SHA1:	FF05285B2B5F5DC867DF642ACE5400CD763FBDD7
SHA-256:	B24F669F48EFCB9E30C272E67F37EB636A7035AF01ABE694B04A840D1164F737
SHA-512:	804E640BADEEC19C6971B025FC849E62188496F6E00E5BEA67D4FEDF87D414D1180974E3DFFA2C0C9B8F62D4EF71B918001937F8354763C7F1B3122D6F74A76E
Malicious:	false
Reputation:	unknown
Preview:	2024/10/03-11:26:18.618 48c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/03-11:26:18.622 48c Recovering log #3.2024/10/03-11:26:18.623 48c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.188610847014683
Encrypted:	false
SSDEEP:
MD5:	BB544C47687913D24E0DC295D3A6DF28
SHA1:	93FBDE261655E8C9D5C5A3D94EED1E291BAF12BF
SHA-256:	72B7122F311DDB19547725A755597E31CFAB9609107ED0804B92712A5F9E141A
SHA-512:	FAB9D36E13DBFA361872CDFE1B08B59786C6846ABDD4FA8A5E62CB0AD8C45DFAB073DB38944FFEA5FC258436ED3ECA572FE4272411C93ED8CA500115A823C019
Malicious:	false
Reputation:	unknown
Preview:	2024/10/03-11:26:18.508 f90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/03-11:26:18.511 f90 Recovering log #3.2024/10/03-11:26:18.511 f90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\07603903-172b-4efc-9234-714616b5df0b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	444
Entropy (8bit):	4.965890839051137
Encrypted:	false
SSDEEP:
MD5:	F7FE7373C6BF491F7FB5503B1946A187
SHA1:	E4C034D326E6E61A62267D17037D5FB55130C3A0
SHA-256:	67729BCE805ECDF07BDFBA3CD79C712921E95EC7CDFF28701A863287EABA4227
SHA-512:	3AB6C092C06D82CEFB212B669F501BA0D484BA58692917B7A9991EB8C7FBB894C9D8D6D2E228E2D56F9FF397588795184AD514DE29208BFFCE14A349C5B4B963
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372529184212085","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.18","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	F7FE7373C6BF491F7FB5503B1946A187
SHA1:	E4C034D326E6E61A62267D17037D5FB55130C3A0
SHA-256:	67729BCE805ECDF07BDFBA3CD79C712921E95EC7CDFF28701A863287EABA4227
SHA-512:	3AB6C092C06D82CEFB212B669F501BA0D484BA58692917B7A9991EB8C7FBB894C9D8D6D2E228E2D56F9FF397588795184AD514DE29208BFFCE14A349C5B4B963
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372529184212085","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.18","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	7914
Entropy (8bit):	5.241543748105332
Encrypted:	false
SSDEEP:
MD5:	D7C2562B6ADBFFBA757D73DC2AEC922C
SHA1:	1094BAB28B9FC0E149BAE0D762D6FF9C854063DA
SHA-256:	76752889A4C4B70474F7674927B181745237B57372CD7F68842CD518B7BDE36F
SHA-512:	6FEC5061309938AB06BE52BE53630FD933909084058D2F8F34A53E9B2EE2163C26E0B00A8FBBC2A00187F7148F40FFA2CEFDBF71B4D979F1D2B6439E7EFC99BA
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-...o................next-map-id.1.Pnamespace-5767294d_7b9a_47c6_b1e0_955ef27d1acf-https://rna-resource.acrobat.com/.0=..Nr................next-map-id.2.Snamespace-0be79751_1d4a_40c3_9b57_40751dcd8802-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-90f7539d_81d9_41c2_b2e3_1ee7ed96c7c7-https://rna-v2-resource.acrobat.com/.2S.<.o................next-map-id.4.Pnamespace-1700ec5e_d769_43b7_97b8_3e6ca674d396-https://rna-resource.acrobat.com/.3...^...............Pnamespace-5767294d_7b9a_47c6_b1e0_955ef27d1acf-https://rna-resource.acrobat.com/D..#^...............Pnamespace-1700ec5e_d769_43b7_97b8_3e6ca674d396-https://rna-resource.acrobat.com/....a...............Snamespace-0be79751_1d4a_40c3_9b57_40751dcd8802-https://rna-v2-resource.acrobat.com/B[_.a...............Snamespace-90f7539d_81d9_41c2_b2e3_1ee7ed96c7c7-https://rna-v2-resource.acrobat.com/.^..r................next-map-id.5.Snamespace-cc1e5959_9927_4cd0_b606_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.231264107777605
Encrypted:	false
SSDEEP:
MD5:	0DC5A0DAC31D7ACCC6668E00497BFB3A
SHA1:	D4A3185B21B343C2F8C3482B8653E354D7B1E2DF
SHA-256:	8AF159E9C07BEAD953D2D92B5E053D80AABFCC7D397EAFA0AE333E094B1D3BF6
SHA-512:	E02CC20F65052BF698DA05C01D27120D11D8800F96EA5CF1BCD7EC565A9E64DFA16B1B0753D4817BACF95E3728FA0FD45D0D0FBA887947B3BB6DB39889F524E6
Malicious:	false
Reputation:	unknown
Preview:	2024/10/03-11:26:18.657 f90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/03-11:26:18.659 f90 Recovering log #3.2024/10/03-11:26:18.665 f90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1512

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	222646
Entropy (8bit):	3.0521540019108944
Encrypted:	false
SSDEEP:
MD5:	8BABC200CA918F86BC239770A75FB9AD
SHA1:	0DDBAA89A50B45E9C9ACF02BC65D5E1C0761ECE2
SHA-256:	D6A0B06A2FBF82B9F9F67CA3F3EC1B13D8EC342241B9FA95FC0F15069156AEF5
SHA-512:	CE02BC6EF55A7C2973F7876030E3B3D2B231C65D7DDF7DB060E92D299DE546CB774744195072A54A4D46F4B70E6AE08E3C66261AD57EBF7E0406DE0AD4558533
Malicious:	false
Reputation:	unknown
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2145
Entropy (8bit):	5.06661119022968
Encrypted:	false
SSDEEP:
MD5:	EB90BFD73C53F748E4B5782253D04161
SHA1:	43C144DC585AA09BE2D2EA5654C19F797F0948BD
SHA-256:	E44AF07C9BC5BBFE1FC4CA8E37B09A0DB239AB2BD3B3DC8A3A9EE12F57B5D470
SHA-512:	8F29B72B3F2699A89B72A6B9EE9B914654617F15FF49FC4448B85F6656E6B395EE9480DB32A4D4A80BFE45449AC492D1313334F199A14A57ADC4BCC425184E7D
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1727969181000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"01eb7911f211f4693beb5a79b2a18854","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696588827000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"900e573f0ab53de19954c021a335b146","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696588827000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"7514c236efca6af335037a3a44f16d18","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696588820000},{"id":"Edit_InApp_Aug2020","info":{"dg":"86e22ceb9cad2eeb0f3b25cdd1ad5290","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1696587289000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"27dcde2e0480584fb77b8d55dd8c344e","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1696587289000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"a37

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 28, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 28
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.4590907310907641
Encrypted:	false
SSDEEP:
MD5:	32DDCDB6489D90ED6C05C5A2619705D8
SHA1:	3BDB75E868EBC4E6897A419EAA929E3081E0930C
SHA-256:	4BA46231E2B944F463AB6C45B58A18BE523161A29311E3EC43455905AB238FDF
SHA-512:	7A086737107821BF0C42FA5A683404898A01F49119AD557AC11E8D7CABD8B71282C81B55383738F1A92D326240E7F89A38DF2937BC6BFC38A3F38F4864BADDC3
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.9618656023389358
Encrypted:	false
SSDEEP:
MD5:	BC92C898457F8E5021EEFC6162476D34
SHA1:	EC87016C6C322EA99A9C11B5226728A59CC2D99C
SHA-256:	F71F0EE4EFD57399FC963B60321106706C51A514DCD18A748029C1C9D0CE6EE5
SHA-512:	AE7CA87AAF133EB6A6D104E4648CAEBFAC5B6473EE6BB56FF16E996604718DC047FF3E51EEDBA8A0CDA7B8840B8AE8A54C4DFA08C6B51B3F2006A9DBA9E31921
Malicious:	false
Reputation:	unknown
Preview:	.... .c....."LXr..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Documento-829FF6CF-E07C-D701-B178-0A934A03C140.pdf

Download File

Process:	C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.exe
File Type:	PDF document, version 1.5, 1 pages
Category:	dropped
Size (bytes):	1117
Entropy (8bit):	5.236891810185404
Encrypted:	false
SSDEEP:
MD5:	D5DF8FBB09F1FC9C6FE81133B5889201
SHA1:	29259F9ED035F65FA6722516E0769B4685D16837
SHA-256:	0F4858E233B3320CAB39DF9867322D943C90B5B60677E280E232FEAE5AD45928
SHA-512:	9D23C27A9088CDA2DFC45F76C38BA1A19FFA2B83C7D40C6DD3ADFB7BCB04C498A1DD27EEE0B263EF0AC1E718C2F6B8D0B3557B640461135F220394A8E733E80D
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.5.%.....2 0 obj.<</Length 3 0 R/Filter/FlateDecode>>.stream.x.3.3T(.*T0P0.30.P034.47T0...E.\.Z.y\........endstream.endobj..3 0 obj.45.endobj..5 0 obj.<<.>>.endobj..6 0 obj.<</Font 5 0 R./ProcSet[/PDF/Text].>>.endobj..1 0 obj.<</Type/Page/Parent 4 0 R/Resources 6 0 R/MediaBox[0 0 612 792]/Group<</S/Transparency/CS/DeviceRGB/I true>>/Contents 2 0 R>>.endobj..4 0 obj.<</Type/Pages./Resources 6 0 R./MediaBox[ 0 0 612 792 ]./Kids[ 1 0 R ]./Count 1>>.endobj..7 0 obj.<</Type/Catalog/Pages 4 0 R./OpenAction[1 0 R /XYZ null null 0]./Lang(en-US).>>.endobj..8 0 obj.<</Creator<FEFF005700720069007400650072>./Producer<FEFF004C0069006200720065004F0066006600690063006500200036002E0034>./CreationDate(D:20210102000811-06'00')>>.endobj..xref.0 9.0000000000 65535 f .0000000229 00000 n .0000000019 00000 n .0000000135 00000 n .0000000371 00000 n .0000000154 00000 n .0000000176 00000 n .0000000469 00000 n .0000000565 00000 n .trailer.<</Size 9/Root 7 0 R./Info 8 0 R./ID [ <986F009E4EA5EF31957482B6

C:\Users\user\AppData\Local\Temp\MSI6ad25.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5178552411299933
Encrypted:	false
SSDEEP:
MD5:	D05242540DD9DF41B79E8F46772A0E26
SHA1:	5B80E35610FB2F881C69522376C0681F0F3EF575
SHA-256:	4041400A49F9B8883FF3C7DB66FB69A6E70BC7EA1ECABF0306C15F74D825281F
SHA-512:	D93E5944205E1D9CC311749A385AB34233FFE85667B87B9218DFD9B9630980A6F78245A75CD03362C2F1709B87165FF094BE88A6E0DD36DC943989A67153C795
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.1.0./.2.0.2.4. . .1.1.:.2.6.:.2.5. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-03 11-26-20-883.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.352085917943317
Encrypted:	false
SSDEEP:
MD5:	E89CDF7025B70E5A72FFC801BADFB345
SHA1:	2C55C26FD5231BEBD6531BDB7962D12BE288A1BB
SHA-256:	2A90DFB97133E5C0219784D1C4A94C0DC45AE4787C40CFE6894A59D94C4FB88C
SHA-512:	22621DFF9C688C4B0BB3237350959B4357C65D1796834FC23E6636B4975BE942A969F7DB05E8FC10102DEBF93ED662BE28FC649B2456EB4B659EC84BF8E93621
Malicious:	false
Reputation:	unknown
Preview:	SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.362234405129262
Encrypted:	false
SSDEEP:
MD5:	8378550A30D1679E937A6D30C5873C57
SHA1:	3047D874A35B1AB327107FEB5261E422C883866D
SHA-256:	CEA89FC1DDA668B347E713DB236FAE90FA8306C66C4986CBA3B93B8898468465
SHA-512:	DCD63EBDCB1BA23DC272A9DBC9A154F4DC7CF7B2B28D5C32AED5BC31807455A5420A08623B4247D3AF38FE06AE0C6056C5CE307660CFA0A766A6A826C913FD1A
Malicious:	false
Reputation:	unknown
Preview:	SessionID=891b84fa-2cb1-4772-bae0-3dd716ff5cda.1727969180896 Timestamp=2024-10-03T11:26:20:896-0400 ThreadID=5948 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=891b84fa-2cb1-4772-bae0-3dd716ff5cda.1727969180896 Timestamp=2024-10-03T11:26:20:899-0400 ThreadID=5948 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=891b84fa-2cb1-4772-bae0-3dd716ff5cda.1727969180896 Timestamp=2024-10-03T11:26:20:899-0400 ThreadID=5948 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=891b84fa-2cb1-4772-bae0-3dd716ff5cda.1727969180896 Timestamp=2024-10-03T11:26:20:899-0400 ThreadID=5948 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=891b84fa-2cb1-4772-bae0-3dd716ff5cda.1727969180896 Timestamp=2024-10-03T11:26:20:899-0400 ThreadID=5948 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35814
Entropy (8bit):	5.40276659933856
Encrypted:	false
SSDEEP:
MD5:	DE31F3D8C8CA141D2E7E115484CD4F1D
SHA1:	8EFD8A8658FC77E0996D59E3DB203C9304D4CE1D
SHA-256:	32079807DBB0083EBB79F1F8EBADFC3EEA8E4B8ED6B17750D6E80C384161CF90
SHA-512:	DE19949F3A2204484B21EE1DE8A3A07307118D5658DF6E92CF32BDEC09891CFFFAAA7946296F9971D31C80FFC6E6DDE87F785B66C9536CBAD36A14B4ADB16E09
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 12:14:34:.---2---..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 12:14:34:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\3c2f4f5a-1b32-47ad-b7a6-34f61f2726e2.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\4b4cfb5f-5948-40c7-b796-9008b3fdfa8f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
Category:	dropped
Size (bytes):	684206
Entropy (8bit):	7.978753154520273
Encrypted:	false
SSDEEP:
MD5:	EE384F0FA482A9E5FCBBDE6E26F1A411
SHA1:	8D25C5802FFBF3A12BC5E4D537CA6B14DD2C6143
SHA-256:	E38CFE06C386A45599244CAD242FA5263A695A041754ECA64A6CC4527D4728C2
SHA-512:	CA00718B152A57284F5722CE4065FBE67BC9189085D01954C2090257C6BBBFBF92C7372751AC657D2E00B20B838ADBB755BBB298431CF565806E422C90BAA264
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\86eb2d1a-8858-47c7-a68f-01b9dd8fdb94.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	774036904FF86EB19FCE18B796528E1E
SHA1:	2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
SHA-256:	D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
SHA-512:	9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
Malicious:	false
Reputation:	unknown
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\c715ed5c-04c8-44b7-83bd-53e18a7efd5e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
Category:	dropped
Size (bytes):	208828
Entropy (8bit):	7.9773701100328
Encrypted:	false
SSDEEP:
MD5:	F2054DE97AA3E82A99E23D472DA05CD7
SHA1:	50FCC980E7A092E8E34276D1C820645A8D5E51BB
SHA-256:	C68DF42079E0B101594AEB8016AC5D953DD530E45811DD14D3B950230E193930
SHA-512:	5758C4D13FBFAE9A9E03AFB934DF4068F6AF3AA929D9972D10A967608621284BF71CD63573BA5769244F5CA49A5C7B2D2DCFB01BD881ED2F876BF09C52B6C5F6
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\d583c684-d7b8-49fa-8699-5d5cd98bad31.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 14:26:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9745974745204107
Encrypted:	false
SSDEEP:
MD5:	F60E97F50082775959E8896C1B873783
SHA1:	E158D5853FB5CA9BB0798F15E0B329FCBACAA5AE
SHA-256:	67B096E7BE6B3A7436B5D10A2D97AA7AA09CD548993C2C9971AD15F94746DEA1
SHA-512:	FA8AD41EF5E1262F98F8C818717DB92C82AEC58CF1DCEDB4820917BE0D3FDB953E9BB625D306871F720868A76324222EBDE9CD8890AC7C1CA170204B7CA270FF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......<.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ICY({....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYU{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VCYU{....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VCYU{...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCYW{.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........kXP......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 14:26:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9903593113328064
Encrypted:	false
SSDEEP:
MD5:	A7FE829687F6911A41414E98AAD4611A
SHA1:	8267295946A98858C11E005DFA73D78FCD78FA4E
SHA-256:	565FD42356F9003640DA1ECCE9A6002DF34B68EF16C6AC8B89B10F5BA28F1F8F
SHA-512:	0CCF1073D6AA7D4668FD53CEF8FCD2384E9BA21C27D18EC2706A8BC49385344C8605DBF23D327C90591CEA2FEAC3B0EA655B7462FABF7C607DD6E54C7BB0B6A2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....]v0.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ICY({....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYU{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VCYU{....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VCYU{...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCYW{.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........kXP......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	3.9988685611668418
Encrypted:	false
SSDEEP:
MD5:	2AD90747535C00DFF656E4737E41FD67
SHA1:	FF842A0FDD72531994920EA6BDB5B3FA92FF0F18
SHA-256:	A034206A3DBC9C467BE25FABCCEC456FFF7EA62CD452F0BCCCFBC51D155642BD
SHA-512:	62279E2FA7C9BC0AC9CB8F2ABECF1AF6940D9B372A94B90C3FFC25AC89E961B9601F05C88E0EA2B8305B07CCD378EC5BDB22457CCFF5027A5D34D4B6953114C7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ICY({....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYU{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VCYU{....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VCYU{...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........kXP......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 14:26:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9882003745863703
Encrypted:	false
SSDEEP:
MD5:	580CD70920FFAC552788E6F152E59BF2
SHA1:	F2D10BB2F9374F917AE2571981FAAC283911D895
SHA-256:	77D1C387754385026419F712DA5CF98FEF2BBE7C36BCF521C77FDF5EFB5FEF49
SHA-512:	A79D0BE32E87692BDDA90C7D3D31BADEE7321805A6AA28D5A305DA99DC4BDACEA934789A80EA7E0E682E5B11413729FB51F4CE95580AA9E7E2130FFAEF4E8C74
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ICY({....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYU{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VCYU{....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VCYU{...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCYW{.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........kXP......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 14:26:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9741027046801123
Encrypted:	false
SSDEEP:
MD5:	550132FC8D10DB89412EBE5F6EC27602
SHA1:	D2245B29D4D1EAF905E5665C46E13FD719D9E8D6
SHA-256:	4C3002B2E876EA5377A150F8FE4AE9EEE74CDA59B49824F51638C0AAD5BC692E
SHA-512:	2A8C2AEC950A0A40B5CEBD62F2C25C8B843807A9F782B0AB4FCC264FAE80E590EA4CC22D7E103C5A82B21AB693CE271DC3698541377134B61296C1CF9CF2BB02
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....=.7.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ICY({....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYU{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VCYU{....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VCYU{...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCYW{.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........kXP......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 3 14:26:44 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9844675230175395
Encrypted:	false
SSDEEP:
MD5:	773492DEDFEA5001805382E739D4ED4D
SHA1:	E926E9FE232809DC11FD6FB49EECC0BEDDF9CFDC
SHA-256:	823821395DB9BB50381410FCD7382A3B1DE808907AF0C141DD331B3043D2F678
SHA-512:	110E0AC4BE7EA5C84947B36AB6ECB73DFDC7D90FC5F1721740F47A583972A63BA195E43DAEBF28632504798DB510E88E5CF4CEC6E59AE6B512E224C28A75FDFB
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,...... .........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ICY({....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VCYU{....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VCYU{....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VCYU{...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VCYW{.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........kXP......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb

Download File

Process:	C:\Program Files\7-Zip\7zG.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6798336
Entropy (8bit):	6.913276991271088
Encrypted:	false
SSDEEP:
MD5:	CF03EC0C0C97DEE890502911AC4C3A0D
SHA1:	B945EF94D51993AF0F34A21BFC5D509F2B34A04A
SHA-256:	75C6A7EE973B556A2A3914A9E4B18BC019636E70FB6F4C2F8C6F7DA0AF050CBB
SHA-512:	1DC33DBC1A64FF4552901494FC9FFB5FBB214FA4DFDE9243565B7C2569A76B9EFA66E11C8EDB3D3AA04FDFF8F1ED47AAB183C79269B71B8E48CD7D121E043F4A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......eU!.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.!4O.Rich!4O.................PE..L....j.e......................e......#............@...........................h...........@.......................................... A.x.&...................g.h.......8............................................................................text............................... ..`.rdata..............................@..@.data....p4......X4.................@....rsrc.....&.. A...&...@.............@..@.rtext... ....g.. ....g............. ..`.reloc........g.......g.............@..B................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 197

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	4226
Entropy (8bit):	5.505055010270486
Encrypted:	false
SSDEEP:
MD5:	DB8C774510142D7A510F9DD71FA280DE
SHA1:	92EFD0FD42B82E71DBA787304D011610AFA36614
SHA-256:	A2025E4C1F13482ED51648FBC9DCC6900AC5525DCF427B3B2743567AFF7E7D9E
SHA-512:	5F5D346D633BB82FB93DDAD7E767DBCA3031EF85728A6761A5DA97A1DE3880F438CBB7C7A9602E24AB5E6240478C3953F19B186DEA471F8B8621A1DA75403D5B
Malicious:	false
Reputation:	unknown
URL:	https://www1.secure.hsbcnet.com/uims/dl/DSP_AUTHENTICATION;jsessionid=0000uooLOqxdfUqqnpkmOvlF_LA:qOqHx30To
Preview:	....<!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<meta http-equiv="X-UA-Compatible" content="IE=edge" />...<meta http-equiv="Pragma" content="no-cache" />...<meta http-equiv="Expires" content="-1" />...<meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no">...<meta name="theme-color" content="#3e505d">...<meta name="geo.position" content="40.7808;-74.0651" />...<meta name="geo.region" content="US" />...<meta name="geo.region.sub" content="NJ" />...<meta http-equiv="Cache-Control" content="no-cache" />...<meta http-equiv="Cache-Control" content="no-store" />...<title>HSBCnet</title>...<link rel="manifest" href="//cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/manifest.json">...<link rel="shortcut icon" href="//cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/favicon.ico">...<link rel="apple-touch-icon" sizes="152x152" href="//cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/8

Chrome Cache Entry: 198

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (645)
Category:	downloaded
Size (bytes):	98336
Entropy (8bit):	5.3888091725912055
Encrypted:	false
SSDEEP:
MD5:	CB9C6CF144AAE7C0F5B835338F0C353C
SHA1:	CB86FC4A306ED698826058DD7466E928EF5E805A
SHA-256:	301F26A595A9ED91E0F27032B37A3F4D0B12FF8049931C6AC150F2A91F46C9EB
SHA-512:	5F3EED00E261926A98E9E75B0A2E6F340C1C421E691841CA123CC22824ED05A516067781346B2921F2530209CBFF4FD25ACC3817B23E28F21D96A7D788D276BA
Malicious:	false
Reputation:	unknown
URL:	https://cdn.appdynamics.com/adrum/adrum-4.5.16.2862.js
Preview:	;/* Version 0b7e674abea3ef7abbf429b21fbb038b v:4.5.16.2862, c:3e8c1156c50eec9e2b2818804a80128887eb2838, b:4.5.16.2862 */(function(){new function(){if(!window.ADRUM&&!0!==window["adrum-disable"]){var k=window.ADRUM={},B=window.console,x=B&&"function"==typeof B.log?B:{log:function(){}};window["adrum-start-time"]=window["adrum-start-time"]\|\|(new Date).getTime();var v=this&&this.zc\|\|function(){var a=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(a,l){a.__proto__=l}\|\|function(a,l){for(var e in l)l.hasOwnProperty(e)&&(a[e]=l[e])};return function(b,l){function e(){this.constructor=b}a(b,l);b.prototype=null===l?Object.create(l):.(e.prototype=l.prototype,new e)}}();(function(a){(function(a){a.setUpMonitors=function(){for(var a=[],b=0;b<arguments.length;b++)a[b]=arguments[b];for(b=0;b<a.length;b++){var c=a[b];c&&c.setUp()}}})(a.monitor\|\|(a.monitor={}))})(k\|\|(k={}));(function(a){(function(b){function l(a){return b.refs.slice.apply(a,b.refs.slice.call(arguments,1))}function e(a,m)

Chrome Cache Entry: 199

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (487)
Category:	downloaded
Size (bytes):	159257
Entropy (8bit):	4.821587028279179
Encrypted:	false
SSDEEP:
MD5:	72940708D9DAEA74B9AAA11F0563F9E4
SHA1:	89F27657B798C53D564189FD407B9EB15A899492
SHA-256:	1CD793A85694B570613ECB1547E3A9584E02A31F2787EFFA07ACA1D3B266A6C0
SHA-512:	543AED62BFF9D0BED0931147D53670E80403304A4B513F6CB841BA20FADC505135029E53E945799C0C0021A9221AAC71C4C88218F32CD9D70337CA60D2E6E948
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/locales/en/translations.js
Preview:	window.dtcAuthUiNls = {. information: {. loading_accounts: 'Loading',. loading_tool: 'Loading',. },. header: {. brand_name: 'HSBC',. },. switcher: {. you_are_logged_on_as: "You're logging on as ",. user_name: 'User name',. switch_user: 'Switch user',. not_you: 'Not you?',. },. footer: {. online_security: 'Online security',. hsbc_global: 'HSBC Global',. customer_support: 'Customer support',. t_n_c: 'Terms & conditions of use',. privacy_n_data_protection: 'Privacy and data protection statement',. condition_of_lang_use: 'HSBCnet condition of national language use',. cn_icp: '.ICP.15029387.-1',. disclaimer:. 'No endorsement or approval of any third parties or their advice, opinions, information, products or services is expressed or implied by any information on this Site or by any hyperlinks to or from any third party websites or pages. Your use of this website is subject to the terms and conditions governing it. Please read th

Chrome Cache Entry: 200

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 20992, version 1.0
Category:	downloaded
Size (bytes):	20992
Entropy (8bit):	7.977048617579941
Encrypted:	false
SSDEEP:
MD5:	22056770E599073FE275B44B1D9EF0A6
SHA1:	878B92CDE14222D22D68DBD69A8B47D67DB82CB1
SHA-256:	9D5FF077065DA224E21EDFC26DDFE5520962C39A6A9B7653B82E14EC3D860A86
SHA-512:	56C512D5A8A8CE7419A72F6A03B2CECCD1925AD25E6F07037E5C394C69CED57C1B89F8E4250F11D0468EEEB38BB656B66DE26ADC46BE774D8E4A3C61FF85AEBB
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/assets/fonts/univers.300.woff
Preview:	wOFF......R........L......N.................GPOS...X.......x!}&.OS/2.......R...`i..&VDMX...p...p....p/w.cmap.......g......A.cvt ...H...i........fpgm.......+...P...glyf......1...N....1head..B\|...6...6..D.hhea..B.... ...$....hmtx..B.........._2.loca..D....\.....%[$maxp..G@... ... ...!name..G`.......W...zpost..M........ ...2prep..M0......./..[.x..W[hTG...e7{.^Z....J.h.Zl.H/b.FC...BKK1-"........bA./.%....k_.R/.>.Q.,.4O%...d..\|.d...n6....3._....N..H..~..sW.A.?z......q..;......mowW;........>...O....?q..j..v...K.@....X.x.g..H.^./>....m...b$......Nc.Q].(.P..Y......F/..:.0...u.[.n..C..c..F.<.x..G.?O...Co....v.oy.6E..9...#M/....}.=f..3..V.Uz.^.....O...._..t..b-.3.,/S.....b{\.E...z..7......3b...$~..Q>.(.._?...<.r..Z...E...N..l'..3c...0...Yw.JR.._...O....F...W......K...a..3.v....bv.g..\|).a....f.a..5o.w...*.Jz6...Y..,......U.;....$..Z...>6.YV.M.>1<G$...(.........(.Xi..1V.S\|.6Zi....=M...phu-g..f........!..Q....h=5..Vz}....u..6"!....G.b.%..(.9y$.-C..d...2.xC.&V.

Chrome Cache Entry: 201

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4285)
Category:	downloaded
Size (bytes):	4290
Entropy (8bit):	5.831382516012787
Encrypted:	false
SSDEEP:
MD5:	867E856D172B69DBC1F5056AC2C55122
SHA1:	7E12EF56268E09E58C8D4BD8A7E250856566410A
SHA-256:	4660B049686BF8EB3F578063479198D3014F6840B71A272B7532644AFCB18F5C
SHA-512:	6F0B2953AC56C9CFB96F009131E83F89568B17F2C5B6D7D4819DB59DF245BAB4C1CB131D5C0DDB3F63B2BE5004A50BA0C46C7D4EA44C82F9BD8E2AF7A78C95A2
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["dock workers strike ports","boston bruins jeremy swayman","cavern quest monopoly go rewards","silent hill 2 remake review","cvs layoffs","karl anthony towns knicks trade","james webb space telescope","lottery mega millions powerball jackpot"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWZxMjIxaG5xEjFKZXJlbXkgU3dheW1hbiDigJQgQW1lcmljYW4gaWNlIGhvY2tleSBnb2FsdGVuZGVyMuMSZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBQUNBd0VCQVFBQUFBQUFBQUFBQUFBRkJnSURCQWNCQVAvRUFEa1FBQUlCQXdNQkJnTUZCZ2NCQUFBQUFBRUNBd1FGRVFBU0lURUdFeUpCWVh

Chrome Cache Entry: 202

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Algol 68 source, ASCII text, with very long lines (968)
Category:	downloaded
Size (bytes):	368888
Entropy (8bit):	5.692147174900159
Encrypted:	false
SSDEEP:
MD5:	DAEA3AFDC46E8BFC6ABD81F9924ABDDA
SHA1:	5F4F59ECE7E0DE052269379DA70197CBC4A58536
SHA-256:	244599CED8BC6E5274D57DDE3ED32D8176EC1D80694D1C11F675DCE27B12E9D1
SHA-512:	30BE26F201DBBF0378E37DA2515D6C73BC80956907C539DB1C2C01435D06EF63A0CD8EDCC60CC1D7CC050780BD3C3FC742931DA8F913441DDFC68559EB643EBD
Malicious:	false
Reputation:	unknown
URL:	https://mwd.hsbcnet.com/scriptdealer/script/v1/6vetgs/login.js?clientId=5c231782-4a6b-44ce-8212-902c39c6ef18
Preview:	(function(){var ejcl={cipher:{},hash:{},mode:{},misc:{},codec:{},exception:{corrupt:function(message){this.toString=function(){return"CORRUPT: "+this.message};this.message=message},invalid:function(message){this.toString=function(){return"INVALID: "+this.message};this.message=message},bug:function(message){this.toString=function(){return"BUG: "+this.message};this.message=message},notReady:function(message){this.toString=function(){return"NOT READY: "+this.message};this.message=message}}};ejcl.cipher.aes=.function(key){if(!this._tables[0][0][0])this._precompute();var i,j,tmp,encKey,decKey,sbox=this._tables[0][4],decTable=this._tables[1],keyLen=key.length,rcon=1;if(keyLen!==4&&keyLen!==6&&keyLen!==8)throw new ejcl.exception.invalid("invalid aes key size");this._key=[encKey=key.slice(0),decKey=[]];for(i=keyLen;i<4*keyLen+28;i++){tmp=encKey[i-1];if(i%keyLen===0\|\|keyLen===8&&i%keyLen===4){tmp=sbox[tmp>>>24]<<24^sbox[tmp>>16&255]<<16^sbox[tmp>>8&255]<<8^sbox[tmp&255];if(i%keyLen===0){tmp=tmp

Chrome Cache Entry: 203

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (59482), with no line terminators
Category:	downloaded
Size (bytes):	61538
Entropy (8bit):	5.58454865880502
Encrypted:	false
SSDEEP:
MD5:	81AA6535BCF18D48EEEEF94E0D71DD37
SHA1:	335A904E41659373CB27C2E54E31ECFCF437BAE0
SHA-256:	8AB8E0DA541B1399FA1D9CCA94A4ED53C46C4DF4338668659BEF142569DA2946
SHA-512:	B5C1539676A8B7F8CB55711B2F794A82191E3499F69D98572E694F5C03952887ACAD650C0AB7559635BAAB4AE22998990D4ADA03499FF70BC9AF3487A0723127
Malicious:	false
Reputation:	unknown
URL:	https://learningcentre.creativevirtual.com/emb/va.min.js
Preview:	var cvjq,VAMD=function(e){var t={},a='<div class="va-pod-wrap"><div class="va-trigger-pod"><div tabindex="0" class="va-trigger" role="button" aria-label="Need help? It will open a modal window." title="Need help?"><p class="va-title-opened">Need help?</p></div></div><div class="va-wrap" aria-hidden="true"><div class="va-ico-pod"></div><div class="va-header-wrap" aria-hidden="false"><div class="va-header clearfix"><h2 class="va-page-title" title="HSBCnet Help">HSBCnet Help</h2><a href="#" role="button" aria-label="Close" title="Close" class="va-close"></a></div></div><div class="va-body-wrap" aria-hidden="false"><div class="va-body clearfix"><div class="va-clm-left"><div class="va-tabs va-tab1"><div class="va-tabbing"><button class="va-tab va-tab1 active" role="tab" aria-controls="va-tab1">Support links</button><button class="va-tab va-tab2" role="tab" aria-controls="va-tab2" lang="en">FAQs</button></div><div class="va-tab-content"><div id="va-tab1" class="va-tab va-tab1" aria-hidden="f

Chrome Cache Entry: 204

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 205

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	18
Entropy (8bit):	3.725480556997868
Encrypted:	false
SSDEEP:
MD5:	6C98BE5FDA77913799E8EF24B86A7ABD
SHA1:	2C9A2A706436C6C8D7C0B7EEAF9C02CE47EEAB4D
SHA-256:	D753F8EE126736431A1CD8170DBFCF94F553EEB1D24F2BAA7C66474A80D0E559
SHA-512:	CBADF29D30B03488E33E239A2B0B1D6F74234BFC05539B99F8F08EE58361D5117E7F030FE5E83FCB752D1E1603D7AB3A6C148D777637659838D6DBF14E69BE41
Malicious:	false
Reputation:	unknown
URL:	https://akamai.tiqcdn.com/location/location.js
Preview:	//Region: Global.

Chrome Cache Entry: 206

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	19256
Entropy (8bit):	3.533406715217127
Encrypted:	false
SSDEEP:
MD5:	D0289DC0A46FC5B15B3363FFA78CF6C7
SHA1:	29C400BC3B89F6085766DAC4E0330DED5CB73D52
SHA-256:	A20583C81805FE64F7FA210851CE29754AF9D25FD6AA5A3225A9557529602513
SHA-512:	10A9CD6FD64B8107DB8B058EB8C4CC0FE23BB5C13A91D40CAF93D323F4A15F1B34463BF0EACB0239C6DBD699EC6C49A8625E86CEC674CC7B351509155B889E7F
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/static/media/ft-ghs.d0289dc0.png
Preview:	.PNG........IHDR.....................pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

Chrome Cache Entry: 207

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17493)
Category:	downloaded
Size (bytes):	17696
Entropy (8bit):	5.219886443190762
Encrypted:	false
SSDEEP:
MD5:	22B9075B549166EEA9D9D2D58CA8CA0B
SHA1:	323648625F3313E3A4DEDBC7191FBCA85E4AB438
SHA-256:	F4F760CDDD9E1582B5C33F04B1A98D42E655CEE85B3150F9F39FF60C13FE767B
SHA-512:	FF412DA4E6795B7CF8579742077F0829229DDE2E781728D92F5B80A3F8BC7136F12620F1BA1C3E8649008B733223348AE3E3488935417158738AE8D4AE687F71
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/vendor/xm/require.js
Preview:	/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.. * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE. /.var requirejs,require,define;!function(global,setTimeout){var req,s,head,baseElement,dataMain,src,interactiveScript,currentlyAddingScript,mainScript,subPath,version="2.3.6",commentRegExp=/\/\[\s\S]?\\/\|([^:"'=]\|^)\/\/.$/gm,cjsRequireRegExp=/[^.]\srequire\s$\s["']([^'"\s]+)["']\s*$/g,jsSuffixRegExp=/\.js$/,currDirRegExp=/^\.\//,op=Object.prototype,ostring=op.toString,hasOwn=op.hasOwnProperty,isBrowser=!("undefined"==typeof window\|\|"undefined"==typeof navigator\|\|!window.document),isWebWorker=!isBrowser&&"undefined"!=typeof importScripts,readyRegExp=isBrowser&&"PLAYSTATION 3"===navigator.platform?/^complete$/:/^(complete\|loaded)$/,defContextName="_",isOpera="undefined"!=typeof opera&&"[object Opera]"===opera.toString(),contexts={},cfg={},globalDefQueue=[],useInteractive=!1;function

Chrome Cache Entry: 208

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	6560
Entropy (8bit):	5.1515555441544585
Encrypted:	false
SSDEEP:
MD5:	34C65AAD225A4A8847542BADEEC22830
SHA1:	C0A39C3CC2D14501B66055A66D2362E28D4C56C5
SHA-256:	2DBF4DAAAF5FCC885C08E2652381335557E0A1F8953C78BB2FF68A98A5C092B6
SHA-512:	C4E9906F18D26F2239ADB21129630AA79C471E5BFF2A37174F041E8D80E13308461CF3C60C31BD146366EC8530A466969995D27B36437B187CF9814A8F75175D
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/assets/styles.css
Preview:	@font-face {. font-family: 'UniversNextforHSBC';. font-style: normal;. font-weight: 300;. src: local('Univers Next for HSBC Light'),. url(fonts/univers.300.woff) format('woff');.}..@font-face {. font-family: 'UniversNextforHSBC';. font-style: normal;. font-weight: 400;. src: local('Univers Next for HSBC Regular'),. url(fonts/univers.400.woff) format('woff');.}..@font-face {. font-family: 'UniversNextforHSBC';. font-style: normal;. font-weight: 500;. src: local('Univers Next for HSBC Medium'),. url(fonts/univers.500.woff) format('woff');.}..@font-face {. font-family: 'UniversNextforHSBC';. font-style: normal;. font-weight: 700;. src: local('Univers Next for HSBC Bold'),. url(fonts/univers.700.woff) format('woff');.}..@font-face {. font-family: 'UniversNextforHSBCArabic';. font-style: normal;. font-weight: 300;. src: local('Univers Next for HSBC Arabic Light'),. url(fonts/univers-ar.300.woff) format('woff');.}..@font-face {. font-family: 'UniversNextfo

Chrome Cache Entry: 209

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (790)
Category:	downloaded
Size (bytes):	795
Entropy (8bit):	5.159713652824108
Encrypted:	false
SSDEEP:
MD5:	62AC60A06D4A2F6FEA732ED3F434EB6F
SHA1:	9A8E3EB92DC83DBBDC4E0D3BC1FDA54122A4A1A4
SHA-256:	0E40E5E8CB12426FC1726FD60E700D6F6C404F023061E24CF7F586920D1B3738
SHA-512:	8A49F0A11337A3EAE8763E7254E9D4EBD532818DD0C66C116B9B82EAE057C8162089993D30A84C05F517D63C18F081F02CED8198BD3561D9BF2564D2799D82ED
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["rsd black friday 2024","mlb playoffs","bank of america online banking outage","throne and liberty maintenance schedule","lottery mega millions powerball jackpot","xrp sec ripple lawsuit","usmnt roster pochettino","coldplay 12th album"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 210

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 21216, version 1.0
Category:	downloaded
Size (bytes):	21216
Entropy (8bit):	7.980839478187946
Encrypted:	false
SSDEEP:
MD5:	6D70DB99B1F3D340E0888508458D8A81
SHA1:	C50078321E99853121C64FDA7CB63797FD478BFA
SHA-256:	E5593A6207860AE270EBBCCC43940F960B180455A48B7C956B78B8EF938DBDE8
SHA-512:	104925AFDA2C0059896C65F6F873C5A66907E5578AC28D5E293F35EB2B982CADB8A098C8C1C08BBC601D173B954046A7A42355C14BBC64A970FB97787282F68E
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/assets/fonts/univers.500.woff
Preview:	wOFF......R........P......O.................GPOS...X.......J@?U.OS/2.......T...`i..CVDMX...\...n....pew.cmap.......g......A.cvt ...4...m.......Hfpgm.......+...P...glyf......1...L8...<head..CT...6...6..D.hhea..C........$.6..hmtx..C...........).loca..E....^.....$f.maxp..H(... ... ....name..HH.......N-\|..post..M........ ...2prep..N......../..[.x..W]L\E..f......m.............R[.[)..?....4..D..Z..........Q.h.....H(.......}.m....{...V.~..;3g.\|....@.(.y..........:....5.\|%./..Z..S..k.....Z.tg.........\|.i'j....^..>I..uVn..P...)c.".Pv._../l...\..&.ULU.z..jVgU..P]VW([...>..Q4.8N...c.7q.+.0C.G.<..,l.t...n..L.q.M.-ET..r.Q.....$...m..Yf..`....S.'t..IJ&).D.....s6.j....Q......(.......7.Uq.M..124RI....K.Shcmv..D.z.'K=Y..r}.k'<=co...-fm;..-9O,...=O.......1l.n..?z.~V...=.4g..N{....F\,..ezuZ.u.........Il...Y..bM.]...X.+.+.........:.[...o.,{Y....i.Y..z.EOz.........,.......z.?..).KzL...w..g.6............S..lRf...0.1.yG....w.f.....F.k..z..o}=E~.....c..WZ..K.(:

Chrome Cache Entry: 211

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 21277, version 1.0
Category:	downloaded
Size (bytes):	21277
Entropy (8bit):	7.980807941172623
Encrypted:	false
SSDEEP:
MD5:	946F8EDF03008007A520BCCA472F6650
SHA1:	D1A655DCBC30910B1DADD74F3C1BBE6443580CAD
SHA-256:	7E3F95ED621BF5B3470DA943A1D1345FFFE7A241E1DCA6DB0ED9ACD9C43E80E2
SHA-512:	6BD3147990BB2EE5705D422F927EA5A93B163347C6847C255AD2AF1A9ECB39472BF76E286F2713B8261D01D354BE774B44157982903260F2CD2EDD2A22DC7310
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/assets/fonts/univers.700.woff
Preview:	wOFF......S........\|......P.................GPOS...X.......g3..OS/2.......T...`jb.SVDMX...0...t....pvw.cmap.......g......A.cvt .......l........fpgm...x...+...P...glyf......0...Lr\|...head..C....6...6.!D.hhea..C........$.Y..hmtx..C..........D%.loca..E....b.....$..maxp..H\... ... ....name..H\|.......`.6x.post..N4....... ...2prep..NH......./..[.x..XYlTU....u...e+.V..$`.e_..`.".UY.-Q....1..[.....K...(...1Lc!.@g..M.$.>`kL.L.....;..3.N.....r..,...r..... .=..V..V.~.........~..g.i.A...-5..}[.....Z..v..x?\|..A.H.T.F.7K.L^.uz>.@...R.E..~...}.u.....p..g./L....\5...Q.S..Ku....bD....?.......u.#.(..h..,.J..Z..zl.Fl....^..........\|..............!...\a...s.N..a.(S..@.%.z.W..2]..u.>.'x....S.{.@D.c...d.${$.2.VI.J...Oh....G.....c2c.rfa.PO..E.>...u.:F..'k..q.......c.#.9B\xnqO".O.~.$...,,&W.5+.f..X.l..X..N.;En3...Rd..*Q\..d1}.fX.W.yN....0g.../E.....q.....\|`...e..A.}.3w#L.e..!.O.7.;..x..S...!S>.e!..U...c...L...g.O..`...>.[......1)=..31..k....V.Q.sRn.~.a...)g.<.}N

Chrome Cache Entry: 212

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C source, Unicode text, UTF-8 text, with very long lines (25247)
Category:	downloaded
Size (bytes):	285100
Entropy (8bit):	5.767563097385629
Encrypted:	false
SSDEEP:
MD5:	5F2026FBA3C5481858E16A2493D52315
SHA1:	B27DF94E878FB9380ED4DDBED0A55DA674B46A25
SHA-256:	CC5B329A846192E7FC47F8ACDD74177CB06417176BFAA58F298DBE91BA2E4D1A
SHA-512:	13625152781201E8A681D4BBA353BC2ABFD8564F59AA59C6B4E07DC0657906B450CCB13E22C01822E2053A0B43E39FD6E0F791BC92DEEA44BBC95C4C6F542F37
Malicious:	false
Reputation:	unknown
URL:	https://tags.tiqcdn.com/utag/hsbc/global-hsbcnet-ib/prod/utag.js
Preview:	//tealium universal tag - utag.loader ut4.0.202409211517, Copyright 2024 Tealium.com Inc. All Rights Reserved..var utag_condload=false;window.__tealium_twc_switch=false;try{try{window.utag_cfg_ovrd=window.utag_cfg_ovrd\|\|{};window.utag_cfg_ovrd["split_cookie"]=false;}catch(e){console.log(e)}}catch(e){console.log(e);}.if(!utag_condload){try{try{var TEALIUM=TEALIUM\|\|{};TEALIUM.ccmNoShow=true;var ccmPageList=["/privacy"];function checkUrl(url){return utag_data.page_url.indexOf(url)>-1;}.TEALIUM.getDomain=function(a,b,c){a=""+location.hostname;b=a.split(".");c=(/\.co\.\|\.com\.\|\.org\.\|\.edu\.\|\.net\.\|\.asn\./.test(a))?3:2;return b.splice(b.length-c,c).join(".");};TEALIUM.setCookie=function(name,value,days){var expires="";if(days){var date=new Date();date.setTime(date.getTime()+(days2460601000));expires="; expires="+date.toGMTString();}.document.cookie=name+"="+encodeURIComponent(value)+expires+";domain="+TEALIUM.getDomain()+";path=/";return true;}.TEALIUM.grantFullConsent=function(){TEA

Chrome Cache Entry: 213

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4150)
Category:	downloaded
Size (bytes):	25485
Entropy (8bit):	5.300777680758944
Encrypted:	false
SSDEEP:
MD5:	62385FFA61C994361CDF48B81F1E87C3
SHA1:	55BC03261544EC7DDF571E76152C8F5D48B4CAEE
SHA-256:	65CA9321C00B63700D077F58F06A33AB03CC0EF3027B137CDAC57404E991F904
SHA-512:	C843296528A1170CA4E6BC8D127B1C398E7E52E6D93F75FD347A16F5FE9356E7FA7BF0FCD2521D3D92D0F16A46B7AA478334C050AD9E5E71866B0A151E6E9D26
Malicious:	false
Reputation:	unknown
URL:	https://tags.tiqcdn.com/utag/hsbc/global-hsbcnet-ib/prod/utag.781.js?utv=ut4.51.202409211517
Preview:	//tealium universal tag - utag.781 ut4.0.202409211517, Copyright 2024 Tealium.com Inc. All Rights Reserved..if(typeof JSON!=='object'){JSON={};}.(function(){'use strict';var rx_one=/^[\],:{}\s]$/,rx_two=/\\(?:["\\\/bfnrt]\|u[0-9a-fA-F]{4})/g,rx_three=/"[^"\\\n\r]"\|true\|false\|null\|-?\d+(?:\.\d)?(?:[eE][+\-]?\d+)?/g,rx_four=/(?:^\|:\|,)(?:\s\[)+/g,rx_escapable=/[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,rx_dangerous=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;function f(n){return n<10?'0'+n:n;}.function this_value(){return this.valueOf();}.if(typeof Date.prototype.toJSON!=='function'){Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+'-'+.f(this.getUTCMonth()+1)+'-'+f(this.getUTCDate())+'T'+f(this.getUTCHours())+':'+f(this.getUTCMinutes())+':'+.f(this.getUTCSeconds())+'Z':null;};Boolean.prototype.toJSON

Chrome Cache Entry: 214

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1861)
Category:	downloaded
Size (bytes):	16633
Entropy (8bit):	5.236933382375339
Encrypted:	false
SSDEEP:
MD5:	0335936B360DF34E8E63DA30E0B6DDFB
SHA1:	63399887655C061A44E2A66EA85AA3B4F7BBB1B3
SHA-256:	B4CAA80371F945520862F609F25D7F888490FAE201DE6F487530119672F7C55D
SHA-512:	5E8E097253D9F5971432AC6B9752D94DFE1E27D4FFF76E7065B55F9D29715483D9E8BBFBE1C5D55F46F0A7D723D8418BAC8DB018E1EB66CBF21E13790AC3E231
Malicious:	false
Reputation:	unknown
URL:	https://tags.tiqcdn.com/utag/hsbc/global-hsbcnet-ib/prod/utag.55.js?utv=ut4.51.202307080306
Preview:	//tealium universal tag - utag.55 ut4.0.202409211517, Copyright 2024 Tealium.com Inc. All Rights Reserved..window.lpTag=window.lpTag\|\|{};lpTag.sdes=lpTag.sdes\|\|[];window.lpTag.autoStart=false;function tealium_liveperson_lib(_site,_section){if(({}).toString.call(_section).match(/\s([a-zA-Z]+)/)[1].toLowerCase()!=="array"){_section=_section?_section.toString():"";_section=_section.split(/\s,\s/g);}.window.lpTag=window.lpTag\|\|{};if(typeof window.lpTag._tagCount==='undefined'){window.lpTag={site:_site\|\|'',section:_section,autoStart:lpTag.autoStart===false?false:true,ovr:lpTag.ovr\|\|{},_v:'1.6.0',_tagCount:1,protocol:'https:',events:{bind:function(app,ev,fn){lpTag.defer(function(){lpTag.events.bind(app,ev,fn);},0);},trigger:function(app,ev,json){lpTag.defer(function(){lpTag.events.trigger(app,ev,json);},1);}},defer:function(fn,fnType){if(fnType==0){this._defB=this._defB\|\|[];this._defB.push(fn);}else if(fnType==1){this._defT=this._defT\|\|[];this._defT.push(fn);}else{this._defL=this._defL\|\|[]

Chrome Cache Entry: 215

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (344)
Category:	downloaded
Size (bytes):	349
Entropy (8bit):	5.066626847184941
Encrypted:	false
SSDEEP:
MD5:	34116601D5CD6FECEF6416409ECF810B
SHA1:	0DCA29C016160C32F84A63FDAF5E9B60BA11BBFC
SHA-256:	54EA1B4681C9B54115D4C0940B245D36DF5656D17184CABA946F3D27C1556046
SHA-512:	2A001FFD56778D1E0B78CA43F55B636B8A0A363A1F16322BB4FE83620B89814D10A2EBD4C9612C8CA443DB220433895BFF787B3BAB3207DED1B51A09B29155AC
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=www1.secure.&oit=3&cp=12&pgcl=7&gs_rn=42&psi=0kP-e-x7gILe3Tqw&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["www1.secure.",["http://www1.secure.hsbcnet.com","http://www1.ipage.com/secure/login.html","www1.secure hsbc"],["","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[801,800,600],"google:suggestsubtypes":[[44],[44],[30]],"google:suggesttype":["NAVIGATION","NAVIGATION","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 216

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	2885992
Entropy (8bit):	5.6160944132572626
Encrypted:	false
SSDEEP:
MD5:	7CB06A43664B7E031A3527FE668BBFD2
SHA1:	85BF16E2FB9202135DAF2563F7A5B15BE1D4DBF5
SHA-256:	5AF30B73360DA17E0BEDA43E70565216C8875E21BE0B00ED261783BFCBA430C8
SHA-512:	FC2430CB99AE8681E1FF807E099D5C5FE0C31E286E9AFD03564918F786FAF4E850E1F3D466C0B570406A1EE05009E6A83F265B610B8C2B3FB37033EBD52EDEEE
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/static/js/main.js
Preview:	!function(e){var t={};function n(r){if(t[r])return t[r].exports;var a=t[r]={i:r,l:!1,exports:{}};return e[r].call(a.exports,a,a.exports,n),a.l=!0,a.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"===typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var a in e)n.d(r,a,function(t){return e[t]}.bind(null,a));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="/authentication/",n(n.s=389)}([function(e,t,n){"use strict";e.exports=n(766)},function(e,t,n){(func

Chrome Cache Entry: 217

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	48
Entropy (8bit):	4.519974678246912
Encrypted:	false
SSDEEP:
MD5:	AB387C28213091270350262D43640FD0
SHA1:	01EA2C01B3BCE3FB857521F684022FF8834056FC
SHA-256:	A2CA0CFC298942869322AF601B18EACDA319882FB351712E37CDD9326DDB3CF8
SHA-512:	6D261E43F73EA7E8423B61A530323E95BA0E2D2C81CCB5759F661EFCF531AF81D8EDB8107B5BFE86E2BFDFB58CF50CB20FEBA1D387B0C93EF2DB423F7C7D05DE
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAlJvVD3OTF_fhIFDaPCFUM=?alt=proto
Preview:	CiAKHg2jwhVDGgQISxgCKhEIClINCgMuQF8QARj/////Dw==

Chrome Cache Entry: 218

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	38
Entropy (8bit):	4.471354487013931
Encrypted:	false
SSDEEP:
MD5:	D907646B85FFAB8F9CCC5B83C0504183
SHA1:	D5B951892C1A1DF1C2F626C95A628F715B116459
SHA-256:	C9FB1A3CE933C0463C3766B1627BE68723EC7624363C54607AAACB1FEAC16960
SHA-512:	5A99A3F840DED69E3C96C379FC95E94BB9F7C71F7CA714C3E0CFE1DEEAA0D707CE0F5914B7C7C77DC2073E1932B64478B8587F36FE1769EC274CD1ED85528829
Malicious:	false
Reputation:	unknown
URL:	https://visitor-service-eu-central-1.tealiumiq.com/hsbc/amer-hsbcnet-ib/019252fe5e370043df8689c010380506f006b06700918?callback=utag.ut%5B%22writevaamer-hsbcnet-ib%22%5D&rnd=1727969255985
Preview:	utag.ut["writevaamer-hsbcnet-ib"]({});

Chrome Cache Entry: 219

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	2
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	7BC0EE636B3B83484FC3B9348863BD22
SHA1:	EBBFFB7D7EA5362A22BFA1BAB0BFDEB1617CD610
SHA-256:	A2C2339691FC48FBD14FB307292DFF3E21222712D9240810742D7DF0C6D74DFB
SHA-512:	4D094B64124366530E7E327B1AD5D06C0FD1CEB96387D6A143E9F561C2F9FF7CA9D68E7C23B8B14AAB5309C202A8DCED9A38D950662A50984D2841577293CD64
Malicious:	false
Reputation:	unknown
URL:	https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/global-hsbcnet-ib/202409211517&cb=1727969253454
Preview:	//

Chrome Cache Entry: 220

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27332), with no line terminators
Category:	downloaded
Size (bytes):	27332
Entropy (8bit):	5.48233759733871
Encrypted:	false
SSDEEP:
MD5:	4502CFFD9A049B7D23CF17CC2DE9B80D
SHA1:	2150B19E2378B68F766A958A1408E599C556BE44
SHA-256:	2823FBFA7B9256867E21AF1ECBFBB98583C8EF0E0B495F6F01D862EF58E3D93D
SHA-512:	28CE499A0787323277957763ADE1B7F5341E547CF82ECE2E4B7CD4F35B250B48F87596CF2E580D7400FE5FB35D73493D932781E851E254753A61EF123EB2EA32
Malicious:	false
Reputation:	unknown
URL:	https://lptag.liveperson.net/tag/tag.js?site=70030840
Preview:	window.lpTag=window.lpTag\|\|{};lpTag.taglets=lpTag.taglets\|\|{};lpTag._tagv="4.1.13";!function(a,b){function c(c,d,e){b._logcnt=b._logcnt\|\|0;H(c,d,e,b._logcnt);if("undefined"!=typeof a.lpTaglogListeners&&a.lpTaglogListeners.constructor===Array)for(var f=0;f<lpTaglogListeners.length;f++)try{lpTaglogListeners[f](c,d,e,b._logcnt)}catch(g){H("Exception="+g.message+" msg="+c,d,e,b._logcnt)}b._logcnt++}function d(a){if(a)for(var b=0;b<a.length;b++)qa[a[b].service]=a[b].baseURI}function e(){for(var a=Ga.PRODUCTION,c=b.ovr&&b.ovr.domain,d=0;d<Ha.length;d++)if(Ha[d].tagDomain===c){a=Ha[d].env;break}return a}function f(a){var c;a=a\|\|e();if("string"==typeof a)for(var d=0;d<Ha.length;d++)if(Ha[d].env===a&&(b.tagletsPrecomputed&&Ha[d].tagletsPrecomputed\|\|!b.tagletsPrecomputed&&!Ha[d].tagletsPrecomputed)){c=Ha[d].tagDomain;break}return c}function g(a){var b=qa[a],c="ALL";return b?b:qa[c]}function h(){return qa}function i(a){return l(ra,a)}function j(a){return l(sa,a)}function k(a,b){for(var c in b)b.h

Chrome Cache Entry: 221

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 21672, version 1.0
Category:	downloaded
Size (bytes):	21672
Entropy (8bit):	7.979178908556125
Encrypted:	false
SSDEEP:
MD5:	8172C65AA15FDE139AE95F4ADF205B11
SHA1:	16E2AE381EFCE6BCD97ADF7EDBF3285697EA3E28
SHA-256:	A3A59834FAE8583A5FB9791490CAE9A2EF067DA1B2E6CCFCF229EC5CA29CA2ED
SHA-512:	EB50E0118B82921D56A52A2BA403AE74ED8E4BABFA8E9718E5F9D7C5CA4D4661656906CAAA24879B79977AA9C697A0B9E23CE4FD00BC1BCE29EC9529C01BD363
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/assets/fonts/univers.400.woff
Preview:	wOFF......T........\........................OS/2...X...V...`c.^.cmap.......C....3...cvt .......O.....m..fpgm...D........c...gasp...4............glyf...D..6e..[.e..khdmx..?.........K...head..GP...6...6..s.hhea..G.... ...$....hmtx..G..........l-.loca..I.........1..maxp..K.... ... .%..name..K.... ....zcf.post..R........ ...2prep..R...........\|.x.c`fRf......p......../..&nVff& `n``.g``.b...O?....^E%.......2.R.`.t..1.d......z.....x.M.I+.Q...s.a.B.....%k../`..y....<..,.B.L!3...7d....;]._..S......#F.^o$F.q..\|E....."..;.;."..4I....r....qR.U.."X.....t..R.X..V..A.Q...j....6.-Z.6.Ui^.3......./..^...?.,q..g\r.!..p...,r.<..y.Ie....o\.....L..D.I....K<.$.D2)..F..d.I....@..L!E.SB.V.(..J....Z.i..&Zh..v.......>..f.Q..d.<..g.R&Xa...Xg.}......t..x.c.......e.~.S0....2p3.10.......#...... .!.!...a.`.e......y.......gp.....U....x..U.o.G..]'.kC.N.N......M0-.5i.m.5$n..8.n.a....3j%.D....?.-\.N..C......j/.H.C.[.....(Uk.g~.s..._.^.V.+..WK_...n.(:......kW.>.......\......3.....}p6s.\|...~....L

Chrome Cache Entry: 222

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=Kecljennifer], baseline, precision 8, 2560x1440, components 3
Category:	downloaded
Size (bytes):	415143
Entropy (8bit):	7.974959472238782
Encrypted:	false
SSDEEP:
MD5:	B1C6819E7F7507D0B251B5D9AA48B859
SHA1:	2798EDC71C64DFA694BB8B27D71DCA947834BBFE
SHA-256:	3D53BAE10B793E1A47EEAC6AD60C9C5615D219193EA5642DC1F5039DA46CCF71
SHA-512:	D065A25B5466A5B29EF966CA95D36F4E8802C77593B7453AD0609545D1922F61C668F2F880586363716FDDCA5EE5E0D63F3D4564A20C905312EF00ADF5FE9DC7
Malicious:	false
Reputation:	unknown
URL:	https://cdn.hsbcnet.com/uims/cdn/2020319/static-dl/public/DTC_AUTH/80.0.21/build/static/media/background.b1c6819e.jpg
Preview:	.....2Exif..II*.......................Kecljennifer........Ducky.............%http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmpMM:OriginalDocumentID="30F6265AC3245872B56717B7754F491C" xmpMM:DocumentID="xmp.did:ACECBEE3CCDA11E9A95E99B0D3172409" xmpMM:InstanceID="xmp.iid:ACECBEE2CCDA11E9A95E99B0D3172409" xmp:CreatorTool="Adobe Photoshop CC 2018 (Macintosh)" photoshop:AuthorsPosition="Contributor"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:548dbc92-de5a-4c36-95c2-6fdef9cb905e" stRef:documentID="adobe:docid:p

Chrome Cache Entry: 223

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (655)
Category:	downloaded
Size (bytes):	1876
Entropy (8bit):	5.400792002824105
Encrypted:	false
SSDEEP:
MD5:	C493AE1C092909E72A9A12A4B85F2CB5
SHA1:	9B504A39187D22519854C24E9A6D603135549372
SHA-256:	5EE73803626CB1363A8C9B35BFE4BE5570D16C98A553903DF8AB476565AC6165
SHA-512:	FD7FA85C0CBD7B94D5B6BEF9A5FD9179363B4B61CA10060C89C7F924078B7B3B0B0DAE9E6D6E65B443C680F9AC6970B5A3B1371820C8CA25E14E4557E21BFC3E
Malicious:	false
Reputation:	unknown
URL:	https://tags.tiqcdn.com/utag/hsbc/global-hsbcnet-ib/prod/utag.sync.js
Preview:	//tealium universal tag - utag.sync ut4.0.202409211517, Copyright 2024 Tealium.com Inc. All Rights Reserved..window.HSBC=window.HSBC\|\|{};HSBC.SITE=HSBC.SITE\|\|{};HSBC.PAGE=HSBC.PAGE\|\|{};HSBC.EXT=HSBC.EXT\|\|{};HSBC.LOG=HSBC.LOG\|\|{};HSBC.DCS=HSBC.DCS\|\|{};window.WebTrends=undefined;window.DCSext=window.DCSext\|\|{};window.dcsGetHSBCCookie=window.dcsGetHSBCCookie\|\|function(name){return"";};window.dcsVar=function(){};window.dcsMultiTrack=function(){};window.dcsMapHSBC=function(){};window.dcsMeta=function(){};window.dcsFunc=function(){};window.dcsTag=function(){};window.TMS=window.TMS\|\|{};var TMS=window.TMS;TMS.call_queue=[];TMS.copy=function(a,b,c){var utagLoaderGvCopy=function(d,e,f){e={};for(f in d){if(d.hasOwnProperty(f)&&typeof d[f]!=="function"){e[f]=d[f];}}.return e;};b={};for(c in utagLoaderGvCopy(a)){if(a[c]instanceof Array){b[c]=a[c].slice(0);}else{b[c]=a[c];}}.return b;};TMS.trackEvent=function(event_name,data){if(typeof event_name!=="string"&&data===undefined){data=event_name;event_n

Chrome Cache Entry: 224

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	285
Entropy (8bit):	4.991950052905939
Encrypted:	false
SSDEEP:
MD5:	763D7BB21BE0B7A725B00C0ADCCF85A6
SHA1:	94F5962CADE7026625EB6254A55EDBEE72546E78
SHA-256:	08DB1EDEAFF8B1557BC9EE254DBF97E5E022611B639AC30402D13995244135C3
SHA-512:	A638EA64527AFA0ADE4CD85AD687A0E4F7047F658D7A2DAFA48FE3F0B104F285575657369852CB154BB276891406F042753016CDEB8371592752C6DD9BEABACC
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=www1.secure.hsb&oit=1&cp=15&pgcl=7&gs_rn=42&psi=0kP-e-x7gILe3Tqw&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["www1.secure.hsb",["www1.secure hsbc","http://www1.secure.hsbcnet.com"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[600,400],"google:suggestsubtypes":[[30],[44]],"google:suggesttype":["QUERY","NAVIGATION"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 225

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (630)
Category:	downloaded
Size (bytes):	635
Entropy (8bit):	4.974768834475651
Encrypted:	false
SSDEEP:
MD5:	B4D7246704D9B822A8918BB06FBF8E5A
SHA1:	A8F8D52A4C3383886C872282C9E54DDAEDB36D6E
SHA-256:	036CFFDD0410E19342EFA0A47DB1C0DDC5E6901E0A82EE434FA3FD73FE965E43
SHA-512:	E1F074062A9B126D7E80B973D0438AA06004137B835D3596CF148B942E7D9150725AEAEB02EE03BC1C20D8E7D4C86E03238F359D8AC11B9B71F5E7F096C7BAE6
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=www1.&oit=1&cp=5&pgcl=7&gs_rn=42&psi=0kP-e-x7gILe3Tqw&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["www1.",["www1.deltadentalins/kaiser-ca","www1.ev01","www1.deltadentalins","www1.nyc gov/site/cchr/law/sexual-harassment-training.page","www1.odcr","www1.nyc gov","www1.bmoharris","www1.pgcps","www1.state.nj.us login","www1.deltadentalins/kaiser-ca-duals"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,557,556,555,554,553,552,551,550],"google:suggestsubtypes":[[512],[512],[512],[512],[512],[512],[512],[512],[512],[512]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 226

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1853)
Category:	downloaded
Size (bytes):	3082
Entropy (8bit):	5.308074225138136
Encrypted:	false
SSDEEP:
MD5:	C5269C989B2D5627E8C3DEAB566E3207
SHA1:	95D4EE822A2842795A1501D54E0FED85A91965C3
SHA-256:	095F507DCF3923B0356D02F64FF3844D82ED4A8F700F90EE4CFDC381FF749BF5
SHA-512:	25AB1FBBF504DB484EA924A13A0CF01FFA569635A65B0FB33DABD63F5D24C463B805BF3BAB5EA9DCE6294954283625A95420F8C9063D1D6CE4CF170524AAB9B7
Malicious:	false
Reputation:	unknown
URL:	https://tags.tiqcdn.com/utag/hsbc/global-hsbcnet-ib/prod/utag.412.js?utv=ut4.51.202211120513
Preview:	//tealium universal tag - utag.412 ut4.0.202409211517, Copyright 2024 Tealium.com Inc. All Rights Reserved..try{(function(id,loader){var u={};utag.o[loader].sender[id]=u;u.ev={"view":1};u.map={"vendor_qualtrics_intercept_id":"siteinterceptid","vendor_qualtrics_intercept_server":"siteinterceptserver"};u.extend=[function(a,b){try{if(1){if(b['dom.url'].indexOf('secure.hsbcnet.com')>-1&&b['dom.url'].indexOf('/accounts/details')>-1){return false;}}}catch(e){utag.DB(e)}},function(a,b,c,d,e,f,g){if(1){d=b['ut.profile'];if(typeof d=='undefined')return;c=[{'global-hsbcnet-ib':'zn7pmbtabt6c6hhtj-hsbccmb.siteintercept.qualtrics.com'}];var m=false;for(e=0;e<c.length;e++){for(f in utag.loader.GV(c[e])){if(d==f){b['vendor_qualtrics_intercept_server']=c[e][f];m=true};};if(m)break};}},function(a,b){try{if(1){if(b.vendor_qualtrics_intercept_server){u.data.base_url="//"+b.vendor_qualtrics_intercept_server+"/WRSiteInterceptEngine/?";}}}catch(e){utag.DB(e)}},function(a,b,c,d,e,f,g){if(1){d=b['ut.env'];if(

Chrome Cache Entry: 227

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	531523
Entropy (8bit):	5.494851980720749
Encrypted:	false
SSDEEP:
MD5:	910DD2985F77B7773EA870A7DA8AEAFA
SHA1:	38D07CFE58E2CFD75C0CF079753D7F37EF9B6024
SHA-256:	9D1C151405B68E41550371773091CD69A1F4E3F3A886965A009136FA04F0B148
SHA-512:	8B7C6CC2984535BFC97D8C2BACDB5D4E55AAA368D0DB86AB0F0C8A6017547AF1F704CA966D6996582D3CC86F523766C01EA906448533FF993A8C716AE3A9CFF8
Malicious:	false
Reputation:	unknown
URL:	https://lptag.liveperson.net/lptag/api/account/70030840/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=www1.secure.hsbcnet.com_hsbcnet_authentication_logon_username&b=undefined
Preview:	lpTag.callback({"taglets":[{"name":"lpMobileLandscape","type":0},{"name":"lpSecureStorage","type":0},{"name":"lp_sdes","type":0},{"name":"cobrowse","type":0},{"name":"scraper","type":0},{"name":"lpActivityMonitor","type":0},{"name":"rendererStub","type":0},{"name":"lp_version_detector","type":0},{"name":"lp_monitoringSDK","type":0},{"name":"lpTransporter","type":0},{"name":"lpUnifiedWindow","type":0},{"name":"SMT","type":0},{"name":"hooks","type":0},{"name":"lp_SMT","type":0},{"name":"authenticator","type":0},{"name":"cleanCCPatterns","type":0,"parameters":[{"id":"ccPatterns","value":"[{\"useDefault\":true,\"patternsArray\":[{\"pattern\":\"/(\\\\b((?:Security\\\\s?\|card\\\\svalidation\\\\s?\|CVV2?\\\\s?\|CVC2?\\\\s?\|CID\\\\s?\|CAV2?\\\\s?)(?:Code\\\\s?\|value\\\\s?)?(?:\\\\#\\\\s\|\\\\s\\\\#\\\\s?\|\\\\sno\\\\s\|\\\\snum\\\\s\|\\\\snumber\\\\s)?(?:is\\\\s)?(?:(?:\\\\:\|\\\\-)?\\\\s*))([0-9]{3,4})\\\\b)/gi\",\"replacePattern\":\"/[a-zA-Z0-9]/g\"},{\"pattern\":\"/(\\\\b((\\\\d{9,10}\|\\\\d{1,6})[-

Chrome Cache Entry: 228

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3914
Entropy (8bit):	5.08748332004163
Encrypted:	false
SSDEEP:
MD5:	A10BFD96966C7CB2BEAC530B80BF7D88
SHA1:	DA38ED1FB84312646D1DBE1C60161D5B9B563AEF
SHA-256:	613CE4E2802603453791E8640914D6B1DBEB01ECA6AB78883A02EFDB958192E3
SHA-512:	7BFD23435BE732836BF30970FD4676C0E69E198D4984AC778E3954F8C2D3040CA68AED3B1494B50F49A5F9A391BF2175D6990370C5045899A52CDF4EAB3288FC
Malicious:	false
Reputation:	unknown
URL:	https://www1.secure.hsbcnet.com/uims/content/public/DTC_AUTH/config.json?_=1727969247
Preview:	{. "enableForgotUsername": true,. "enableCnTransmitURL": true,. "useSpa": true,. "transmitUrlConfig": {. "transmitDomainMapping": {. "prod": "https://transmit.secure.hsbcnet.com",. "www1": "https://transmit-sy.secure.hsbcnet.com",. "www2": "https://transmit-wk.secure.hsbcnet.com",. "sy.lp": "https://transmit-sy.secure.hsbcnet.com",. "wk.lp": "https://transmit-wk.secure.hsbcnet.com",. "sde1-c": "https://transmit-dev.sde1-c.uk.hsbcnet.com",. "sde2-c": "https://transmit-dev.sde2-c.uk.hsbcnet.com",. "sde3-c": "https://transmit-sit.sde3-c.uk.hsbcnet.com",. "sde4-c": "https://transmit-sit.sde4-c.uk.hsbcnet.com",. "icat-c": "https://transmit-pprd.postprod-c.uk.hsbcnet.com",. "postprod-c": "https://transmit-pprd.postprod-c.uk.hsbcnet.com",. "perftest-c": "https://transmit-ptc.uk.hsbcnet.com",. "www1.cn": "https://transmit-sy.secure.hsbcnet.com",. "www2.cn": "https://transmit-wk.secure.hsbcnet.com",. "www3.cn": "h

Static File Info

General

File type:	7-zip archive data, version 0.4
Entropy (8bit):	7.999958331749752
TrID:	7-Zip compressed archive (6006/1) 100.00%
File name:	75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z
File size:	4'427'418 bytes
MD5:	38984a7c2ac3802d4ac0c6d0bfb388e5
SHA1:	4b2c3de7ec9f95a59e1ffb853df4fc18607d178c
SHA256:	ef26675fcf2460ba924c36fc141075e31e827312da5f208b726b50f43c7d8c7e
SHA512:	645ccfc140493187038566bd862fc1e691fd07369a6bdf13dc2cc15344ae25e1ab434865f0db4cd3508a1e7da4b74ed92a358b8b8e8a35ee95fcaade61881992
SSDEEP:	98304:FqOXYyUb178a9q3/2sRHZhGI+jVIeYdTZPiwin+EEfH9l1x:FqOXRUb1Ia9Q2UZoISSeIXY6fdvx
TLSH:	4F26338B62735E06A4973BD413F3D1FFD9E80B1A8EAA3EF42CA7550EA0475E95510CC2
File Content Preview:	7z..'.....*d..C...............B.5!h....r......P......OA=..^o.M.RT.b\..4.K.m_r.t.>....I2/.Z...J.."..N%...Oc.-..F.....t.....[..b....vC.n.h.f......Y...A....x.F.A9..-....!M..5(....n....\|aao.'Wo.K... .-....O..C...sd.8"...K7).."..wP....N3j..V......l.I.....^.jV.

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\07603903-172b-4efc-9234-714616b5df0b.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1512

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\Documento-829FF6CF-E07C-D701-B178-0A934A03C140.pdf

C:\Users\user\AppData\Local\Temp\MSI6ad25.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-03 11-26-20-883.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\3c2f4f5a-1b32-47ad-b7a6-34f61f2726e2.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\4b4cfb5f-5948-40c7-b796-9008b3fdfa8f.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\86eb2d1a-8858-47c7-a68f-01b9dd8fdb94.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\c715ed5c-04c8-44b7-83bd-53e18a7efd5e.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\d583c684-d7b8-49fa-8699-5d5cd98bad31.tmp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Desktop\75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb

Chrome Cache Entry: 197

Chrome Cache Entry: 198

Chrome Cache Entry: 199

Chrome Cache Entry: 200

Chrome Cache Entry: 201

Windows Analysis Report
75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z