Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Proposal From Wachler & Associates PC.pdf

Overview

General Information

Sample name:	Proposal From Wachler & Associates PC.pdf
Analysis ID:	1546357
MD5:	aab045bd2afdb2e1f4850ad86a2e132c
SHA1:	82e2a9f32e3ffbe5bf303d09b94c0a9c9e563905
SHA256:	89f24b0be3ca235732dc2c090c81748aec7633dd0718774cf962b532e6e305c4

Detection

HtmlDropper, HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Html Dropper

Yara detected HtmlPhish10

AI detected landing page (webpage, office document or email)

HTML page contains obfuscated javascript

Drops files with a non-matching file extension (content does not match file extension)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6244 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Proposal From Wachler & Associates PC.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6480 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6688 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1640 --field-trial-handle=1588,i,17395083840035650853,15930240583194519753,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://management.promoterlines.com/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2016,i,10304501417851725764,18198294135026954876,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
4.12.pages.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
4.12.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 4.12.pages.csv, type: HTML

HTML page contains obfuscated javascript

Source: https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5

HTTP Parser: var a0_0x472a6f=a0_0x9630;(function(_0xb402e4,_0x4bdb3d){var _0x34a9e4=a0_0x9630,_0x5bb6b7=_0x

Source: https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5

HTTP Parser: Number of links: 0

Source: https://management.promoterlines.com/

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

Source: https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5

HTTP Parser: Title: 68bb02cfb5534e9a77c6caae807d78316723d478654e1 does not match URL

Source: https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5	HTTP Parser: Invalid link: Terms of use
Source: https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5	HTTP Parser: Invalid link: Privacy & cookies

Source: https://management.promoterlines.com/	HTTP Parser: No favicon
Source: https://management.promoterlines.com/	HTTP Parser: No favicon
Source: https://management.promoterlines.com/	HTTP Parser: No favicon
Source: https://management.promoterlines.com/?__cf_chl_tk=yjTfZgh7kINlGk9rjJRFangKA3vdq7003W5IJFVL5R8-1730401371-1.0.1.1-PBFo3oHpXE5tdMu4XnD5O6K71nQMFYX9QfsOV4x_aF0	HTTP Parser: No favicon
Source: https://management.promoterlines.com/	HTTP Parser: No favicon
Source: https://management.promoterlines.com/	HTTP Parser: No favicon
Source: https://management.promoterlines.com/	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.htm	HTTP Parser: No favicon

Source: https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5

HTTP Parser: No <meta name="author".. found

Source: https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.189:443 -> 192.168.2.17:49837 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 27MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 96.6.168.143
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	DNS traffic detected: DNS query: management.promoterlines.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.32.68:443 -> 192.168.2.17:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.189:443 -> 192.168.2.17:49837 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.troj.winPDF@40/72@23/192

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 15-02-47-457.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Proposal From Wachler & Associates PC.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1640 --field-trial-handle=1588,i,17395083840035650853,15930240583194519753,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://management.promoterlines.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2016,i,10304501417851725764,18198294135026954876,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding E5F339762ED7D7BBFDB65366DBFC8BC0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1640 --field-trial-handle=1588,i,17395083840035650853,15930240583194519753,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2016,i,10304501417851725764,18198294135026954876,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Proposal From Wachler & Associates PC.pdf	Initial sample: PDF keyword /JS count = 0
Source: Proposal From Wachler & Associates PC.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Proposal From Wachler & Associates PC.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Data Obfuscation

Yara detected Html Dropper

Source: Yara match

File source: 4.12.pages.csv, type: HTML

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: PDF document

LLM: PDF document contains QR code

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: Chrome Cache Entry: 207

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	11 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
jsdelivr.map.fastly.net	151.101.1.229	true	false		unknown
a.nel.cloudflare.com	35.190.80.1	true	false		unknown
challenges.cloudflare.com	104.18.94.41	true	false		unknown
www.google.com	142.250.185.228	true	false		unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.42	true	false		unknown
management.promoterlines.com	188.114.96.3	true	false		unknown
x1.i.lencr.org	unknown	unknown	false		unknown
cdn.jsdelivr.net	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://management.promoterlines.com/	false		unknown
https://management.promoterlines.com/?__cf_chl_tk=yjTfZgh7kINlGk9rjJRFangKA3vdq7003W5IJFVL5R8-1730401371-1.0.1.1-PBFo3oHpXE5tdMu4XnD5O6K71nQMFYX9QfsOV4x_aF0	false		unknown
file:///C:/Users/user/Downloads/downloaded.htm	false		unknown
https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.67	unknown	United States		15169	GOOGLEUS	false
151.101.1.229	jsdelivr.map.fastly.net	United States		54113	FASTLYUS	false
142.250.185.228	www.google.com	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
217.20.57.42	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	Denmark		15516	DK-DANSKKABELTVDK	false
184.28.88.176	unknown	United States		16625	AKAMAI-ASUS	false
151.101.193.229	unknown	United States		54113	FASTLYUS	false
104.18.94.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
96.6.168.143	unknown	United States		16625	AKAMAI-ASUS	false
151.101.65.229	unknown	United States		54113	FASTLYUS	false
104.18.95.41	unknown	United States		13335	CLOUDFLARENETUS	false
142.250.185.106	unknown	United States		15169	GOOGLEUS	false
142.250.185.227	unknown	United States		15169	GOOGLEUS	false
142.250.185.238	unknown	United States		15169	GOOGLEUS	false
74.125.206.84	unknown	United States		15169	GOOGLEUS	false
162.159.61.3	unknown	United States		13335	CLOUDFLARENETUS	false
2.23.197.184	unknown	European Union		1273	CWVodafoneGroupPLCEU	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
188.114.97.3	unknown	European Union		13335	CLOUDFLARENETUS	false
142.250.185.174	unknown	United States		15169	GOOGLEUS	false
188.114.96.3	management.promoterlines.com	European Union		13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
107.22.247.231	unknown	United States		14618	AMAZON-AESUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546357
Start date and time:	2024-10-31 20:02:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Proposal From Wachler & Associates PC.pdf
Detection:	MAL
Classification:	mal64.phis.troj.winPDF@40/72@23/192
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.174, 74.125.206.84, 184.28.88.176, 34.104.35.123, 107.22.247.231, 18.207.85.246, 34.193.227.236, 54.144.73.197, 162.159.61.3, 172.64.41.3, 192.229.221.95, 2.19.126.143, 2.19.126.149, 2.23.197.184, 217.20.57.42
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, clients.l.google.com, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: Proposal From Wachler & Associates PC.pdf

LLM Input / Output

Input	Output
URL: PDF document Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "To download your file, Scan the QR code below with your smartphone to gain access to the shared document.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": true }

URL: PDF document Model: claude-3-haiku-20240307	```json { "brands": [ "Wachler & Associates PC" ] }
	```json { "brands": [ "Wachler & Associates PC" ] }
URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://management.promoterlines.com
URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verifying you are human. This may take a few seconds.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verifying you are human. This may take a few seconds.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verifying you are human. This may take a few seconds.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verify you are human by completing the action below.", "prominent_button_name": "Verify you are human", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Verifying you are human. This may take a few seconds.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: https://management.promoterlines.com/?__cf_chl_tk=yjTfZgh7kINlGk9rjJRFangKA3vdq7003W5IJFVL5R8-1730401371-1.0.1.1-PBFo3oHpXE5tdMu4XnD5O6K71nQMFYX9QfsOV4x_aF0 Model: claude-3-haiku-20240307	```json { "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "brands": [ "management.promoterlines.com", "Cloudflare" ] }

URL: https://management.promoterlines.com/?__cf_chl_tk=yjTfZgh7kINlGk9rjJRFangKA3vdq7003W5IJFVL5R8-1730401371-1.0.1.1-PBFo3oHpXE5tdMu4XnD5O6K71nQMFYX9QfsOV4x_aF0 Model: claude-3-haiku-20240307	```json { "brands": [ "Cloudflare" ] }
	```json { "brands": [ "Cloudflare" ] }
URL: file:///C:/Users/user/Downloads/downloaded.htm Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Sign In Required", "prominent_button_name": "Sign In", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Sign In Required", "prominent_button_name": "Sign In", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: file:///C:/Users/user/Downloads/downloaded.htm Model: claude-3-haiku-20240307	```json { "contains_trigger_text": true, "trigger_text": "Sign In Required", "prominent_button_name": "Sign In", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: file:///C:/Users/user/Downloads/downloaded.htm Model: claude-3-haiku-20240307	```json { "brands": [] } ``` The provided image does not contain any visible brands. The image shows a sign-in page with a warning message "Sign In Required" and a "Sign In" button, but no brand logos or other identifiable brand elements are present.

URL: https://management.promoterlines.com/ Model: claude-3-haiku-20240307	```json { "brands": [] } ``` The provided image does not contain any visible brands. The image shows a sign-in screen with a message "Sign In Required" and a "Sign In" button, but no brand logos or other identifiable brand elements are present.

URL: file:///C:/Users/user/Downloads/downloaded.htm Model: claude-3-haiku-20240307	```json { "brands": [] } ``` The provided image does not contain any visible brands. The image shows a sign-in page with a warning message "Sign In Required" and a "Sign In" button, but no brand logos or other identifiable brand elements are present.

URL: Model: claude-3-5-sonnet-latest	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: URL: https://promoterlines.com

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2378755238675305
Encrypted:	false
SSDEEP:
MD5:	9F79C6F40B2D455983BA325FC1BD57C7
SHA1:	244B7213BF4538645C3663E5BF851B3730429002
SHA-256:	4510AC4D853D6E5CA2D638EB8A28A8A808F1CC0216A920504AE344D0FC9B9CA1
SHA-512:	623072716625C020EF06EECEDD80F9598E3DD202E19C6113EAAE3DF490F6E5704BA8310EE3C5DD07A8AC7C2FB96F0BB9CC847203E195ADD7E65373BD5F8C3B46
Malicious:	false
Reputation:	unknown
Preview:	2024/10/31-15:02:45.703 1978 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-15:02:45.706 1978 Recovering log #3.2024/10/31-15:02:45.706 1978 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.1503946412906085
Encrypted:	false
SSDEEP:
MD5:	3203BE0850BC3190C4DB90544BF99D29
SHA1:	FA653EA251E95880F05AA9F497A4ACBA438AB78C
SHA-256:	35DA77A78080F4DC00515C23F1F24DE3FDF12E1AB05AAB59FE5FEC1AC71A5A32
SHA-512:	65C1E671AF9F0B5C5C055D22F0DBDB5467A92E38254AEE5E60FB24BF833A35A94024A67C9DCF7E238AD96CBCD05E9647E60BFF69B15A06446020CCE240140051
Malicious:	false
Reputation:	unknown
Preview:	2024/10/31-15:02:45.555 1a48 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-15:02:45.558 1a48 Recovering log #3.2024/10/31-15:02:45.559 1a48 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3d3bd8d4-4763-4026-b0af-fb98f248aa48.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	476
Entropy (8bit):	4.964804046018907
Encrypted:	false
SSDEEP:
MD5:	E046A781D075B4F5AAAD2E1888557FFB
SHA1:	E7D9FADBC6F8B69A20937EF0F43F1A1C3FCB3903
SHA-256:	25CF4C14CF7ECD4A03541C8D99E7BA10D3A1BAAD02DE0D7CC70903F2E19F1BF6
SHA-512:	4D48F0C01985D7D6711B4E28ACA9A096FD54E6573D6D26F90BDDD0210433FE3ED8B72A42C075171CF299C1CD9F1CA00D31EEF0F16E75835262E8461593CF8787
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374961377476999","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":248383},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	E046A781D075B4F5AAAD2E1888557FFB
SHA1:	E7D9FADBC6F8B69A20937EF0F43F1A1C3FCB3903
SHA-256:	25CF4C14CF7ECD4A03541C8D99E7BA10D3A1BAAD02DE0D7CC70903F2E19F1BF6
SHA-512:	4D48F0C01985D7D6711B4E28ACA9A096FD54E6573D6D26F90BDDD0210433FE3ED8B72A42C075171CF299C1CD9F1CA00D31EEF0F16E75835262E8461593CF8787
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374961377476999","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":248383},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	6495
Entropy (8bit):	5.2465093057894014
Encrypted:	false
SSDEEP:
MD5:	1544D5EAD35EC46D8D89B0067DAAB26A
SHA1:	256AE3C3251965EAAA62705BC6EC0355C1488DC0
SHA-256:	F544E7EF63DCBC6C76E063430494D44DAF317C536688DED6D5497DAF09C04E81
SHA-512:	C17E9DB362FA502C7F1EC3A9CC0A86561CD69CAD264CD598B9DBD92759FE43C9339313EFBF546B314054E70577F0028062A1A3904CFF4C07612AF05ED272C5CF
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.177284796317375
Encrypted:	false
SSDEEP:
MD5:	8281523943326869B2A867C9FD711105
SHA1:	FE47945773D3C6749CFC9BB5CA6B14FA78ADDE57
SHA-256:	0D2420003406B29B8382FC2C8F7E2F1BBCCADFEF51AF89C1FA4F5A6E2FC01E87
SHA-512:	E5774B11947B3311AC15247ACDA0AA5D8B1B31EA9B1C8517316B67F4412143F7B181FE441D063A879658BD4EC534A179C22F748AACC53AE600D428CA2C7AA3B0
Malicious:	false
Reputation:	unknown
Preview:	2024/10/31-15:02:45.788 1a48 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-15:02:45.795 1a48 Recovering log #3.2024/10/31-15:02:45.800 1a48 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	54
Entropy (8bit):	4.346756020361474
Encrypted:	false
SSDEEP:
MD5:	B756200002C378859E0835EA598FBE7E
SHA1:	FC558826268F5D2007A395A0F5D71BFADD684CF1
SHA-256:	131C77B0B7C7946367A4F1877C16752741650D591370666DB1514F0869D4D2D7
SHA-512:	6A00891DFB8C946145D3A2F65EDFC5A92793ED637C6A6A277CC7796A53B9708CCCA5206DEB75E1FD998AAB94CB3ED70E8A5C9C27A8954B40D8605BE5BD127ED6
Malicious:	false
Reputation:	unknown
Preview:	..../................22_11\|360x240\|60........9\.*\|?.yB

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	283
Entropy (8bit):	5.175435552776208
Encrypted:	false
SSDEEP:
MD5:	E694771C2298A18666771CFD3529DF96
SHA1:	2E2CC2A9D651424D17EE5D53A7655362839004CF
SHA-256:	0AB9C817DBBC8A8B12C47C627C4CF169C8AD72ED59C2C1F40BCECEAADE4587D3
SHA-512:	7FA47CAE84E2FE8B5CE61A4334DB9C854FE9CED70FD248246569B34CFF7376D955C7C8912B791892F040001BD4620CD4B461D0469AB4B9C8274BE54B489249B8
Malicious:	false
Reputation:	unknown
Preview:	2024/10/31-15:05:18.229 ba4 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db since it was missing..2024/10/31-15:05:18.238 ba4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db/MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	126
Entropy (8bit):	3.6123534208443075
Encrypted:	false
SSDEEP:
MD5:	A05963DD9E2C7C3F13C18A9245AD5934
SHA1:	15A87493591860C6C22499DF3A705ACB3CB466BD
SHA-256:	F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
SHA-512:	E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2
Malicious:	false
Reputation:	unknown
Preview:	.h.6.................__global... .t...................__global... ..7..................22_......u...................22_.....

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	301
Entropy (8bit):	5.1337240560322925
Encrypted:	false
SSDEEP:
MD5:	96D2C85B67D3B6F40E136C763943E281
SHA1:	EA82E8CC60E5D85970A7995FA43F903692F922CD
SHA-256:	88568209614ADA338443F384595EB3755D5C6E113D9FEE9459888E839073E610
SHA-512:	B04B47892F3B4A1CEC584E86C06C2EBE08BE770EA3B738D8E19A91F73B871EDB56863BEDB6E368B53F5880BA5D9E96CF555F9D494368094FEA9879E39B0CA690
Malicious:	false
Reputation:	unknown
Preview:	2024/10/31-15:05:18.214 ba4 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata since it was missing..2024/10/31-15:05:18.226 ba4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata/MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241031190249Z-172.bmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.5855171845253784
Encrypted:	false
SSDEEP:
MD5:	732DB81A08E7791F8669A00FA0FBCADE
SHA1:	5008C5FF3F0921D7B69E361028F22B113E4A105A
SHA-256:	902F9A33FE6E44345FE498066A44EE13B663FD142166844FA72A5DFCDE1F3AB7
SHA-512:	47F0095140639D29EEB35D392E6D355D7D98FAB28277FD1086291EF8DD1CAAEB55A6EF032B323E116601AC43E3AB3D778AB9FEF9A4E09DD3BF3AC1506D74BBEF
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444767022601376
Encrypted:	false
SSDEEP:
MD5:	7A68D14358734D84B224CDE277F6E5A4
SHA1:	F3D6A90F74F5E7C9D74A23DF169AE9649EABDCCA
SHA-256:	13B543824E8F7E2E347CFD0CB767F151F52D15F131A110C5357BFFCCADDC51CB
SHA-512:	75DEB7657E4AEE0C5C9FAC97711869EE7473A885EBE5C5F30A122EFB0BB438504204C873380E6EF6DEEAC45868C85EA2E6C595BE3D26FA5C2967A6D7677C026D
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.767311274575773
Encrypted:	false
SSDEEP:
MD5:	6F2652B52F7CE8E2BD0B629F8AC98885
SHA1:	B90D72CCFCEC15BC1AEE29B079F1B3F82E4A1335
SHA-256:	97092BAFFF1BF1B4E96B46C87138FAC15EDE580B0CC6DBC0B4491EAACFB194E7
SHA-512:	7BA434A863083694D7F8AA1633C3FE2FE5FCECC2BCA0CF3EE8344C7765DC4D261103DD71F1A30B016651991079F55BC08B766EFAC35D2281BC5E76BF49DE68C8
Malicious:	false
Reputation:	unknown
Preview:	.... .c......C.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7569015731729736
Encrypted:	false
SSDEEP:
MD5:	72BABCB83CA6687A47169ECC75A3CD23
SHA1:	00374305C77973A2AA72DCD2110241697C001D79
SHA-256:	634A3F17316A381CBDAD6803B44BB9460597146ADB8BD2E88F210096E99B6D5B
SHA-512:	F2B22CF57FF178ABE5FDEA9210AD8D144531E6778215D33C724D00D7668765E678E9804EFC4DDBD96B8AE9F4B18F1275256FDB67C3BC41DD27F70C7CDCAB94E2
Malicious:	false
Reputation:	unknown
Preview:	p...... ........R....+..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.124299327562623
Encrypted:	false
SSDEEP:
MD5:	4026A26A4FB21E221916C827C20EDAA7
SHA1:	521BFD6C796B2C67899D7F801882FED52683B077
SHA-256:	F708A78429D3B274592E814469049BA3923611E73778E2F1259BAB9F0A3218B8
SHA-512:	70CC332615B4A7926C8D22F05B16B6DEA2668D9AEB88D091EE2090499F45C207CA2293C95915A4D5C2C557020CBFC626A038E01D161E99B2340008CE05CC1696
Malicious:	false
Reputation:	unknown
Preview:	p...... ........4bn..+..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.345778126743278
Encrypted:	false
SSDEEP:
MD5:	F97B9B03C9D335A53D58170DDCA10760
SHA1:	AB33AF5F2E2448206E6ACBB4AFDE853344113EC9
SHA-256:	3467EF5FA7CB633C69C381719550D15E3FFA19182EDB1FC57D1FBBCC9E58F427
SHA-512:	8783FE293557E9C715801070F82072B266F49860C19734169BA59416C6EF94A0C46EA1174781746C14031D6F210C9732CE693639F2AC14365AAD81ADF731AC63
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.289476427174085
Encrypted:	false
SSDEEP:
MD5:	0975FBF28762C2CE5A9822A16181A5A5
SHA1:	0EF2B506B2F64C9B3C2826100147D4FFFB108A9C
SHA-256:	20358B9FCFC4D0E09BC5DC079CD03BBF8C36EBBF0A91EBA9F236F9BDFEBBBFFD
SHA-512:	9F5697271403AA261D1849203EC2534DD638763920B230CB39C949A295F08D738816A13481E7366CC0ED2A5DD3A99C71A1EA5BC901492A6B219D122632CE7992
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.268555891379046
Encrypted:	false
SSDEEP:
MD5:	FF8BD2EF3665C177D9BC0719CEE525A4
SHA1:	D55B6E332C4038EC75227F2C74D9513D2D794F0D
SHA-256:	3FAB8A22B7403E806E6EFD8F2C26E277B4DAC12F2A45C99E15E356E2B95477A5
SHA-512:	2558802586DBF6C1B921BD423A6A7CBC4B241A842A836917F6F6E8569AA1EB158B59D888740EAAB6323285D5A431757F359A3EB6BA32F2C64E3A0DCF9D071B0D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.3312575838550655
Encrypted:	false
SSDEEP:
MD5:	F0B9EC82BB8B56349F120A8FF486BCB7
SHA1:	F46CBE47E04F0A461F6CCFE4BB1690BDE8D50DFC
SHA-256:	FE3A59D393FF01191D58FAFC5E1AF3F8428803F91B3C6668DD2346E17DD8388D
SHA-512:	3C8D9B26555590187A6F839FE97AB7A259D819B6570525EF1CB312571A87360A9BF044A8017D6E470ABFC7B287719A188D99EC27F6827F3874CD7FFB9ABE1C38
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1055
Entropy (8bit):	5.6598202052957225
Encrypted:	false
SSDEEP:
MD5:	6E948E385D59CCBCC2AD28E3C28BC971
SHA1:	8DB88433FC63C5B5BEB9F00662EAD27EC3FA9DB7
SHA-256:	CD53D17C046627EB481FA9F5705CCF769ABC89A46892D2636DD2CC4E6CE8F280
SHA-512:	E17AFBDADAD21B5F905B36B70358EA92073BBADD2749DD345B2AB0EAD1F4C271A9CF5A22C0AB1806ECAD05E31395D3A529B846FBF3F77F085077AC10D829750A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.653543097290945
Encrypted:	false
SSDEEP:
MD5:	148A3FB82F2DDAEA5F89CCA8EE5C9534
SHA1:	23E7BDEFF0A4FC6E3B40E4632F9536AF3E66CCC1
SHA-256:	936C5BEAC516B4286C696BA6C50A74FAF0BE7075016166C4243CFEB5EF4223D5
SHA-512:	1414520ED1137BAFC93BA4166889095ABA3FC750D26CE52BEF03AFA20EE3EEA2B4BEF30849CF7E39F4ABC41544E6E749913414AE3452CB70A67BC47BE3FA649F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2783113441213505
Encrypted:	false
SSDEEP:
MD5:	BDCB8D5B05422376B6CB398B83D03F79
SHA1:	AFF7766706D86A727848BBE76B00543FAC30BFE3
SHA-256:	B1E15BF55DE41FE6DC526B0325E4AE0626496E8B92475C5BF71B0CAA68F39A64
SHA-512:	17BC71B81A643B6E262D50869EA4F880A534E08D6AC1F63075A9A8913967C9BF6FDD0C7A762BA14326582970BFE40B002802E5D80ECBF302C27BB26D3FFA24FE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.645526393987919
Encrypted:	false
SSDEEP:
MD5:	75C3B7653B236832CC270CCB4C7B1CBE
SHA1:	C56A4700FD6773A6CF1029B6D3E623A15C085022
SHA-256:	450BDDBA9A70573CBAB45825B3B6A16B83EFE4C43F08C0B31C2DACE2BB3BB14F
SHA-512:	9593ABF16AF3AFA59F9EABE2C0CCD1ABDA3EEA0F45BCB36577FDE1D782D57D4AE40E1645CBCD0A489E37088948E3DBF8D5FDC567723319E7FD4C64FB5A876BA5
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.694453780557457
Encrypted:	false
SSDEEP:
MD5:	FC56168ADD6741F2BDD03BE2D0CFB1F9
SHA1:	296B428C10CCF02E050DF2EC601C9E6521F75776
SHA-256:	BBF3466A0FCF41EFC20F7348C56A674EF07AF51DD6B8C495EF75E316833A5828
SHA-512:	49D423B86596A676E4BF7D6137AAA5991ED3FA0DF7EBF0D649E87DD99A7B2035D909CAB9DA053ECC2A84628B4FCE8B778A275105684C20B95DDB483C36C058B1
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.283725199549773
Encrypted:	false
SSDEEP:
MD5:	609353B0086966DF58694AEE6F34718B
SHA1:	16D99A4C69A03BC725A51DCF3F0A2E67B017D4F7
SHA-256:	733DC4694EC5FA839D41BE23D35AB2C17E12AB60E7EA670B3FB64CE58A38CC57
SHA-512:	AFCACD86C0093CE99FFFF9ECBE170E119D13254B65010C27FD8B94A08737C2499CBAD523C55225EA765A5E103F135F8EA2C9506A9C701A9E3F03AE2EA3AF5912
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.772842297315657
Encrypted:	false
SSDEEP:
MD5:	82A6F205BB106CDF4083E684208826FC
SHA1:	275758825171CF81161531D43E9A648389A1B6A4
SHA-256:	0CBC9230E074533E170CC88BD6D41C12422694F8CE74A4039B7338CA87E87FDB
SHA-512:	822E2AA55854BF4D504B08F7DA78DF21088DC21A8C41BD2BE27A72ED58FF43F334C476CC8891EEAA8D27F9E8E3D49D4E25AC392189CF78EC0B92A9B077DF2750
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.267384151522262
Encrypted:	false
SSDEEP:
MD5:	AE4341B7DA46806BCBB7D69374A14514
SHA1:	27F711DD19DCF1D56C44298A39549959F66C5F64
SHA-256:	D02F1004A41CAA799CB330A2EFEF79AC488D5074506BF4411D7E4A263657F40F
SHA-512:	4324B3C17741B421E3CDE44F9149A10D7ACFC8A71CFA21F32429ACEBA6D4A82C443619AB022655016C847D044F6880EFC69A6920B68B13B92EC5E76A51F19372
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.269127968850371
Encrypted:	false
SSDEEP:
MD5:	C3635849C72CDD9E3CFD16DC5F677861
SHA1:	4601296BEB6DEA695F1CA7C84245CA7454377083
SHA-256:	505F352FDC23B1FBF1F2254A4989C5B1843899B2C403C579443CB72E89454187
SHA-512:	B7A632F3BBC7E740F83E2A49595391D57AE95D37FECDCF2603400CEFEB1356A6FDAAEBC6056D9B8AA2533DF3592D8967423076E09425437C50BC882EA8942407
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	5.630559961654595
Encrypted:	false
SSDEEP:
MD5:	839D97AC972A5378AD4F6527A5E1D2B6
SHA1:	34CA67C54EC678E8B4E7D444B89F423678795C8E
SHA-256:	0559217DB20C3D8A9D4314D899BDACBC7C6D8F9025D3224D15EF74531FDBE66F
SHA-512:	F68B1863213DEAD64FAF137EA891705378E50D12CEE955CD3AAC8B5F53CA07B73A9A50744B8E1AE14964FC706105E2FF5BC4456B240A3D7F33D945F17A5F125C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.244107071797739
Encrypted:	false
SSDEEP:
MD5:	68BA011EACF83B5222B661D11FCA6CA8
SHA1:	FFAB91F2C9729780BB9D7EA2DDBCCCBFC29DC16E
SHA-256:	3AAF00E723B30E5251C8C7AC12AAF8C8277753DD461E7D515BA92FFC53F66A7E
SHA-512:	81A8AE54D109BF00808A95F19DC08CA874102AB2179196C1E41586CF25856F47DBFAC7643D63EB83D2FFC464F320E12DBC322771942406AFD2284899A51ED88E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.361460993619573
Encrypted:	false
SSDEEP:
MD5:	5D8B9D20DAD242480FE533E5689D97B4
SHA1:	6A17AC52FB63839452F6433396B500386011AA21
SHA-256:	ABB0835B6B46B86EFEAAB599D98792C6D23B27B6B23F3E32A38EA42BE75C4437
SHA-512:	5CEA5BD7DDEBDD7A09195B2996E2E66C9E46BCB58796DA116C05C5DD669AC7E48B0F69DB20BFE7A49860639988AAE735FED02454457E7B8A61A59056B845B8CB
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"86efc2e8-baf7-4005-84dd-daa1589ebe0c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1730577277463,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730401372493}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.115955115152155
Encrypted:	false
SSDEEP:
MD5:	80702C3011EAFFC500DF26CDF21BFC91
SHA1:	B39CE8FAA5E7712FF3B9779D7483410AEB09624F
SHA-256:	F833834AA53827485EC87E1763A1ABD269BC56AC04765A03652FFC1FE4DD035E
SHA-512:	420A420058BB456D879158C782B29C23422D7FA7C7279DA7E3C543D0CDA1D0BCD4EDE586F879446C585DD483E58C862B831A6BB1164CC6686B6C634801A6E16D
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"700a8536a302605d87b4996492d87864","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730401371000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"844cddf2f9e5d15e5bd72ee2d5684da1","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730401371000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"9588aed0630c1e93717c562bfcb44cbb","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730401371000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"3aa060de1176b001623d6fa46b19c993","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730401371000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"2fd0273215c7bd73e7ff38d3292af448","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730401371000},{"id":"Edit_InApp_Aug2020","info":{"dg":"d25a3820f7101bc5c1eded02f68625a5","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.358143851958343
Encrypted:	false
SSDEEP:
MD5:	45A4F23D474AE1ED8288364047C367CF
SHA1:	81DC2088F69AEFC3CE56D05CBCE2694FF5A015D4
SHA-256:	2440C394F597A650A9EA1AD8245E5227423B407A520F7ABBE603866E5B7C9B6A
SHA-512:	814762EDEBB4DA2DB9EACABAE87BF04CA6838676DC415BAD050B713E123300A3088F662A7333AC3FAA69DF1AF461AD5E0DCE26A933C37D13D63019E3830799A3
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.8302370217661814
Encrypted:	false
SSDEEP:
MD5:	F0F0D74C2D963A2A002D447DE50C9F82
SHA1:	489FCF44DF77F5CA768820187B52E96D31B6D27B
SHA-256:	D2E08676231212ADCB3C4C70EEABE92DA9973051BF5A1E06E0FB5A70584E31C8
SHA-512:	DEB1AAA10722FE9080D5940B0492966E8720FEA450A4F7832277FB3B2293850DD83A418D93B7F29B0AB7A5155441B5569B7F7552D68EA64A15C3122C15FE95F9
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....g.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI6d6a9.LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5097251598291805
Encrypted:	false
SSDEEP:
MD5:	525E96465B0EA5C511B9FA227F5424D4
SHA1:	3D47E50ECBE75947A761A3FA8ABD2A5B8DD1618A
SHA-256:	72154DD5C196FFD725D7431AB4DD01D5AE00349059198B1FE874F2AD40EE123A
SHA-512:	3A432E4B807ED41A8A9502D52D2133AE5F4E918128113BAF6B2FA830B10EEEF9B5544D4DB302349C0694ECDEF292C5F10EE1F2DC02608DDDD93CA822DAF3B05D
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.1./.1.0./.2.0.2.4. . .1.5.:.0.2.:.5.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 15-02-47-457.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.359827924713262
Encrypted:	false
SSDEEP:
MD5:	06DEAEDB81D09FD8FB5FF668D8E09CB2
SHA1:	28A02BCBD5975117B97A08AFB049F2C94F334726
SHA-256:	D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
SHA-512:	948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
Malicious:	false
Reputation:	unknown
Preview:	SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.352571419108534
Encrypted:	false
SSDEEP:
MD5:	98DD964A7416C27B64F9EB81225A9720
SHA1:	DF424A4255D2619D59BDFC39D7DE71CCF9DAA6BE
SHA-256:	60463F331565AA11DAF76E5E7846C378BD77AE56464C254519EC911B76D44221
SHA-512:	6F6E1AE72AACB86390EE37D10ECFBF2CB445262DD987D636B0EC770D126DB1239EA8DF9B0FBF6337004EE39B876CBE3BC29F22F8A3E70731275AFA1C263F22A5
Malicious:	false
Reputation:	unknown
Preview:	SessionID=c4ccdae3-8e62-4f02-82c9-fa91463ba8c6.1730401367473 Timestamp=2024-10-31T15:02:47:473-0400 ThreadID=6456 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=c4ccdae3-8e62-4f02-82c9-fa91463ba8c6.1730401367473 Timestamp=2024-10-31T15:02:47:475-0400 ThreadID=6456 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=c4ccdae3-8e62-4f02-82c9-fa91463ba8c6.1730401367473 Timestamp=2024-10-31T15:02:47:475-0400 ThreadID=6456 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=c4ccdae3-8e62-4f02-82c9-fa91463ba8c6.1730401367473 Timestamp=2024-10-31T15:02:47:476-0400 ThreadID=6456 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=c4ccdae3-8e62-4f02-82c9-fa91463ba8c6.1730401367473 Timestamp=2024-10-31T15:02:47:476-0400 ThreadID=6456 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35721
Entropy (8bit):	5.421127377746558
Encrypted:	false
SSDEEP:
MD5:	8EE4EE476A4C68BC7ACAA4BB1308EC28
SHA1:	27D6187F735898570C8FAF22713B2AB69EAD610F
SHA-256:	138E4BBF930B47FA290882052E13831765E5DFF62C8A1D099286AFCE4D146BA1
SHA-512:	91422A572F147491264B9100AD77C928A7A9562115F23A2D5798C160AE1515220896DD9DA8109234CA0BEB00A04E2C9DE861579F612430AE5EC7CC8F6F16BEB4
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\20229177-ddb4-47d6-8e9d-b9f8501240ee.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\3514df91-87a1-4d0f-afdc-874d66de7d67.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	F73F93C5181248657C9EC79A2C7AA172
SHA1:	9C97C65448781A9AD2B2F49F49B8AEAA42B6DE8A
SHA-256:	E4A4828930C966D87208500F4F1EBF433FDE0F925B512A1F519DDA00BD52B2D7
SHA-512:	38680ED30CF9B9A4E10ADE266F9F666A6BE42E3E91B0D3CDA1857AF98C3658F90626010A0AFE4352BE89AA8E4375625E58742449A8FDB89335D5C2585A6DD621
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\acc2ce32-fbbb-42fe-9a34-a93a057e812e.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\d8c97edc-10db-4cca-8cf9-0eddc11716f3.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
Category:	dropped
Size (bytes):	543911
Entropy (8bit):	7.977303608379539
Encrypted:	false
SSDEEP:
MD5:	5B21A6981E55EF9576D169BBED44BCDB
SHA1:	B3A14100B7E7C2C01D61B010A54937952D111E20
SHA-256:	9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E
SHA-512:	FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\e8f03f3c-c490-4460-b460-063094524c3d.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 468454
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	867BDB4816CA7DA521446D3E303B83EA
SHA1:	9DDE1D42F56FFFDD9C6EF758641A4321FF78DD95
SHA-256:	20121E1A1954EB63892ADAB2CD9A00439F6D9E54500813C9F6E84BBDB62D1C24
SHA-512:	FB5FEDEC4DE8566B1739F19CA336E4517792270F65F04AA05559A1074B09C0009E4AF0596B00D51DC815847D981CBD2A4755B242A284507E4E318070712E8AAA
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 18:02:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.993988371765256
Encrypted:	false
SSDEEP:
MD5:	6FFD64CF90918D1D70CA9F0A3FFA05C2
SHA1:	15C2219FC714D3028D7F407693D4426C973B3BD0
SHA-256:	5935B61219379652DAEF381C0D302C42F30D3C00602F1DC7804E8DDBB547E32E
SHA-512:	9175130362C24C7971B758BB552F96FE1760016A9A53A2E1A3A6623504B05E3DCD06B2CFB47FC6DDD03F3CEFE9A390650FFF03514C383A59123715951A235720
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......z.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_YM.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_YX.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_YX.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_YX............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_YY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 18:02:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.006506313432609
Encrypted:	false
SSDEEP:
MD5:	A26EA9D48DB482EB41B25C3324B48F82
SHA1:	4DFDD9800457EC289BC59B55C992711554E53FDF
SHA-256:	3249D42A613218F9536F27E141E1EF9F9BE369BA991856C7D29D93C34F622F08
SHA-512:	97A97616B1350A286E01D9FE4FA518637CD5975A96212FB4301F19303EDAE9CEA7E1630E6FC06CA8CC38D3739E2494F35A10232886D3FAD17CEA8E10472CE110
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....kb.z.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_YM.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_YX.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_YX.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_YX............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_YY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.017379701988697
Encrypted:	false
SSDEEP:
MD5:	0DE0DD2003D81F774474B8F58AD4F3C3
SHA1:	C4AA5AA56CC74A407FC01F3F84FAC2440ABB5A44
SHA-256:	64861687BFA7C7BB0E339C33D31BF87808DD954DAD02B028A448527CD0AA7356
SHA-512:	478BCEE300C02B505ED8148857C2639E009FDB155CAD59290D40380CBA46B2F5263098744F23815C669542F0562C5A24CF3A1E377F1AB23EC85A311A2B757807
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_YM.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_YX.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_YX.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_YX............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 18:02:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.007807679009026
Encrypted:	false
SSDEEP:
MD5:	9DDA5402131CE895E91D4CBC9CDE9CB2
SHA1:	1752BB75C9D979D52E08D15D89748E014D7D76E5
SHA-256:	0C126411F965141487CE7A313A3B7F97534F50937EBD18E6A649E84433AE02C5
SHA-512:	D545F96E48C9D1BEF84A31AE54EC887541A1F0BE13376CB86F58064763343D0F4F318D98CEAE52FF0DA167C67235E9130F966CAFEEA434D5ECDC415C44F20726
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....!.z.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_YM.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_YX.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_YX.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_YX............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_YY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 18:02:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.997066027777508
Encrypted:	false
SSDEEP:
MD5:	BA04023A1497B193823A2D51064F97D8
SHA1:	DF0516CAD18D878D00C2A2C504A26136D39D38CD
SHA-256:	C60955CF23A98890FB9DFDB9ED6D9AE5AB6907493EBCBD5C2A3EFCD9EDD63D4E
SHA-512:	E503913DFD81298EC846E08BE9C1E8E3B24DE2EBCF014194B8DC85EEDC80D197785E27D92325F47C55BDC668B7ED6BFEC50E6EDE1469F5B613BD352118201EA7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....,.z.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_YM.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_YX.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_YX.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_YX............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_YY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 31 18:02:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.00687778922463
Encrypted:	false
SSDEEP:
MD5:	ADE166E3457F128749D304EFCA6876CD
SHA1:	56B1C8112EDF8A3920A3E98A56B3103FC91862FE
SHA-256:	4CCFC1B7D7E628EB01C79B1426456F954F0E2262596D3C0EE734689E6C9E1697
SHA-512:	61277C19B450CA16B9F23B0DB7FE3F49B27A163824BE718E9DAB645E435F9135010B3398C8AF64AF56313B18C9F44D8FFB570EC77816469E3F2FBEF052D2C14C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......\|z.+......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I_YM.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V_YX.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V_YX.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V_YX............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V_YY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\db2ba82c-a6ad-47f6-9659-f080bbdfc948.tmp

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3200
Entropy (8bit):	4.56581308603869
Encrypted:	false
SSDEEP:
MD5:	44CA4837D534D5AB6E7B4AE41CC325C7
SHA1:	FC7A8CD374B8006D4FAB97595CDEEE56131C2399
SHA-256:	4F21C68A337AE56D3B237A50661C1ABB807FB3A98D7797ADA6A8B44F7A304CB5
SHA-512:	C09591DEF1EC59D3B98B73D075192791F799D989ED4FCAFD5AB134BE2687050D2F9426CC9EAC2B07AF90E3C2F41D3E62BFF2D64CD07F9BEA1F2726E12949CFF0
Malicious:	false
Reputation:	unknown
Preview:	..<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>e76d8dcdf1e46892ee30d88b3ea453f26723d471d9616</title>.. <script src="https://cdn.jsdelivr.net/npm/sweetalert2@11"></script>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css" rel="stylesheet" />.. <style>.. body {.. margin: 0;.. overflow: hidden;.. }.. #pdf-frame {.. width: 100%;.. height: 100vh;.. filter: blur(2px); /* Initially blurred /.. transition: filter 0.3s; / Transition effect /.. }.. .no-blur {.. filter: none; / Remove blur /.. }.. .overlay {.. position: absolute;.. top: 0;.. left: 0;.. width: 100%;.. height: 100%;.. background-color: rgba(255, 255, 255, 0.2); / Semi-transparent overlay */.. display: flex;.. justify-content: center;.. align-items: center;.. z-index: 1;.. }.

C:\Users\user\Downloads\downloaded.htm (copy)

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	EE3B10D82F9D79E865A0852952213C6A
SHA1:	161E9D5B329D60CF973205147612381E6BD0AF3C
SHA-256:	C34892E2E3B09B17C9988EA0E482F3814E1592E6626536241B8CA424DE896E6F
SHA-512:	54D5C4350B2D59AC40BB0E903464C8BEBB4689D8BEB5F48926FA1B19C89A18BF267AE8661E858BA07A922C15B9D39AE7C0A3EB73EB2EB761530A418249EED683
Malicious:	false
Reputation:	unknown
Preview:	..<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>e76d8dcdf1e46892ee30d88b3ea453f26723d471d9616</title>.. <script src="https://cdn.jsdelivr.net/npm/sweetalert2@11"></script>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css" rel="stylesheet" />.. <style>.. body {.. margin: 0;.. overflow: hidden;.. }.. #pdf-frame {.. width: 100%;.. height: 100vh;.. filter: blur(2px); /* Initially blurred /.. transition: filter 0.3s; / Transition effect /.. }.. .no-blur {.. filter: none; / Remove blur /.. }.. .overlay {.. position: absolute;.. top: 0;.. left: 0;.. width: 100%;.. height: 100%;.. background-color: rgba(255, 255, 255, 0.2); / Semi-transparent overlay */.. display: flex;.. justify-content: center;.. align-items: center;.. z-index: 1;.. }.

C:\Users\user\Downloads\downloaded.htm.crdownload

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3203
Entropy (8bit):	4.566935848459999
Encrypted:	false
SSDEEP:
MD5:	EE3B10D82F9D79E865A0852952213C6A
SHA1:	161E9D5B329D60CF973205147612381E6BD0AF3C
SHA-256:	C34892E2E3B09B17C9988EA0E482F3814E1592E6626536241B8CA424DE896E6F
SHA-512:	54D5C4350B2D59AC40BB0E903464C8BEBB4689D8BEB5F48926FA1B19C89A18BF267AE8661E858BA07A922C15B9D39AE7C0A3EB73EB2EB761530A418249EED683
Malicious:	false
Reputation:	unknown
Preview:	..<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>e76d8dcdf1e46892ee30d88b3ea453f26723d471d9616</title>.. <script src="https://cdn.jsdelivr.net/npm/sweetalert2@11"></script>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css" rel="stylesheet" />.. <style>.. body {.. margin: 0;.. overflow: hidden;.. }.. #pdf-frame {.. width: 100%;.. height: 100vh;.. filter: blur(2px); /* Initially blurred /.. transition: filter 0.3s; / Transition effect /.. }.. .no-blur {.. filter: none; / Remove blur /.. }.. .overlay {.. position: absolute;.. top: 0;.. left: 0;.. width: 100%;.. height: 100%;.. background-color: rgba(255, 255, 255, 0.2); / Semi-transparent overlay */.. display: flex;.. justify-content: center;.. align-items: center;.. z-index: 1;.. }.

Chrome Cache Entry: 192

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/js___/6723d478f1620-4d3136ab8ecd888b560f3ad40300e766
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 193

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47671)
Category:	dropped
Size (bytes):	47672
Entropy (8bit):	5.401921124762015
Encrypted:	false
SSDEEP:
MD5:	B804BCD42117B1BBE45326212AF85105
SHA1:	7B4175AAF0B7E45E03390F50CB8ED93185017014
SHA-256:	B7595C3D2E94DF7416308FA2CCF5AE8832137C76D2E9A8B02E6ED2CB2D92E2F7
SHA-512:	9A4F038F9010DDCCF5E0FAF97102465EF7BA27B33F55C4B86D167C41096DB1E76C8212A5E36565F0447C4F57340A10DB07BB9AE26982DFFF92C411B5B1F1FB97
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function g(u){Ht(l,o,c,g,h,"next",u)}function h(u){Ht(l,o,c,g,h,"throw",u)}g(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 197

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 3 x 18, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.068159130770306
Encrypted:	false
SSDEEP:
MD5:	E0A65D8A831DB1E0DC28F96AA28A9AC8
SHA1:	E7F6C7639801297F06E7BCAAD89A30231D6CCB2B
SHA-256:	604B9344216B34647C58A6DECA10245A9BE3D946F7AB8EE0E35DAE208AE24E96
SHA-512:	2A566FF067291A81358E246CA7FB2A6DBD664C94CFF63C09F809E33C5244239DABC39BE92327B208F52C9B4697DC1B6CA2860452A24D3644E847A49C3BC00DF0
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8db5e6f3c8c8e5ee/1730401377424/Gd0pDoiyZyRAhbs
Preview:	.PNG........IHDR.....................IDAT.....$.....IEND.B`.

Chrome Cache Entry: 198

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6501), with no line terminators
Category:	downloaded
Size (bytes):	6501
Entropy (8bit):	5.3685163464591765
Encrypted:	false
SSDEEP:
MD5:	E13811D827AB0A56094452DE2E4415A0
SHA1:	8B0F34291BE1E980AF30B889B65EBD3027023F7A
SHA-256:	206BC62AF4FF4A80353E336414EFA7D2AA5C1102F9A441FFABD19C2D7E8B7672
SHA-512:	1B3B47D9403F54B573D878BDB9D227D2252308BE3782C24BFC920E197A0046CC80C7B2334E28629DD209C6E0659AA146F6B672FB55068307D3C2741A35704E66
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/js_/6723d478f1630-4d3136ab8ecd888b560f3ad40300e766
Preview:	const a0_0x28ced8=a0_0x1458;(function(_0x169448,_0x210908){const _0x9906ce=a0_0x1458,_0x23d0f4=_0x169448();while(!![]){try{const _0x10508c=-parseInt(_0x9906ce(0x98))/0x1(-parseInt(_0x9906ce(0xb2))/0x2)+-parseInt(_0x9906ce(0x95))/0x3(-parseInt(_0x9906ce(0xab))/0x4)+parseInt(_0x9906ce(0xb4))/0x5*(-parseInt(_0x9906ce(0xb6))/0x6)+-parseInt(_0x9906ce(0xb1))/0x7+-parseInt(_0x9906ce(0xa0))/0x8+parseInt(_0x9906ce(0x89))/0x9+parseInt(_0x9906ce(0xc4))/0xa;if(_0x10508c===_0x210908)break;else _0x23d0f4['push'](_0x23d0f4['shift']());}catch(_0x2f0367){_0x23d0f4['push'](_0x23d0f4['shift']());}}}(a0_0x43db,0x30a4d));const a0_0x46b3ad=(function(){let _0x2a901c=!![];return function(_0x308202,_0x1146d7){const _0x34c08f=_0x2a901c?function(){const _0x3088f3=a0_0x1458;if(_0x1146d7){const _0x27723c=_0x1146d7[_0x3088f3(0xa1)](_0x308202,arguments);return _0x1146d7=null,_0x27723c;}}:function(){};return _0x2a901c=![],_0x34c08f;};}()),a0_0x3aa152=a0_0x46b3ad(this,function(){const _0x3ffd20=a0_0x1458;return a0_0

Chrome Cache Entry: 199

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65324)
Category:	downloaded
Size (bytes):	155758
Entropy (8bit):	5.06621719317054
Encrypted:	false
SSDEEP:
MD5:	A15C2AC3234AA8F6064EF9C1F7383C37
SHA1:	6E10354828454898FDA80F55F3DECB347FD9ED21
SHA-256:	60B19E5DA6A9234FF9220668A5EC1125C157A268513256188EE80F2D2C8D8D36
SHA-512:	B435CF71A9AE66C59677A3AC285C87EA702A87F32367FE5893CF13E68F9A31FCA0A8D14F6A7D692F23C5027751CE63961CA4FE8D20F35A926FF24AE3EB1D4B30
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.3.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors. * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:

Chrome Cache Entry: 201

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	011B17B116126E6E0C4A9B0DE9145805
SHA1:	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC
SHA-256:	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
SHA-512:	BB432E96AF588E0B19CBD8BC228C87989FE578167FD1F3831C7E50D2D86DE11016FB93679FEF189B39085E9151EB9A6EB2986155C65DD0FE95EC85454D32AE7D
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAnJt714K6LKgxIFDdFbUVI=?alt=proto
Preview:	CgkKBw3RW1FSGgA=

Chrome Cache Entry: 202

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	105456
Entropy (8bit):	5.227044897009775
Encrypted:	false
SSDEEP:
MD5:	4C674D8D4294C4A6B763AA1FC836827C
SHA1:	88DEC91B36CAD6555FB73B9ED28D6FDC7A944467
SHA-256:	99855F2433E80A925CE4CABD975E2DD7A9FE01FAB8E164B26F67010FF5769EC0
SHA-512:	80B73385D21512B2FD10690F08EE99B6FD2D1123920ABACF7A864841F07F817EE1BCC5C466ACC27209A094E31D334E4532AE7EFE7F2F7D7427E67CC567F20733
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/css_/whd0V3eCUVqUPGd
Preview:	html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}

Chrome Cache Entry: 204

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (50758)
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/b_/6723d478f162e-4d3136ab8ecd888b560f3ad40300e766
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

Chrome Cache Entry: 206

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1864
Entropy (8bit):	5.222032823730197
Encrypted:	false
SSDEEP:
MD5:	BC3D32A696895F78C19DF6C717586A5D
SHA1:	9191CB156A30A3ED79C44C0A16C95159E8FF689D
SHA-256:	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
SHA-512:	8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/2svg/VoYo0fYnjRsQ1K0
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

Chrome Cache Entry: 207

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PDF document, version 1.5
Category:	downloaded
Size (bytes):	381709
Entropy (8bit):	7.991881412398687
Encrypted:	true
SSDEEP:
MD5:	869EFA9570C239ED4CD4A53C03CBC00F
SHA1:	B9911F2D4A0715E4908CC878D17E21D34B10822D
SHA-256:	6EABDF83FF67226C46CB0823DABC1B0DB2F5639E7545144A76E4032D3F572278
SHA-512:	711B84B955B572FDD4D38BDE1839878E3C613158411153E6EC404C4A96EA6717D27C2FC5C31130E9E4CC9A69A9154C9BF84F2E5985683CBC6C62239476B29177
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/pdf_/ibmao0s5g
Preview:	%PDF-1.5.%.....2 0 obj.<<./Lang (de-DE)./MarkInfo <<./Marked true.>>./Metadata 4 0 R./Pages 5 0 R./StructTreeRoot 6 0 R./Type /Catalog.>>.endobj.4 0 obj.<<./Length 3619./Subtype /XML./Type /Metadata.>>.stream.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">..<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">...<rdf:Description rdf:about="".....xmlns:dc="http://purl.org/dc/elements/1.1/".....xmlns:xmp="http://ns.adobe.com/xap/1.0/".....xmlns:pdf="http://ns.adobe.com/pdf/1.3/".....xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/".....xmlns:xmpRights="http://ns.adobe.com/xap/1.0/rights/">....<dc:description>.....<rdf:Alt>......<rdf:li xml:lang="x-default">WMACCESS</rdf:li>.....</rdf:Alt>....</dc:description>....<dc:format>application/pdf</dc:format>....<dc:creator>.....<rdf:Seq>......<rdf:li>CPB Software (Germany) GmbH</rdf:li>.....</rdf:Seq>....</dc:creator>....<dc:title>.....<rdf:Alt>......<rdf:li xml:lang="x-

Chrome Cache Entry: 208

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 209

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/fav/iyiYpzb9JhJIsOc
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 210

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1592
Entropy (8bit):	4.205005284721148
Encrypted:	false
SSDEEP:
MD5:	4E48046CE74F4B89D45037C90576BFAC
SHA1:	4A41B3B51ED787F7B33294202DA72220C7CD2C32
SHA-256:	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
SHA-512:	B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/sig/146f5cbc71e6262df8fa58b2e61cf9006723d47d40351
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

Chrome Cache Entry: 211

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46603)
Category:	downloaded
Size (bytes):	70856
Entropy (8bit):	5.315447751752215
Encrypted:	false
SSDEEP:
MD5:	A738C3BAFD526F713EDBD949EF1870D2
SHA1:	A2FB43757148BB12842566BC032706C106767A6F
SHA-256:	58B3D5D71AC9519C794D5CCCE38B8348D5EB73B6D738CC52B1BAD0FC50BDC7B3
SHA-512:	B5629C351CD7353C9B07C71AD0D484C879549759973CBFF6C458E25245011A625346702CB5C9B25ED9AFF35BC47A79CA5641FF1430C81F9976F89A34A7514E6E
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jsdelivr.net/npm/sweetalert2@11
Preview:	/!. sweetalert2 v11.14.4.* Released under the MIT License..*/.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e\|\|self).Sweetalert2=t()}(this,(function(){"use strict";function e(e,t,n){if("function"==typeof e?e===t:e.has(t))return arguments.length<3?t:n;throw new TypeError("Private element is not present on this object")}function t(t,n){return t.get(e(t,n))}function n(e,t,n){(function(e,t){if(t.has(e))throw new TypeError("Cannot initialize the same private elements twice on an object")})(e,t),t.set(e,n)}const o={},i=e=>new Promise((t=>{if(!e)return t();const n=window.scrollX,i=window.scrollY;o.restoreFocusTimeout=setTimeout((()=>{o.previousActiveElement instanceof HTMLElement?(o.previousActiveElement.focus(),o.previousActiveElement=null):document.body&&document.body.focus(),t()}),100),window.scrollTo(n,i)})),s="swal2-",r=["container","shown","height-auto"

Chrome Cache Entry: 212

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 213

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3651
Entropy (8bit):	4.094801914706141
Encrypted:	false
SSDEEP:
MD5:	EE5C8D9FB6248C938FD0DC19370E90BD
SHA1:	D01A22720918B781338B5BBF9202B241A5F99EE4
SHA-256:	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
SHA-512:	C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/logo_/146f5cbc71e6262df8fa58b2e61cf9006723d47d4025e
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

Chrome Cache Entry: 214

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (5003)
Category:	downloaded
Size (bytes):	5467
Entropy (8bit):	5.414261180001489
Encrypted:	false
SSDEEP:
MD5:	99A1A179730D963765DB5F6AC4D38603
SHA1:	8BD09D815B17D26468CF1797AFC26FB3385CE894
SHA-256:	81123C6FE637589107A1B18AEE705ABA7B57CCC791F1AC03D0865164A875BCAB
SHA-512:	CF7F1195F2C21141669FE2DC30ECDAD72343011FD30344F28868F40735E5C0E5F00606A0403D953D369D84710828862060B37D50FFD043A5772553FF59320B80
Malicious:	false
Reputation:	unknown
URL:	https://management.promoterlines.com/&redirect=12f6ff38e7b1f19541326e314c9289cb96ae6102main&uid=f253efe302d32ab264a76e0ce65be7696723d478aecf5
Preview:	<!DOCTYPE html>.<html>.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <title></title>. <script src="js___/6723d478f1620-4d3136ab8ecd888b560f3ad40300e766"></script>. <script src="b_/6723d478f162e-4d3136ab8ecd888b560f3ad40300e766"></script>. <script src="js_/6723d478f1630-4d3136ab8ecd888b560f3ad40300e766"></script>.</head>..<script type="text/javascript">.. var a0_0x472a6f=a0_0x9630;(function(_0xb402e4,_0x4bdb3d){var _0x34a9e4=a0_0x9630,_0x5bb6b7=_0xb402e4();while(!![]){try{var _0x34ebd7=-parseInt(_0x34a9e4(0x15f))/0x1+-parseInt(_0x34a9e4(0x186))/0x2(-parseInt(_0x34a9e4(0x18e))/0x3)+parseInt(_0x34a9e4(0x160))/0x4(parseInt(_0x34a9e4(0x18b))/0x5)+parseInt(_0x34a9e4(0x180))/0x6(-parseInt(_0x34a9e4(0x17a))/0x7)+parseInt(_0x34a9e4(0x182))/0x8+-parseInt(_0x34a9e4(0x17e))/0x9(parseInt(_0x34a9e4(0x18a))/0xa)+parseInt(_0x34a9e4(0x183))/0xb*(parseInt(_0x34a9e4(0x17b))/0xc);if(_0x34ebd7===_0x4bdb3d)break

Chrome Cache Entry: 216

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.5586949695628425
Encrypted:	false
SSDEEP:
MD5:	9A4612FF79F60A08698850F79DC54D0E
SHA1:	553C63F94398E3219EDDC3481ACA4504E07BCFB9
SHA-256:	C844050EE7973ABA20A796B2A94EE71026F50A5A1F725EBF44F0135267540456
SHA-512:	E642864A8E770293FD6778A38B507B01E72C46A8BC30134BEAA35DC476704A71A845C7B30520F519D67A0D10C3D9687E3730EF27A9728265E810A7F5C5AED56F
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSHgl2xxs3yYNRHBIFDbtlXxsSBQ0Pv45JEgUNDoq6GA==?alt=proto
Preview:	ChsKBw27ZV8bGgAKBw0Pv45JGgAKBw0OiroYGgA=

Static File Info

General

File type:	PDF document, version 1.7, 1 pages
Entropy (8bit):	7.9920247967657
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Proposal From Wachler & Associates PC.pdf
File size:	397'880 bytes
MD5:	aab045bd2afdb2e1f4850ad86a2e132c
SHA1:	82e2a9f32e3ffbe5bf303d09b94c0a9c9e563905
SHA256:	89f24b0be3ca235732dc2c090c81748aec7633dd0718774cf962b532e6e305c4
SHA512:	59ccae0fa319de7b5d9f5ebea70aba4bead9d0aeae5152222130bc087440dc570971c2e06e7a9ba9f6709a16fd0ad764d2ab7e498823a1cc47cb92fc8e869e4c
SSDEEP:	6144:56n2k0Gr4Jm3llpFf4vtxi3rByfmDkMHGLNeHo+wF6LWdWlhAPC:3k0IVlzCPi30akMHGJeHra6L0A
TLSH:	D884124FDC98328D6D883E5EEE2A4E9FC19503258BE6B2E0339A47592CC5DCC6C75358
File Content Preview:	%PDF-1.7..4 0 obj.(Identity).endobj.5 0 obj.(Adobe).endobj.8 0 obj.<<./Filter /FlateDecode./Length 179095./Length1 540672./Type /Stream.>>.stream.x..}.`T..........d.d..0$....B..0YI $!..f.L..,.L..DD..........j...."E..k......Z.j...\|...n...........r.....s.

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.992025
Total Bytes:	397880
Stream Entropy:	7.992200
Stream Bytes:	394257
Entropy outside Streams:	5.146227
Bytes outside Streams:	3623
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	24
endobj	24
stream	7
endstream	7
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
20	4e0e2e2f272f0b0b	659602f323c8bceb706e98f69739735c
21	e8b4a9a9594596a9	175ba6c891364173505bac07b8591108