Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Mbda Us.pdf

Overview

General Information

Sample name:Mbda Us.pdf
Analysis ID:1590834
MD5:37810d9f4d3b8b0a388e88d1f327aac8
SHA1:ece1036ac1c3a107e840d2de39b8fc0e13000018
SHA256:9ef0c58a83ace97e4f83020acb6758db4cc31a6d56c62bd0bfabab9844bb0ebc

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
Suspicious PDF detected (based on various text indicators)
HTML body contains low number of good links
HTML page contains hidden javascript code
No HTML title found
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 1792 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Mbda Us.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6860 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2396 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1588,i,6210781285683596015,6033824672751772114,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 7520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1964,i,16742441070757060923,15434678000855486884,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52Joe Sandbox AI: Score: 8 Reasons: The brand 'DocuSign' is a well-known electronic signature service., The legitimate domain for DocuSign is 'docusign.com'., The URL 'embeds.beehiiv.com' does not match the legitimate domain for DocuSign., The domain 'beehiiv.com' is unrelated to DocuSign and could be a third-party service., The presence of an input field asking for an email on an unrelated domain is suspicious. DOM: 1.2.pages.csv
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: Page contains button: 'VIEW DOCUMENT' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'view document'
AI detected suspicious Javascript
Source: 0.13.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe... This script exhibits several high-risk behaviors, including data exfiltration to an unknown domain ('collector-PXeBumDLwe.px-cloud.net') and the use of obfuscated URLs. The script appears to be collecting sensitive user data, such as session information, and transmitting it to a third-party domain without transparency. This behavior is highly suspicious and indicative of potential malicious activity, warranting a high-risk score.
Source: 0.9.i.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscation of the script's purpose raise significant security concerns. While the script may have a legitimate purpose, such as implementing a security challenge, the overall behavior is highly suspicious and indicative of a potential attack vector.
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDFOCR Text: DocuSign Secure Document Received You have received a document that requires your review and signature VIEW DOCUMENT Please review and affix your signature on the document. Document can only be viewed by james.pennock@mbda-us.com. If you are ready to sign please read through the agreement. All the red boxes are required fields, you will not be able to skip them, the grey fields are optional but encouraged. Sign-in authentication with recipient email is required to review and electronically sign the pending document. There is no requirement for a paper copy to be produced if completed with DocuSign. Do Not Share This Email This email contains a secure link to DocuSign. Please do not share this email or link with others. About DocuSign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go, or even across the globe DocuSign provides a professional trusted solution for Digital Transaction ManagementTM. Questions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly. Stop receiving this email Report this email or read more about Declining to sign and Managing notifications. If you are having trouble signing the document, please visit the Help with Signing page on our Support Center.
Source: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52HTTP Parser: Number of links: 0
Source: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52HTTP Parser: Base64 decoded: 1736862975.000000
Source: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52HTTP Parser: HTML title missing
Source: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52HTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-WJXL7FH
Source: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52HTTP Parser: No <meta name="author".. found
Source: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 30MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: unknownTCP traffic detected without corresponding DNS query: 104.18.69.40
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: client.px-cloud.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: stk.px-cloud.net
Source: global trafficDNS traffic detected: DNS query: collector-pxebumdlwe.px-cloud.net
Source: global trafficDNS traffic detected: DNS query: nel.heroku.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: classification engineClassification label: mal60.phis.winPDF@30/57@20/193
Source: Mbda Us.pdfInitial sample: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-14 08-55-37-155.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Mbda Us.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1588,i,6210781285683596015,6033824672751772114,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1588,i,6210781285683596015,6033824672751772114,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1964,i,16742441070757060923,15434678000855486884,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1964,i,16742441070757060923,15434678000855486884,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Mbda Us.pdfInitial sample: PDF keyword /JS count = 0
Source: Mbda Us.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Mbda Us.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Mbda Us.pdfInitial sample: PDF keyword obj count = 62
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomains1
Drive-by Compromise		Scheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Extra Window Memory Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Mbda Us.pdf2%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
nel.heroku.com
34.227.1.179
truefalse
    		high
    www.google.com
    		142.250.186.36
    		truefalse
      		high
      stk.px-cloud.net
      		34.107.199.61
      		truefalse
        		high
        collector-pxebumdlwe.px-cloud.net
        		35.190.10.96
        		truefalse
          		high
          x1.i.lencr.org
          		unknown
          		unknownfalse
            		high
            client.px-cloud.net
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52true
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                35.190.10.96
                		collector-pxebumdlwe.px-cloud.netUnited States
                		15169GOOGLEUSfalse
                172.217.23.106
                		unknownUnited States
                		15169GOOGLEUSfalse
                172.217.23.104
                		unknownUnited States
                		15169GOOGLEUSfalse
                2.23.227.213
                		unknownEuropean Union
                		8781QA-ISPQAfalse
                23.209.209.135
                		unknownUnited States
                		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
                2.23.227.219
                		unknownEuropean Union
                		8781QA-ISPQAfalse
                52.6.155.20
                		unknownUnited States
                		14618AMAZON-AESUSfalse
                172.217.18.10
                		unknownUnited States
                		15169GOOGLEUSfalse
                199.232.210.172
                		unknownUnited States
                		54113FASTLYUSfalse
                34.107.199.61
                		stk.px-cloud.netUnited States
                		15169GOOGLEUSfalse
                172.64.41.3
                		unknownUnited States
                		13335CLOUDFLARENETUSfalse
                142.250.186.99
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.186.35
                		unknownUnited States
                		15169GOOGLEUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUSfalse
                142.250.186.36
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                172.217.18.3
                		unknownUnited States
                		15169GOOGLEUSfalse
                2.23.240.205
                		unknownEuropean Union
                		8781QA-ISPQAfalse
                34.227.1.179
                		nel.heroku.comUnited States
                		14618AMAZON-AESUSfalse
                52.210.217.75
                		unknownUnited States
                		16509AMAZON-02USfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                142.250.186.142
                		unknownUnited States
                		15169GOOGLEUSfalse
                64.233.184.84
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.186.40
                		unknownUnited States
                		15169GOOGLEUSfalse
                104.18.69.40
                		unknownUnited States
                		13335CLOUDFLARENETUSfalse

                Private

                IP
                192.168.2.17
                192.168.2.16
                192.168.2.4
                192.168.2.5

                General Information

                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1590834
                Start date and time:2025-01-14 14:54:32 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:18
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Sample name:Mbda Us.pdf
                Detection:MAL
                Classification:mal60.phis.winPDF@30/57@20/193
                Cookbook Comments:
                • Found application associated with file extension: .pdf

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 2.23.240.205, 52.6.155.20, 3.233.129.217, 3.219.243.226, 52.22.41.97, 172.64.41.3, 162.159.61.3
                • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, ssl-delivery.adobe.com.edgekey.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com
                • Not all processes where analyzed, report is missing behavior information

                Created / dropped Files

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0e236876-30d6-4181-a2cd-0ae0e37e1342.tmp

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):403
                Entropy (8bit):4.953858338552356
                Encrypted:false
                SSDEEP:
                MD5:4C313FE514B5F4E7E89329630909F8DC
                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                Malicious:false
                Reputation:unknown
                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4d822dcc-35e0-4f25-8ef6-ce0d7c00dea7.tmp

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:Unknown
                Category:dropped
                Size (bytes):403
                Entropy (8bit):4.95878138462927
                Encrypted:false
                SSDEEP:
                MD5:29F6717FE08DB831577AC12CE9F6AB9B
                SHA1:09FA6920907772DF8D1744209CF490C463F4987B
                SHA-256:405ADAB841C03CF46360CE83D560229C77F14EA968AA6A2F42B2E64879137359
                SHA-512:049C80A72C21B7F17F5F94E376C1E8DC9EB3358A3EF0EA3C55FB5B1D469CCA1B444AB871EC49343B96096EBE698AD7096624CDD666403A308680DF1EED35ADF5
                Malicious:false
                Reputation:unknown
                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381422941319834","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154126},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:4C313FE514B5F4E7E89329630909F8DC
                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                Malicious:false
                Reputation:unknown
                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF660668.TMP (copy)

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):0
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:4C313FE514B5F4E7E89329630909F8DC
                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                Malicious:false
                Reputation:unknown
                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250114135539Z-166.bmp

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                Category:dropped
                Size (bytes):71190
                Entropy (8bit):2.2991795190299897
                Encrypted:false
                SSDEEP:
                MD5:9D38DFB0F98AA59D8EA8D7EE91103FD5
                SHA1:2718FD8F84B1F1444A8C88934567313086B1F33D
                SHA-256:7FDA8243233D722A31FE653AA5075B32606C3D85800B54F71FEC1F65CA2550D8
                SHA-512:66D0F49C11B2164F3D10D7E7516E486ADB5C08C17CC1A3B91CA3AA6666369E278EA5D216F7D47752D0ECB136D3AAD0E980721DEF8BE7FF4A078B5EF88EB899A6
                Malicious:false
                Reputation:unknown
                Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                Category:dropped
                Size (bytes):57344
                Entropy (8bit):3.291927920232006
                Encrypted:false
                SSDEEP:
                MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite Rollback Journal
                Category:dropped
                Size (bytes):16928
                Entropy (8bit):1.2153781616504105
                Encrypted:false
                SSDEEP:
                MD5:66DCC86158E0ABB4DD3FAD1EEAF5080B
                SHA1:FCD6FDAE67ECD66165975B796D1EFA5196756A5B
                SHA-256:6AA6EFBBD1A83D2E3DE6115B89FEFFC60A7558B807A8062F1DDDCC1A9C684BFD
                SHA-512:F2A4BF23C87D020E343C1BA25F5E4EE13D61E43F3314805FA07DEFDC91B2E75D1A415DD97FA4E7C36BE476BCBCD0690E8E80DA3ED4FFA952555ECE9B3E12952F
                Malicious:false
                Reputation:unknown
                Preview:.... .c.......b........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:Certificate, Version=3
                Category:dropped
                Size (bytes):1391
                Entropy (8bit):7.705940075877404
                Encrypted:false
                SSDEEP:
                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                Malicious:false
                Reputation:unknown
                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                Category:dropped
                Size (bytes):71954
                Entropy (8bit):7.996617769952133
                Encrypted:true
                SSDEEP:
                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                Malicious:false
                Reputation:unknown
                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:data
                Category:dropped
                Size (bytes):192
                Entropy (8bit):2.7425532007658724
                Encrypted:false
                SSDEEP:
                MD5:7FDA031D3888CBC3824EB2F32E526CA9
                SHA1:3AD7F3125514E800C0C84A8261B2B8ACE3E40100
                SHA-256:A376193BF020CBF2E5098827F2726B9AF669A34C239FF2FEE25089B936202D08
                SHA-512:362580AA73B9720B7DA70A48CD79238F0C3746734C208625556A66A9CB8C6C21DB28105584F26F26DA75AEC905935D9C563C3F70A5348EF79AF85008E72D2CFD
                Malicious:false
                Reputation:unknown
                Preview:p...... ........?5...f..(....................................................... ..........W.....a..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:data
                Category:dropped
                Size (bytes):328
                Entropy (8bit):3.2539954282295116
                Encrypted:false
                SSDEEP:
                MD5:A221EF0E5D709902E42E085C09F4909E
                SHA1:8F2B5B45013BD5944E0EDE47B1B0A8DFCA101156
                SHA-256:32AA41367800C341FA025B048FA22E8D2E47B567EC50A3AC896AA2F337285E54
                SHA-512:7E46C9D2586B141FDF21675CB44CA6B7B16A2A88A4E8EF4A70E3A474225AC3B4E00096603F62B61830E1027CD3862A59C9DBBB81EAD86ADD9D7A560C83E2E8CF
                Malicious:false
                Reputation:unknown
                Preview:p...... .............f..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):295
                Entropy (8bit):5.396324753147803
                Encrypted:false
                SSDEEP:
                MD5:5579779DF53B8C3372DA58B4DE72EBF8
                SHA1:0496EDC1682E27676302107E75115D935E8D9613
                SHA-256:1CB8642B6481DCB2F91C15B45DDAB34113657241F05163595D9297781F5ED984
                SHA-512:424BD6AB4A2E0E8EDD1F5BBC2EB142D006B047601FB3F096E3E959E7D8E367567C36859958DAC972CA75297B97A8E235D8711FBEEFCF1D5CD7D55340A816AB6E
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):294
                Entropy (8bit):5.345543300922222
                Encrypted:false
                SSDEEP:
                MD5:2B4CFFF347BEBD5BA88D155D47487A8F
                SHA1:0B390E97919179F3FDAEA67654A6199903F09EDB
                SHA-256:58C593EF83E1E4CCC6A20695E4B47A05E7DA25A8B472BE70709F05A7513E4161
                SHA-512:60AF6A683EB0A63AFC6AC6608E2229D301719D9671FDDC3EC61A197D6C57CB14DE2D1C4E4150E3149409F0E43119F5EC2C7A2D1AA4DE1EE0C534F2D9E8A6839E
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):294
                Entropy (8bit):5.324091617448228
                Encrypted:false
                SSDEEP:
                MD5:9740CA615EC03C3E58A35C4D4DBBEC02
                SHA1:3523D66569D49CE37256F990EF0F7E9007F69578
                SHA-256:8A5F9C702B80EAC3FD7FAF07A34182CD1AA9FFB964473C18CF545A5F2DBACDC0
                SHA-512:D5AE50A5AC6EB58652D581B04EE787541931A9FE8D379EA32E5CF102C1F23770E3DD20838AE9715DE42B05CF642EC0E2ECBF5290B44351C7278ABB060EF96FD6
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):285
                Entropy (8bit):5.385861481075837
                Encrypted:false
                SSDEEP:
                MD5:789009B57536C8EEAF22FB091235B3E5
                SHA1:10D2B4C37CC588379168AD090E819B1876EBA89A
                SHA-256:4155F5B9F09FAE487E64738FF280BF3C2F2623616E76B49200AF61D9D60EB1DC
                SHA-512:A7CE92BA4A3003D4432D1A83E41012EA2217CF2964F21E36763225FE16E2831E4B081C2D1A237B50359DD18E9032437FD6DA5BF9AB7C20AFADA92D69DC193D49
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1123
                Entropy (8bit):5.691469091002376
                Encrypted:false
                SSDEEP:
                MD5:791D8C5A3D7A6CD84E23810CEFC80F3B
                SHA1:2299A67DF42D68099333F1F76B9E160477848FE7
                SHA-256:5F421923B1D838B2D8B771ACF27C7F39A871EF23D99F3B44DE081305336177C1
                SHA-512:5859CE5213D3D0A3297E4C8241CB0455DC7C158449C8C3103DE606049F8B21949E90BBE61699987FEC6459A261773FEB310303A71629DEE7BE36D4384911BAE8
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):289
                Entropy (8bit):5.333714198903113
                Encrypted:false
                SSDEEP:
                MD5:F97F3FE32DC3DF5CA887460F90D463FE
                SHA1:22611BD47766B35F19D9EC3F8635705A4B36CB9A
                SHA-256:5E04E33F891DE83FA1BBD082BEE95B840D91EC4E68CAA101AA13A6935A0E8F24
                SHA-512:B1CFF99FD1C1EFFB0184684FCB557699E8048C68B9D9E026085067DCC31B2E31DCC9C57DA3808195E76AC0DCE017EB920C3F891BC75BE57963A78CCB4F13F053
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):292
                Entropy (8bit):5.335381448057435
                Encrypted:false
                SSDEEP:
                MD5:098663BBB563229149885069B85504C2
                SHA1:59C4317555F9C1094F5FAB5B1DE86E221AFA5CA8
                SHA-256:DE9FE3E75D8E743B6BFBB07FBD0E4E17D0FAD2F7AEADEAF9C98C2C763309222F
                SHA-512:FD38F47F2844040320C6740048DDB7B40C6B95E6689F360CA6E6410B41712F610875FF2D4149BE3727DA789077A6B945A155119B692C804EDB8B1CE7184BDE5E
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):289
                Entropy (8bit):5.343017282960524
                Encrypted:false
                SSDEEP:
                MD5:5119D238AA4E2A6A4DAB70510ED4EA4D
                SHA1:ECD60AF28C82FFDE7663B1CEFF1FB0E31B69FCAA
                SHA-256:F5B8BA29E348B8508348848C107EE0D7BF20DCF845FBA663C22E1CE97126DA6E
                SHA-512:ECB3A70F56B42E9B101695CC290D1A5A646B81163CDDCEB653B74A439E7F11B8A9B98730E2D3D40F2207E09381B2DD7853364C1025A997C2F49CE859D3A49ACB
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):295
                Entropy (8bit):5.359141325350161
                Encrypted:false
                SSDEEP:
                MD5:AA4E192D85D411D24FDEEE68D3602738
                SHA1:31FB9D65E130FE9D327A4B8EB0EDCC790FFF446C
                SHA-256:E55210C195CD3671558F932F4D807F77045D056C78EF1C3E5E88BFDE2CE9DCC2
                SHA-512:2BF9F36C26507FA52CCA23DEB01F6980ED48608E3FC951045931342205B2B2404135522701437FBDD68E5C32F45F209C9D752D2974ADA7B0432E2A88A5F3D9A3
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):289
                Entropy (8bit):5.340004879776983
                Encrypted:false
                SSDEEP:
                MD5:9A82858AE5FD2F383F2C53B748ABA91E
                SHA1:D023FA41BC9B0CDB90ACBA90F59CDE6B70682D5B
                SHA-256:B87BB47814B1B88D62DF25187316EC1E6D497F6E82CA73412FC30F57F09506A3
                SHA-512:320E2A08183F5ACABE354FE40D10CE457FC99B23E8D2C29DC27D72E1E49EBA9229A2F5A53C189EBBDCE55E33CAE7FECA55313D89CEBD15D380019BBAD4425D17
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):284
                Entropy (8bit):5.327058554791177
                Encrypted:false
                SSDEEP:
                MD5:B8EB42772642776A806CAE98087CFCBB
                SHA1:029E550CE49B710C756106E49006E5D01F96D74F
                SHA-256:AD37F9C6DC9AF9EC21C1335FF266253C415C0E64D53CC24C042F722ABB7A5CA8
                SHA-512:571DF3DFEECDE2FCF7B3623035ABDE2F1DACE0F0842C27BB2C94F3F18BAF26BEF547DB9BA445E0893B7170AB414A50FAED52E3DF21FF2D81FF98A03AF9467EF6
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):291
                Entropy (8bit):5.323277029823513
                Encrypted:false
                SSDEEP:
                MD5:DC23213175CC04D1C187E6A78FA46764
                SHA1:FFB139D5258D414E5A0C285D828ECE6614BD0C7F
                SHA-256:56C48ADDC0267366DFFE24208E534A3361956E3AC71B1E64330A46FC9FC1BA53
                SHA-512:650837BD48CDF4E6A73EEC7749CCD7B245A0F1F6F5F06F854DD4B866AFCD312E2EA83CD602816DA8587598881AD112B12F917DAA3F361DA78B6A07AECFE0321C
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):287
                Entropy (8bit):5.326562327324073
                Encrypted:false
                SSDEEP:
                MD5:1A9EEE11E8B2F45DBE050D4FECA4FCC2
                SHA1:3037BE73D43C5404538679B3A9C49B91F1E6ECED
                SHA-256:2259E149DD493801A95DC43593442FC73C052F0058671661B5B86300AC5756A5
                SHA-512:4B90D8D357E3584B7B4D533A6689C160BB235BEC1E11B093E76EFB64D89F0433877B843624F1F23074794853EABBB9B9AC319E811BDA5C6C2A3C5ECC80A5D59B
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):5.665547464908258
                Encrypted:false
                SSDEEP:
                MD5:A655C2473010B7BB0C1A2A4F6F7079FF
                SHA1:DF85E0993885DC76E999F7B9BCD50658B879DDC0
                SHA-256:205FF71CCA663DE825686748BCD273CBB2832B8459A0B83FF5C763F8A2A0AE5A
                SHA-512:2F42B69138B670A174BCF68AF1CF9ECB8946D01B53163B163F633E2FC1D54D4D784A779B27817593DBCEFA2FDF3C84BB89B346EB172945210DE65A76CDDBD861
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):286
                Entropy (8bit):5.302989834328892
                Encrypted:false
                SSDEEP:
                MD5:2FB5ADB71E60BF7A2C233E04673F84C1
                SHA1:0BD775D9F0D72B0682D1A1202514FA64D7BCF208
                SHA-256:CB5CE6A9D2B2F65FE095CA4D8AD77B1CDF71BC319A5ACB9192F0FCBD95F3BE47
                SHA-512:18C4626176308D21187A99FE8667F03EECB6A8B36FF176667459731D0D3A9899F5DC2633A5FE53525CA0F95F5717BBCB771F3648BAA816CE1A1A6E93799AD465
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):282
                Entropy (8bit):5.309517382366448
                Encrypted:false
                SSDEEP:
                MD5:50FEB57EBF9C11E83292A2C7B414E7FA
                SHA1:3C513721ED720C9B54BAE77D50B56244A4EE2613
                SHA-256:F176333AE0EEB3365CC2D3D50E99EC3D75A3186259378252E0C29DB3D6A6604F
                SHA-512:7C0C4A7E4B81FD5CC464ECF5E13E2CE08416C4D9E61B2D495062F0A8B2254839538747EAE079DDA30F70E146055225467EF5606C2D3EEA21E711BA911B0BE144
                Malicious:false
                Reputation:unknown
                Preview:{"analyticsData":{"responseGUID":"8e926815-5b3e-40c5-b23c-4162f72d68d1","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737039145693,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:data
                Category:dropped
                Size (bytes):4
                Entropy (8bit):0.8112781244591328
                Encrypted:false
                SSDEEP:
                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                Malicious:false
                Reputation:unknown
                Preview:....

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2814
                Entropy (8bit):5.137740698306219
                Encrypted:false
                SSDEEP:
                MD5:BA01D1157A70F4FAB2CDC2AB5889FB47
                SHA1:7C91BFC54424719BAB5088E88C608D063D014BDB
                SHA-256:4C3862B2993F74C4B81A7E9FE104D5797CB4AEFDA443C31888D649AE619CD1A1
                SHA-512:2020BF754CFFB40FAE74576A5ACB5A2E7E61829D5535A5AF0466CF774A5EF65BB9BAF9C86A9166FCB79BA8B9B889F65ABBC7848B26AFC37DC2091031CCE43F17
                Malicious:false
                Reputation:unknown
                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"bb720dca3c6829a57205647ad0c8901a","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1736862940000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"57f562c0d1debe30de018c08def2b69c","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1736862940000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"9353aabbcb77fba7e46ee1fe73b7e2b8","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1736862940000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4cd0a8d125284e4993c8a7687a964a8b","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1736862939000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"0288a2c1acc2849c97774d6f176a44b8","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1736862939000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"74d3edfde7f5ba5c0ecc62b08e89b4b1","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                Category:dropped
                Size (bytes):12288
                Entropy (8bit):0.9887639003913481
                Encrypted:false
                SSDEEP:
                MD5:B6B199C11C553B95A389D1C1EE762CDD
                SHA1:1035A73F96C157840F2C628357C70D6FBB2B08AA
                SHA-256:9F8099944121A0CE4AA13379AE0368D53AA9E1F0EDE896F0D451DFCD293D18DF
                SHA-512:D343EFFC4CAF8F36883A1394EB3650B32CF2C20B56D47A860BA37E210F5C3831C1B256E893D0648F9A45C97D6460761308CFBE151C29339EC0C591060EB9DA40
                Malicious:false
                Reputation:unknown
                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite Rollback Journal
                Category:dropped
                Size (bytes):8720
                Entropy (8bit):1.3455869131661657
                Encrypted:false
                SSDEEP:
                MD5:5032ABF9A615191131BF6CC1AD66F0EA
                SHA1:7345ECBBDD7307868802716EB9F2317E64B3B30E
                SHA-256:96F57F4E4B84869933CFA1A54B410B7C615C054AB04D74D07EA669C0FFF32789
                SHA-512:24363936E0FFD587F0EBDD20B75C94EA0862F82589D1D7F19CE9FB82F358A4519FC3EAB0D35BB66E9D1F7EAE0CE2D17ED4970D2B1D8263F031B3975E1AF425F8
                Malicious:false
                Reputation:unknown
                Preview:.... .c.......K......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:data
                Category:dropped
                Size (bytes):66726
                Entropy (8bit):5.392739213842091
                Encrypted:false
                SSDEEP:
                MD5:8F8655ABDF8B62F84880FA0C0B001813
                SHA1:94AC935C8B5941BFB980EDB852C5982B6A85C803
                SHA-256:6E235AABA2BF522CAAADD2DE25CA58A22B33A2FA39166F1760683CA62036CBF3
                SHA-512:3DCCAD499385D835CA5AEC719228DF85C713EF970A7E2AD9C7417505E31F30D175DD4D0769E829637CD98848FDBACF1C09307C998682F6A88F39FC99B29E6377
                Malicious:false
                Reputation:unknown
                Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-14 08-55-37-155.log

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:ASCII text, with very long lines (393)
                Category:dropped
                Size (bytes):16525
                Entropy (8bit):5.353642815103214
                Encrypted:false
                SSDEEP:
                MD5:91F06491552FC977E9E8AF47786EE7C1
                SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                Malicious:false
                Reputation:unknown
                Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                Download File
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):29752
                Entropy (8bit):5.424838894977136
                Encrypted:false
                SSDEEP:
                MD5:5EA8FD5F7E2408EB25BE2B27A867746A
                SHA1:226F0BC59C3DEF97E1D7CC1FCD7BACD91F6F28E7
                SHA-256:CC2A94226760D06276782C14854DC0D9C0E8423C4B64EF22EC802885B8EAFA16
                SHA-512:29BEA2F394C2EC4F54A26AD1D4A3367CF941331D9756407BBC1698ADA9C07EFA482659FC394B7C4D6AA823DD71BF975F5C09C63FB166AE584EDF46A963805A15
                Malicious:false
                Reputation:unknown
                Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 12:56:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2673
                Entropy (8bit):3.9757197323600026
                Encrypted:false
                SSDEEP:
                MD5:34610E640AB4C282DD7E32EF2EE68F4A
                SHA1:6A66B8678EBE0C7DAD6590B32CCF10A1240E886D
                SHA-256:FA957A8E77805CB35CCABAD547953F41CD8C0065A16841652183EAC03A241AA0
                SHA-512:13FF6BC76F1CC6C42D3195E695B41F3A19003B5B684971EECCF429D9588CAD4F2E63A24FF1CCBDC13C541DADA3DD25C856ACE9B362B7231D68FCF6FA04EB0A14
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.........f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............G.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 12:56:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2675
                Entropy (8bit):3.9900147185924175
                Encrypted:false
                SSDEEP:
                MD5:7D4216F488EA3F75F3D016276D249DD7
                SHA1:EEDB8C4C8BA4846017481989BF5CDBFE6D0AE05D
                SHA-256:3F227888AE4FB1EC340B4B3238E40F5463C67EB55920F0049F073A65983EA9B7
                SHA-512:30160A531124125E3A8CC12A1D158E7164AE5D16EDCB0C592EADE7C85A9BB592EFE82BF0A6FC24C13DA9BB4FAEC1C7F4B8DE36808DDD63441241112D78D0D38C
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......u..f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............G.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2689
                Entropy (8bit):4.002644408341834
                Encrypted:false
                SSDEEP:
                MD5:C340944260CF6C93A00CD5E2E57D79B8
                SHA1:9A82AF6C1F2E998E38FA367C354F03A4D9641A77
                SHA-256:1AFBCBC7F1C33AD17DB8B7419F19B07CAC83CCAD53556D93664499B54787F10E
                SHA-512:59AF85E76FC5C33326768793B8B8BEFB8CBA167C0D10835177E3D8FB71F0E3A725C8DBDD29CBDD76EB20033DB28D1AE93A8A4F4128A737F28F3AF72ED1F5AACE
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............G.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 12:56:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9883446882331772
                Encrypted:false
                SSDEEP:
                MD5:33FE6DCE1DD1914805ED9A1CB1D1C932
                SHA1:C5C202385960D32A85A28DD4CB02AB361E0B5500
                SHA-256:BE7B2AE03AE8F2242B9DF3387A9AFF03CFA94649C8BEBBB4E26CA14D3783700C
                SHA-512:3F60F09757FDB7B281AD155596E2884D8F2C2D14E54533F85AC8AB62F19F0F4BB401CBE9B49991EFB64AD633856B93E41527AD589B9DF904F43CCFDC53DEED50
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......l..f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............G.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 12:56:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9795041085214944
                Encrypted:false
                SSDEEP:
                MD5:7061834BCC8005D9D96D3A55DA667748
                SHA1:73921BAFFED21D5724F6F510284DDA92D2582DEB
                SHA-256:8625641EC7532E69B4904C81EA1BEF8412C421BEF96EEDA0D4F59080C90AD4E6
                SHA-512:5BC3B40CAD04602CBDD13A9A1457ACA76729D8F2795614E3C544CEB8EA5EA555F5468811B76C220F485F98DCC91449BAD560DCF49D74CF0667169B2CEF173324
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,......|..f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............G.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 12:56:16 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):3.9873639367916223
                Encrypted:false
                SSDEEP:
                MD5:9930A161C3150E15C7DA650CE1789F1A
                SHA1:1F40080E99FDED63B89B20070D03F27721103F49
                SHA-256:A936705335776513C9B09FB1E0BC4522F0BC679CBB5619F47941DC9921FAF9E9
                SHA-512:D939BDA0B11BE7E4AA31E66BD9615E734978A2EB781B7F5C0C229253BED40A0CCEC59AE93E706463856EF68DEFEE161F98AC9392B191402F72296EFFC3ECDA3D
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....(b..f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Z.n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z.o....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z.o....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z.o..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z.o...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............G.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                Chrome Cache Entry: 175

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (354), with no line terminators
                Category:dropped
                Size (bytes):354
                Entropy (8bit):3.9864629356522627
                Encrypted:false
                SSDEEP:
                MD5:64F27EFA990C3A7A5A7227AAB3F9B309
                SHA1:27A2456A37F927EB6E14934E40DEE34A68CB8CCC
                SHA-256:4A657C0DE424FF73849C14C13D528EEF6ECB3A7C7E4FC6081273E8034C225FCA
                SHA-512:04CECB92CD8BECB0A7CEAA2DFD88F3D63E71FB715BA4B811D327E99AA9F25EBA8056622CE133AE8637130619B181B084A7EC03CBB9606AC3EFBF21B0338C4983
                Malicious:false
                Reputation:unknown
                Preview:4299c837bdb5ed5822984467ce7b0d3617231e71fccafeb97411eb36b8c6f00ad893c4e55bd9b8db530c54360a2206694ccf2931d4a3f16a3f3b6755b7ddc6c7a2d4cf8f4c05b674a87a4d9fb8ce6ebb1c1b4d915a6af45e1e1a23dc2922bcdf93b5128ab23e800948b0b70e8650c189119e60cf9cff8368119e89120ddc1ded5a0512330097a42d66e8ee9deb948a37a0921ba55b04ff9edf2190a573014d503629c8d66a4b9b2150257cb6ba6cb437ce

                Chrome Cache Entry: 176

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (65462)
                Category:dropped
                Size (bytes):407212
                Entropy (8bit):5.309927954712754
                Encrypted:false
                SSDEEP:
                MD5:F206300056CFC9EB4D68EA680EB40E2E
                SHA1:865E1CF766AB18CAFBBD6261AC40A98794AEDD22
                SHA-256:DBD56CB4F17CEDEA5D4F6925BB16E6276885AEC2DAB2876F510F58AADE1DA50F
                SHA-512:D2C806662770723455077B773F5CE546F2D6E9982D0EA1DA05C948A3A55167935E1019EA865DA902C0798299F9C04DFD62D34E2C6124CCF38F363E0A0DC4963C
                Malicious:false
                Reputation:unknown
                Preview:/*! For license information please see 2.edcda44d.chunk.js.LICENSE.txt */.(this["webpackJsonpexternal-embed"]=this["webpackJsonpexternal-embed"]||[]).push([[2],[function(e,t,n){"use strict";e.exports=n(50)},function(e,t,n){e.exports=n(55)()},function(e,t,n){"use strict";e.exports=function(e){for(var t=arguments.length,n=Array(t>1?t-1:0),r=1;r<t;r++)n[r-1]=arguments[r];var o=e,i=!0,a=!1,l=void 0;try{for(var u,c=n[Symbol.iterator]();!(i=(u=c.next()).done);i=!0){var s=u.value;if("undefined"===typeof o||null===o)return;o="function"===typeof s?s(o):o[s]}}catch(f){a=!0,l=f}finally{try{!i&&c.return&&c.return()}finally{if(a)throw l}}return o}},function(e,t,n){"use strict";e.exports=n(82)},function(e,t,n){"use strict";function r(e,t){return t||(t=e.slice(0)),Object.freeze(Object.defineProperties(e,{raw:{value:Object.freeze(t)}}))}n.d(t,"a",(function(){return r}))},function(e,t,n){"use strict";(function(e){var r=n(13),o=n.n(r),i=n(20),a=n.n(i),l=n(0),u=n.n(l),c=n(21),s=n(14),f=n(15),p=(n(1),n(45

                Chrome Cache Entry: 177

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:Web Open Font Format (Version 2), TrueType, length 48444, version 1.0
                Category:downloaded
                Size (bytes):48444
                Entropy (8bit):7.995593685409469
                Encrypted:true
                SSDEEP:
                MD5:8E433C0592F77BEB6DC527D7B90BE120
                SHA1:D7402416753AE1BB4CBD4B10D33A0C10517838BD
                SHA-256:F052EE44C3728DFD23ABA8A4567150BC314D23903026FBB6AD089422C2DF56AF
                SHA-512:5E90F48B923BB95AEB49691D03DADE8825C119B2FA28977EA170C41548900F4E0165E2869F97C7A9380D7FF8FF331A1DA855500E5F7B0DFD2B9ABD77A386BBF3
                Malicious:false
                Reputation:unknown
                URL:https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7.woff2
                Preview:wOF2.......<.......l..............................`...\..p?HVAR.m?MVAR^.`?STAT.N'&..>/l........>....0....6.$.... ........[..A.2v.6......$..e...w"../.L.p:......Tpc..8@.[5......d#d.xw..o.O3-.....%..>...%..)~p.K.J.H..S...s..z..Wa.. 0\..J.....BL;V..-.L...j....^.9..HO l..,.*.6.v....?....x.....m..;....a![zif...Ur...Q..P.&.I1..:n.p...j~..h...9.!....@.<.bl|.Y?h..B.j/..rH.S%/~.^D...6..D.4G...y....Y.....=/o..W..5ryo.d?.gA]..?...1V..S......7ZJ...f....mBG[0eW....y..%B}..]? ...,sR<.y~.~.}.%.!..,X.....`...R..^....S.....u*.?k.v.k..U.u..M..`!...b!..X)P...y{.........n..T+6...R......L...x}...g...].g"WT.b..h ....X...=;{w...QO.s..w..@.(,..........{.........1..@...(...\.......9*..2.h9P.G........K.Dp...F..4W..ui.u...G...s..x7.?..tg..D..O.sA..t.t.4..~..e\...X.....T..kf.qfX..=^_....g"....De...x[J..A..).G.YUhR.....0.l..#&3.'.K..*...........$I.Pp.../.s.<@...r=..S......d..P.S.B.w.~X..ZK....h J.`A.bv,=.....>1.Ev.^..U.A. ....EU..].........dw..!$.A`..B.._.....Z~..!..J..l]r.m}m..

                Chrome Cache Entry: 178

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (65402)
                Category:downloaded
                Size (bytes):171061
                Entropy (8bit):5.672786857449968
                Encrypted:false
                SSDEEP:
                MD5:0E50E351EFCDD08DFF660F3068ADA73C
                SHA1:7D05DC96DC7F311463CB5EBF54813F544FB85E82
                SHA-256:EE7BA323C0B0140F2D249A136E9B30A0515DCFAD0233DEEA471EB96C771245F7
                SHA-512:5C52C56A60A722548AFC74F3569809964ED078DFF6F86067D2DE52452DC225C51E70E009A5D9338475332725BEFA58F2B157EB78C86916BB016E42C94279C1DB
                Malicious:false
                Reputation:unknown
                URL:https://client.px-cloud.net/PXeBumDLwe/main.min.js
                Preview:// @license Copyright (C) 2014-2025 PerimeterX, Inc (www.perimeterx.com). Content of this file can not be copied and/or distributed..try{window._pxAppId="PXeBumDLwe",function(){"use strict";function t(e){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t(e)}function e(t,e){(null==e||e>t.length)&&(e=t.length);for(var n=0,r=new Array(e);n<e;n++)r[n]=t[n];return r}function n(t,n){if(t){if("string"==typeof t)return e(t,n);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?e(t,n):void 0}}function r(t){return function(t){if(Array.isArray(t))return e(t)}(t)||function(t){if("undefined"!=typeof Symbol&&null!=t[Symbol.iterator]||null!=t["@@iterator"])return Array.from(t)}(t)||

                Chrome Cache Entry: 179

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (8841), with no line terminators
                Category:downloaded
                Size (bytes):8841
                Entropy (8bit):5.741751246807153
                Encrypted:false
                SSDEEP:
                MD5:07C6BCF234D51E1195293355AC986158
                SHA1:21E24AC55C9C6B385537F6329D8A33DC52BB780F
                SHA-256:308DA6C1CEF9F46EFE9B4DBADE7058C2CB044DB6C639BD56EB3D8E452B09F092
                SHA-512:E85A0C44128472AF3F8C5517903D15A441973C36FD76BB812877C88F494D61EA90922FAD80EFD6CE4D686A1DEEAB0E72103DB07844F6CB44D21FC1F1281B2941
                Malicious:false
                Reputation:unknown
                URL:https://embeds.beehiiv.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
                Preview:window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,j,k,o,s,B){W=b,function(d,e,V,f,g){for(V=b,f=d();!![];)try{if(g=-parseInt(V(253))/1*(-parseInt(V(304))/2)+-parseInt(V(312))/3+parseInt(V(245))/4*(-parseInt(V(225))/5)+-parseInt(V(256))/6*(parseInt(V(290))/7)+-parseInt(V(218))/8*(parseInt(V(277))/9)+parseInt(V(216))/10*(-parseInt(V(221))/11)+-parseInt(V(317))/12*(-parseInt(V(305))/13),g===e)break;else f.push(f.shift())}catch(E){f.push(f.shift())}}(a,762339),h=this||self,i=h[W(320)],j={},j[W(241)]='o',j[W(280)]='s',j[W(226)]='u',j[W(243)]='z',j[W(195)]='n',j[W(235)]='I',j[W(272)]='b',k=j,h[W(239)]=function(g,E,F,G,a1,I,J,K,L,M,N){if(a1=W,E===null||void 0===E)return G;for(I=n(E),g[a1(212)][a1(196)]&&(I=I[a1(246)](g[a1(212)][a1(196)](E))),I=g[a1(204)][a1(264)]&&g[a1(265)]?g[a1(204)][a1(264)](new g[(a1(265))](I)):function(O,a2,P){for(a2=a1,O[a2(276)](),P=0;P<O[a2(287)];O[P+1]===O[P]?O[a2(259)](P+1,1):P+=1);return O}(I),J='nAsAaAb'.split('A'),J=J[a1(230)][a1(299)](J),K=0;K<I[a1(287)];L=I[K],M=m(

                Chrome Cache Entry: 180

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (9204)
                Category:downloaded
                Size (bytes):9209
                Entropy (8bit):5.773872005055147
                Encrypted:false
                SSDEEP:
                MD5:DB1689D5455680982BD240B872286F97
                SHA1:F14803E867783A497F32D61DAC8A332E643E7AB1
                SHA-256:8018B07BF07E3D3B04204B95C707BD9E08859C175A770611B1FACAA49753DC9A
                SHA-512:0D40190446C2B2A5A1CECB0DEDC543FC4C83A807C6D1298580C0223AA0EF87E6E0BDAAB7ED61DA997EE2FB030BE3B564D48A260459D879B5107EF8075002B79F
                Malicious:false
                Reputation:unknown
                URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                Preview:)]}'.["",["san francisco 49ers","earthquake japan tsunami warning","netflix stranger things","monthly dividend stocks","samsung galaxy s25 ultra pre order","roki sasaki mlb","texas weather freeze","nyt connections hints january 14"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"CggvbS8wNnJueRINRm9vdGJhbGwgdGVhbTLWDWRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFBbUNBTUFBQUJER20yckFBQUE4MUJNVkVYLy8vK3FBQUFBQUFDdEFBQnpBQUN3QUFCZUFBQzBuMkY2QUFDakFBRGQzZDJ6QUFCeWVIajM5L2U2b0dIOC9Qemg1dWE3cFdTb3FLaVNBQUNNQUFEUzB0S3VWalJtYkd6cTZ1cUFnSURLeXNwZ1dEVzFjRVJ5VkZRWEZ4ZDRaajZFQUFDckZ3NmlpMVN0Unl0VUFBQ3ZaajVFUkVTQ2IwT05qWTJzTnlLYkFBQzB0TFNlbnA1ZlgxODFOamNQRVJVb0poTkJQQ05XVGkrNGtsbTRnayt6WVR1eGxWb1lGd3dqSXlNa0lCT3RLUm1ubFZzMExoeUNlSGhxQUFCNGJHeFdGUlZoT3pzaE5qWkZUazVUSlNWUVcxdGdKQ1JkVUZBdkFBQVdBQUJCQUFCUUxDd25BQUNRZTB0S09qb0FHaG8xS3c5YmdkdWpBQ

                Chrome Cache Entry: 181

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):919
                Entropy (8bit):5.120599745001048
                Encrypted:false
                SSDEEP:
                MD5:54EF5621378F13A0D583B51543FBC838
                SHA1:630B228C1A834E066E61A80EFA56784EBE911B3B
                SHA-256:60C4C1F8D8BCC64D7A20C7B896F9B67111B82F15FA1FB418B1D84F393899486F
                SHA-512:CD2AB5A86CBB529892A8D2FE0F83B4FF352255874D61E35C751DF635DA811F9533D2F42B795D4C5F71D19A629012F7D51AD4CCF6B88898AC4304B8573BB22036
                Malicious:false
                Reputation:unknown
                Preview:{"id":"0905150a-03eb-4be3-9cfe-57b6f334ec52","publication_id":"677d7cc7-a771-4850-ac88-f71809624f09","name":"Andrea's Newsletter","header":"DocuSign Document","description":"Sign-in authentication with recipient email is required to review and electronically sign the pending document. There is no requirement for a paper copy to be produced if completed with DocuSign.","button_text":"Proceed","config":{"body_font":"Inter","text_color":"#000000","button_font":"Inter","header_font":"Inter","button_color":"#0047ff","background_color":"#F9FAFB","button_text_color":"#F9FAFB"},"created_at":"2025-01-13T07:56:53.237Z","updated_at":"2025-01-14T09:38:42.369Z","success_message_text":"","success_redirect_url":"https://efil20250113doc32478234128471289489fil2383828pdf.pages.dev/","deleted_at":null,"input_placeholder":"Enter your email","remove_email_from_redirect_url":false,"captcha_enabled":false,"beehiiv_branded":true}

                Chrome Cache Entry: 182

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (2562)
                Category:dropped
                Size (bytes):215965
                Entropy (8bit):5.5535519300716025
                Encrypted:false
                SSDEEP:
                MD5:0FED8F181B55FDF7964A20808C460C74
                SHA1:2607A4B28C5810612C6B3CF597889136F35C0CC6
                SHA-256:6780ADB7EABCBA95FCFC1C19DC53C3410690B221BA818713AEC2012DDD5F914A
                SHA-512:E6E22B7DEBA737A730F37C552D7E6112113A9D1762527877395874E22CA86617A51A7D28AECDAD0333926678A3976574DA6ECC72E9C8795DA90A9FEDFBE93282
                Malicious:false
                Reputation:unknown
                Preview:.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]||{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"7",. . "macros":[{"function":"__e"},{"function":"__f","vtp_component":"URL"},{"function":"__jsm","vtp_javascript":["template","(function(){var a=",["escape",["macro",1],8,16],";return a.replace(\/\\\/$\/,\"\")})();"]},{"function":"__jsm","vtp_javascript":["template","(function(){return(start=Math.floor(Date.now()\/1E3))||\"\"})();"]},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__e"}],. "tags":[{"function":"__html","metadata":["map"],"once_per_event":true,"vtp_html":["t

                Chrome Cache Entry: 183

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (354), with no line terminators
                Category:downloaded
                Size (bytes):354
                Entropy (8bit):3.971195474352154
                Encrypted:false
                SSDEEP:
                MD5:D8DDFB755ED792B010B6E3E0C40E7A27
                SHA1:94041E4C9D43B5EE38A1C80F849F45075753C41E
                SHA-256:2A47C106A33BD23FB2722412604076A210EBBFF90EBB0D50F1E4D8F79652D21D
                SHA-512:D3AB0F342535A63E49667CE55B4B44738B4C0F7039901536841D43D82AC67ACACCEF5306DE6C99FC74391B190309903F084FC1E04060019F27DF37009F68C4FF
                Malicious:false
                Reputation:unknown
                URL:https://stk.px-cloud.net/ns?c=531ace80-d27f-11ef-8068-313cebac1e32
                Preview:fe8792cfcce29a2f2821d20cdf6dae252a284bd336ff74a8e967a4c12e946cb9542492e58debd47f9d08c2b1e82dae7c84bb3a6642fef6f18443ae6c981a10fdf7972a22b153fed55150ef3ef9d3b8eba851bd57d1722641e027808e0a8ba192214e03036d1e5526d6aad11f85b7ccffffbcc7a0c42fe44a267b079503f12fd97eb1c2bb92d92cecddfa33be1173d9b91666bf43020f95b9e6dc270161753d9f72600adf2763032785d7851673ba060dcb

                Chrome Cache Entry: 184

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (2562)
                Category:downloaded
                Size (bytes):215965
                Entropy (8bit):5.553556181205247
                Encrypted:false
                SSDEEP:
                MD5:1009BC5FB6B42482DE16CAE81BB94176
                SHA1:8DB480ED618090E9708357BDF5FC7A96221F5B0A
                SHA-256:EFBA1E51BEE283B860813F7DD2894FBEB4E258B86340E242BB0E07F237913A19
                SHA-512:07CD6F9AD8DE732CB902BE96AC3F0C71AEFCCA6FD3B244EB40437233B96ABE610959FB3B953AB0795806C3C59EE230698770AB1A099EF57AFBBE44E75E080557
                Malicious:false
                Reputation:unknown
                URL:https://www.googletagmanager.com/gtm.js?id=GTM-WJXL7FH
                Preview:.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]||{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"7",. . "macros":[{"function":"__e"},{"function":"__f","vtp_component":"URL"},{"function":"__jsm","vtp_javascript":["template","(function(){var a=",["escape",["macro",1],8,16],";return a.replace(\/\\\/$\/,\"\")})();"]},{"function":"__jsm","vtp_javascript":["template","(function(){return(start=Math.floor(Date.now()\/1E3))||\"\"})();"]},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__e"}],. "tags":[{"function":"__html","metadata":["map"],"once_per_event":true,"vtp_html":["t

                Chrome Cache Entry: 186

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with very long lines (3686), with no line terminators
                Category:downloaded
                Size (bytes):3686
                Entropy (8bit):5.379465328987067
                Encrypted:false
                SSDEEP:
                MD5:CBFC4F2C75C6F40538C7619C27036740
                SHA1:2727EB47F958F48FE37C4C4D2419ED725595B886
                SHA-256:5E46CCF3619454C44BC037C2D9B4FCC8383F010356464B2B660D91FF163A0FBC
                SHA-512:109A7B7595FB926194775DEE7DA06D62A16160E115DFB0C03E4A5A65BFE06D931BF250B6D9D56956F10584CA07D71210AFAE6ADFAA6E9B467B8567DFD558ED5C
                Malicious:false
                Reputation:unknown
                URL:https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52
                Preview:<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><link rel="icon" href="/img/favicon.png"><link href="https://fonts.googleapis.com/css2?family=Open+Sans&amp;display=swap" rel="stylesheet"><meta name="robots" content="noindex"><script src="/variables.js" type="application/javascript"></script><script>"true"===window.env.REACT_APP_GTM_ENABLED&&function(e,t,a,n,r){e[n]=e[n]||[],e[n].push({"gtm.start":(new Date).getTime(),event:"gtm.js"});var g=t.getElementsByTagName(a)[0],m=t.createElement(a);m.async=!0,m.src="https://www.googletagmanager.com/gtm.js?id=GTM-WJXL7FH",g.parentNode.insertBefore(m,g)}(window,document,"script","dataLayer")</script></head><body style="margin:0"><noscript>You need to enable JavaScript to run this app.</noscript><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WJXL7FH" height="0" width="0" style="display:none;visibility:hidden"></ifra

                Chrome Cache Entry: 188

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (1572)
                Category:downloaded
                Size (bytes):6193
                Entropy (8bit):5.401714743814202
                Encrypted:false
                SSDEEP:
                MD5:F2D1D2937C3546E15C471236646AC74E
                SHA1:DD8D90F6D4AC8D72C718C10424788612689D89DB
                SHA-256:719D2FC548145FA8D8361205F6FCB49EEFC54C71FBB18E6320A60A263F40637A
                SHA-512:7B400281407249F805AB4695E0B7D3CDF4F7F5F776F9F7E60872D5208B7324DADDDAD79D76AC9991C74563520FB6BFF3A6343C8C10591C9EB5682733592668A4
                Malicious:false
                Reputation:unknown
                URL:https://fonts.googleapis.com/css2?family=Open+Sans&display=swap
                Preview:/* cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVIGxA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVIGxA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVIGxA.woff2) for

                Chrome Cache Entry: 190

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 16 x 15, 8-bit/color RGBA, non-interlaced
                Category:downloaded
                Size (bytes):1190
                Entropy (8bit):7.4470853307878535
                Encrypted:false
                SSDEEP:
                MD5:4E97D5BF55BFF7ACB4D84150EBDA36F4
                SHA1:13D3974361E0FEE926A1F802864A2963D81890EB
                SHA-256:D0A7847D7E1C08556B23C28A518F817A50D0AD93476D5E8073DAD12476C03E29
                SHA-512:F43CCA3A2CF7E621FF9CFE2F163FF94CA29C08C7B1D833625A8DFFC2F687CF2F9AC9E6925AF05D46C5EC037D2513DDCB90361849A50A7CC15E60F138AD2C3C1E
                Malicious:false
                Reputation:unknown
                URL:https://embeds.beehiiv.com/img/favicon.png
                Preview:.PNG........IHDR..............sO/....sRGB.........pHYs..,K..,K..=.....YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.4.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>.L.'Y....IDAT(.5R=h.[.>...lv.l....1...."h!.,l.....x..C..MR..."D.`........6..<..1.w......{<3Y...w..|.w.{..A.$p..._.w..n8a..X.NT ..#1.........][...CD.......;..G.#.NT!.....v|.....h.C..x:.T...s:...........~......j7...r...A..Fzu.......6..H_..P.Ly.sOlP..:A..wf..Gf1+{.....oO...Ee..j;....a...%!R.V.E..*lD.^..\...{.A"....;.6..@.6..A_...4g]r. ....Q1..N1... '..)h....\.b*.#.`. ...+#.TD...K~_.%.n.Bh..+b.....lQ...\.......W..JW.............f./.n..y.).T.y..).h..#..V...cOp4.4.X.....M4&+..s.*....p......y...AV.....k...X.+...P.....c.R#ff.5..2..4.....Ve#.d.p...y,...v&..

                Chrome Cache Entry: 191

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (8722), with no line terminators
                Category:dropped
                Size (bytes):8722
                Entropy (8bit):5.7445978703943155
                Encrypted:false
                SSDEEP:
                MD5:314E736CA9641B4C58D76A3EF3967C6C
                SHA1:9F419C272CF68BB160AF63ABF7E74533EA9904D7
                SHA-256:24C9C812542243EE3A1AC438642DCF3A3266A9D2DF0A53344FD42D8EB32C864E
                SHA-512:EC1504224992F3E93BEFF8B63923F8CC44A4B0087471501CE884DF66E29F020C6CD504C150882E0239F8923BACE20FF3742C26B820DBE3A88598D200BFFD3FC2
                Malicious:false
                Reputation:unknown
                Preview:window._cf_chl_opt={cFPWv:'b'};~function(W,h,i,j,k,o,s,B){W=b,function(d,e,V,f,g){for(V=b,f=d();!![];)try{if(g=-parseInt(V(408))/1*(-parseInt(V(374))/2)+-parseInt(V(378))/3+-parseInt(V(401))/4+-parseInt(V(488))/5+parseInt(V(430))/6+-parseInt(V(456))/7*(-parseInt(V(407))/8)+parseInt(V(415))/9,e===g)break;else f.push(f.shift())}catch(E){f.push(f.shift())}}(a,292281),h=this||self,i=h[W(461)],j={},j[W(391)]='o',j[W(465)]='s',j[W(381)]='u',j[W(463)]='z',j[W(377)]='n',j[W(445)]='I',j[W(397)]='b',k=j,h[W(403)]=function(g,E,F,G,a1,I,J,K,L,M,N){if(a1=W,E===null||E===void 0)return G;for(I=n(E),g[a1(388)][a1(404)]&&(I=I[a1(464)](g[a1(388)][a1(404)](E))),I=g[a1(444)][a1(481)]&&g[a1(483)]?g[a1(444)][a1(481)](new g[(a1(483))](I)):function(O,a2,P){for(a2=a1,O[a2(466)](),P=0;P<O[a2(389)];O[P+1]===O[P]?O[a2(453)](P+1,1):P+=1);return O}(I),J='nAsAaAb'.split('A'),J=J[a1(382)][a1(468)](J),K=0;K<I[a1(389)];L=I[K],M=m(g,E,L),J(M)?(N=M==='s'&&!g[a1(440)](E[L]),a1(446)===F+L?H(F+L,M):N||H(F+L,E[L])):H(F+L,M),

                Chrome Cache Entry: 194

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (19592)
                Category:downloaded
                Size (bytes):19640
                Entropy (8bit):5.315086402900025
                Encrypted:false
                SSDEEP:
                MD5:EE5EB442007B1AD4908D8CE77B3C2BCE
                SHA1:2EA314AE1A13AA52E98671B7626096CE20FE0146
                SHA-256:79685D88E77FB6073EB2186384A792A094B89FE9BF66DF5B6B86AD6373FC3EEE
                SHA-512:0C63CFEF1C8FE8300689AE6F5394A4370A57120D43FAA8CBC5BBDDB8BADA7B1E1E8B4405D13F16D96B4608A1018FD72128672D7A06D34F4D7F45C202A9C59FE9
                Malicious:false
                Reputation:unknown
                URL:https://embeds.beehiiv.com/static/js/main.7276d47b.chunk.js
                Preview:(this["webpackJsonpexternal-embed"]=this["webpackJsonpexternal-embed"]||[]).push([[0],{105:function(e,t,n){"use strict";n.r(t);var a,o,r,i,c,l,u,s=n(0),d=n.n(s),p=n(39),m=n.n(p),h=n(6),b=n(7),f=n(9),g=n(8),v=n(110),S=n(107),y=n(111),x=n(16),E=n(4),w=n(5),_=w.a.div(a||(a=Object(E.a)(["\n position: relative;\n display: flex;\n align-items: center;\n justify-content: center;\n height: 100vh;\n width: 100vw;\n box-sizing: border-box;\n text-align: center;\n padding: 12px;\n background-color: ",";\n"])),(function(e){return e.backgroundColor?e.backgroundColor:"#f3f4f6"})),O=w.a.div(o||(o=Object(E.a)(["\n max-width: 28rem;\n margin-left: auto;\n margin-right: auto;\n"]))),C=w.a.div(r||(r=Object(E.a)(["\n margin-bottom: 1.5rem;\n"]))),k=w.a.h2(i||(i=Object(E.a)(["\n color: ",";\n font-family: ",";\n font-size: 28px;\n line-height: 1;\n margin-block: 0;\n margin-bottom: 0.4;\n"])),(function(e){return e.textColor?e.textColor:"#000"}),(function(e){return e.fontFamily?e.fontFam

                Chrome Cache Entry: 195

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with no line terminators
                Category:downloaded
                Size (bytes):32
                Entropy (8bit):4.226409765557392
                Encrypted:false
                SSDEEP:
                MD5:5C93A7F764F155630BD9601D168ED517
                SHA1:FE87E4E1C5F23BCAC2136E82A3128B73EA0787B8
                SHA-256:BF025AEAB7A252165820B7073FA6ABFD16A03E359A5F857CCBE2864887D8F703
                SHA-512:4DCA8044D0EAC9A72E30E06E7BC6C5EBCF7402FB0FBBA41DE9FD76B54C9AA44DA757CE9FEC2F285CD5AE9C624DC6685C4449F6CAE12FF9FC6C4C0EF8BEC6EB76
                Malicious:false
                Reputation:unknown
                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAn4zwBqHfU0RBIFDYOoWz0=?alt=proto
                Preview:ChYKFA2DqFs9GgQICRgBGgUImgEYAiAB

                Chrome Cache Entry: 196

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text
                Category:downloaded
                Size (bytes):4634
                Entropy (8bit):5.480036073913163
                Encrypted:false
                SSDEEP:
                MD5:763FAD1B6C7F1F100F3F7817A1A46BEE
                SHA1:497713E40EA271ACBB9799D9D6ADC80DC4A4F7F2
                SHA-256:2732ADDB6AA3B51DD9FB55A3C6D225921ED6963E928493A1F8EF64DDD312FD0E
                SHA-512:46586336F5B664E3E0F3378D22B11879B1A0953B27026D0D8836DCB65703EBFA7811771084A520610E3FFC55206EEEEF43D90DDD0BA4C96566207D8C0C7F078B
                Malicious:false
                Reputation:unknown
                URL:"https://fonts.googleapis.com/css?family=Inter:400,700"
                Preview:/* cyrillic-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2JL7SUc.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa0ZL7SUc.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa2ZL7SUc.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Inter';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/inter/v18/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1pL7

                Chrome Cache Entry: 197

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):31
                Entropy (8bit):3.873235826376328
                Encrypted:false
                SSDEEP:
                MD5:5FC018D9E6C56911BBC8DC5DDCD0C768
                SHA1:70979F57A85D527ED8ABCBF02CFF44640C58BDE6
                SHA-256:2E6D78A4AE644F3B60AFD3C33E66539FF6C5F6A8ED6ABC40A3AF06AC020EC020
                SHA-512:1E3B86274B3590E28366F2D2DE86A1844058E213BD225AAA05D992CA70523F65D2BD543F9F762A805A2C4D5961AA34F5A19EBE70E135939C9CD3C63F6B5F5524
                Malicious:false
                Reputation:unknown
                Preview:{"error":"Method Not Allowed"}.

                Chrome Cache Entry: 198

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 1906 x 442, 8-bit/color RGBA, non-interlaced
                Category:downloaded
                Size (bytes):48182
                Entropy (8bit):7.7889794969958634
                Encrypted:false
                SSDEEP:
                MD5:CF9611CFCC5277456FC649FE501240A4
                SHA1:B310D005F5CEFA45955CBB0F0B32CE9B7183A2B5
                SHA-256:F6BA51769FCFCF25E36128703B05D1E891727C90039EB06D5CCBD615D685C2D2
                SHA-512:A0F84C63AD3FED0101E5F769B9E395002347AA323004762A4551CB49240E999E906A71C317E3029C52EF6665602CF6359912D0475B4D6F2F111B2740D2BCEF95
                Malicious:false
                Reputation:unknown
                URL:https://embeds.beehiiv.com/img/beehiiv-logo.png
                Preview:.PNG........IHDR...r..........*......pHYs..,J..,J.wztM.. .IDATx.......}..s..~.})..-."m...).S...Z..F%..m...].:.Ak...8M...E..V.\I......uj....EQ..K'E.*.Hx..v..D[...../8..{>.3_..93.3sf....y.3s..|....k.........^......R.:..../.._.~..7..\...5....ux..z.....=6.[....e.9...~5..._..............".E.>x..R.R..m.........z.. .U#B\...$.....yDC\o.*.q..&.q.c...#.t..>VJ?n~...x:..........`{.rQ..^:m..c.....w.V..pUB...pUB....0...[r...p....sT2..9|fC.....v..`C.......... ...}...7.R'....~...ln+e5&.-.JY2.C.R......<..h...._..:ul..........J..X..^|....R.R.(..UuC....]s+...Z).B\G.....7..R....)B].........j..X.._..+F....]...y.....JY..qK.R..?<.L..]U.../............\].........:..../.v.2..(}.|..J.`xy.....0g+e...m..J98?.vF.GJ.._..............A.......Q.....C.......J.1.Y[);...rp[.=SZ...w..............!...}..[.J.{J....@v.J.d+e5..p'm..cp..1.5................Z..8.._|.F..W...x.+.//......]Z).*v}c...r`..1.y.....w~............:..(....b...g..@...AT]..<........A+..~.....q..?..t...I.........,.A.....

                Static File Info

                General

                File type:PDF document, version 1.4, 1 pages
                Entropy (8bit):7.866474273599974
                TrID:
                • Adobe Portable Document Format (5005/1) 100.00%
                File name:Mbda Us.pdf
                File size:69'212 bytes
                MD5:37810d9f4d3b8b0a388e88d1f327aac8
                SHA1:ece1036ac1c3a107e840d2de39b8fc0e13000018
                SHA256:9ef0c58a83ace97e4f83020acb6758db4cc31a6d56c62bd0bfabab9844bb0ebc
                SHA512:d7f34ad9b4030d399b3edb7b24764a6d85a7238cbea1fce2a553ef485281d8d37b0b616151d89954739aea0aadae1fee6cfa99e42c5a9b027a90f2a0ced938ea
                SSDEEP:1536:MO7rIKMUmHWocDh0D+lysoxp47LLG8Wln9oDeSUVzvrJBwGG1:RoUmHWocDhKdskaLqmDeSGzvzjG1
                TLSH:C063CF29FED85C4CEC82DA0ED67E384A0F9DF417A5CD748500781E65E205AA2B77738B
                File Content Preview:%PDF-1.4.%.....1 0 obj.<</Creator (Chromium)./Producer (Skia/PDF m127)./CreationDate (D:20250113200004+00'00')./ModDate (D:20250113200004+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.8 0 obj.<</Type /Annot./Subtype /Link./F 4./Border [0 0 0]./Rec

                File Icon

                Icon Hash:62cc8caeb29e8ae0

                Static PDF Info

                General

                Header:%PDF-1.4
                Total Entropy:7.866474
                Total Bytes:69212
                Stream Entropy:7.992247
                Stream Bytes:57824
                Entropy outside Streams:5.131473
                Bytes outside Streams:11388
                Number of EOF found:1
                Bytes after EOF:

                Keywords Statistics

                NameCount
                obj62
                endobj62
                stream9
                endstream9
                xref1
                trailer1
                startxref1
                /Page1
                /Encrypt0
                /ObjStm0
                /URI2
                /JS0
                /JavaScript0
                /AA0
                /OpenAction0
                /AcroForm0
                /JBIG2Decode0
                /RichMedia0
                /Launch0
                /EmbeddedFile0