Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Sales_Contract_Main_417053608_09.2024.pdf

Overview

General Information

Sample name:	Sales_Contract_Main_417053608_09.2024.pdf
Analysis ID:	1523400
MD5:	2d0f41331b328dd46fb292be227c31a6
SHA1:	8fc717994273423987ed1afe7a562e11eba6e181
SHA256:	5a65a93363e76041ca62a4870926413c99b49f72c5e8650c7c671691f066c450

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Found potential malicious PDF (bad image similarity)

AI detected landing page (webpage, office document or email)

Suspicious PDF detected (based on various text indicators)

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6944 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Sales_Contract_Main_417053608_09.2024.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6408 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6580 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1720 --field-trial-handle=1568,i,12958862074765341405,5693643743829625851,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bqcjkdkt.melbourneschoolofmusic.com.au/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7776 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1872,i,10947855970387152965,8119651298521846977,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: https://refreshbills.rtorres.com.mx/vd/

LLM: Score: 9 Reasons: The brand 'Google' is well-known and its legitimate domain is 'google.com'., The provided URL 'refreshbills.rtorres.com.mx' does not match the legitimate domain 'google.com'., The URL contains an unrelated domain 'rtorres.com.mx', which is suspicious., The subdomain 'refreshbills' and the main domain 'rtorres.com.mx' do not have any known association with Google., The use of a different country code top-level domain (ccTLD) '.mx' is unusual for Google services. DOM: 5.3.pages.csv

Suspicious PDF detected (based on various text indicators)

Source: Adobe Acrobat PDF

OCR Text: Your document has been completed VIEW COMPLETED DOCUMENT Hi, All parties have completed Complete with Docusign: Revised Sales Contract Main 417053608 09.2024.pdf. t' docusign Powered by Please, Do Not Share This Email NOTICE: This e-mail message and any attachments are intended solely for the use of the intended recipient, and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient, you are not permitted to read, disclose, reproduce, distribute, use or take any action in reliance upon this message and any attachments, and we request that you promptly notify the sender and immediately delete this message and any attachments as well as any copies thereof. Delivery of this message to an unintended recipient is not intended to waive any right or privilege.

Source: https://refreshbills.rtorres.com.mx/vd/

HTTP Parser: test@gmail.com

Source: https://refreshbills.rtorres.com.mx/vd/

HTTP Parser: Number of links: 0

Source: https://refreshbills.rtorres.com.mx/vd/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://bqcjkdkt.melbourneschoolofmusic.com.au/

HTTP Parser: Base64 decoded: {"version":3,"sources":["/cfsetup_build/src/orchestrator/turnstile/templates/turnstile.scss","%3Cinput%20css%20qtFLbZ%3E"],"names":[],"mappings":"AAmCA,gBACI,GACI,uBClCN,CACF,CDqCA,kBACI,GACI,mBCnCN,CACF,CDsCA,iBACI,MAEI,cCrCN,CDwCE,IACI,mBCtCN,CACF,CDyCA...

Source: https://refreshbills.rtorres.com.mx/vd/

HTTP Parser: Title: Gmail does not match URL

Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: Invalid link: Help
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: Invalid link: Privacy
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: Invalid link: Terms
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: Invalid link: Help
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: Invalid link: Privacy
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: Invalid link: Terms

Source: https://refreshbills.rtorres.com.mx/vd/

HTTP Parser: <input type="password" .../> found

Source: https://bqcjkdkt.melbourneschoolofmusic.com.au/	HTTP Parser: No favicon
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: No favicon
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: No favicon
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: No favicon
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: No favicon

Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: No <meta name="author".. found
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: No <meta name="author".. found

Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: No <meta name="copyright".. found
Source: https://refreshbills.rtorres.com.mx/vd/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49750 version: TLS 1.2

Source: global traffic	TCP traffic: 192.168.2.16:62435 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:62435 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.41.168.139

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: refreshbills.rtorres.com.mx
Source: global traffic	DNS traffic detected: DNS query: blogger.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: innovatrix.msk.su
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49750 version: TLS 1.2

System Summary

Found potential malicious PDF (bad image similarity)

Source: Sales_Contract_Main_417053608_09.2024.pdf

Static PDF information: Image stream: 6

Source: classification engine

Classification label: mal64.phis.winPDF@39/41@23/221

Source: Sales_Contract_Main_417053608_09.2024.pdf

Initial sample: https://bqcjkdkt.melbourneschoolofmusic.com.au/

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 09-17-49-089.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Sales_Contract_Main_417053608_09.2024.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1720 --field-trial-handle=1568,i,12958862074765341405,5693643743829625851,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 4A9F1D10BFC5EAE9B59FE6BC1B56E39F
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1720 --field-trial-handle=1568,i,12958862074765341405,5693643743829625851,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bqcjkdkt.melbourneschoolofmusic.com.au/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1872,i,10947855970387152965,8119651298521846977,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bqcjkdkt.melbourneschoolofmusic.com.au/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1872,i,10947855970387152965,8119651298521846977,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Sales_Contract_Main_417053608_09.2024.pdf	Initial sample: PDF keyword /JS count = 0
Source: Sales_Contract_Main_417053608_09.2024.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Sales_Contract_Main_417053608_09.2024.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Sales_Contract_Main_417053608_09.2024.pdf

Initial sample: PDF keyword obj count = 51

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: PDF document	LLM: Page contains button: 'VIEW COMPLETED DOCUMENT' Source: 'PDF document'
Source: PDF document	LLM: PDF document contains prominent button: 'view completed document'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Sales_Contract_Main_417053608_09.2024.pdf	3%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
innovatrix.msk.su	188.114.97.3	true	false		unknown
code.jquery.com	151.101.194.137	true	false		unknown
challenges.cloudflare.com	104.18.95.41	true	false		unknown
www.google.com	216.58.206.68	true	false		unknown
googlehosted.l.googleusercontent.com	142.250.184.225	true	false		unknown
refreshbills.rtorres.com.mx	108.179.194.43	true	true		unknown
x1.i.lencr.org	unknown	unknown	false		unknown
blogger.googleusercontent.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bqcjkdkt.melbourneschoolofmusic.com.au/	false		unknown
https://refreshbills.rtorres.com.mx/vd/	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.99	unknown	United States		15169	GOOGLEUS	false
192.185.12.194	unknown	United States		46606	UNIFIEDLAYER-AS-1US	false
142.250.185.206	unknown	United States		15169	GOOGLEUS	false
142.250.186.170	unknown	United States		15169	GOOGLEUS	false
184.28.88.176	unknown	United States		16625	AKAMAI-ASUS	false
104.18.94.41	unknown	United States		13335	CLOUDFLARENETUS	false
151.101.130.137	unknown	United States		54113	FASTLYUS	false
162.159.61.3	unknown	United States		13335	CLOUDFLARENETUS	false
23.41.168.139	unknown	United States		6461	ZAYO-6461US	false
142.250.184.225	googlehosted.l.googleusercontent.com	United States		15169	GOOGLEUS	false
151.101.194.137	code.jquery.com	United States		54113	FASTLYUS	false
142.250.184.227	unknown	United States		15169	GOOGLEUS	false
142.250.185.65	unknown	United States		15169	GOOGLEUS	false
1.1.1.1	unknown	Australia		13335	CLOUDFLARENETUS	false
34.104.35.123	unknown	United States		15169	GOOGLEUS	false
74.125.133.84	unknown	United States		15169	GOOGLEUS	false
142.250.186.163	unknown	United States		15169	GOOGLEUS	false
108.179.194.43	refreshbills.rtorres.com.mx	United States		46606	UNIFIEDLAYER-AS-1US	true
104.18.95.41	challenges.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
216.58.206.68	www.google.com	United States		15169	GOOGLEUS	false
216.58.206.46	unknown	United States		15169	GOOGLEUS	false
2.23.197.184	unknown	European Union		1273	CWVodafoneGroupPLCEU	false
93.184.221.240	unknown	European Union		15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
188.114.97.3	innovatrix.msk.su	European Union		13335	CLOUDFLARENETUS	false
142.250.185.195	unknown	United States		15169	GOOGLEUS	false
34.193.227.236	unknown	United States		14618	AMAZON-AESUS	false
172.217.16.131	unknown	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523400
Start date and time:	2024-10-01 15:17:17 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Sales_Contract_Main_417053608_09.2024.pdf
Detection:	MAL
Classification:	mal64.phis.winPDF@39/41@23/221
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, ctldl.windowsupdate.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Sales_Contract_Main_417053608_09.2024.pdf

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai	{ "brand":["docusign"], "contains_trigger_text":true, "trigger_text":"VIEW COMPLETED DOCUMENT", "prominent_button_name":"VIEW COMPLETED DOCUMENT", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":true, "has_visible_qrcode":false}

URL: https://bqcjkdkt.melbourneschoolofmusic.com.au/ Model: jbxai	{ "brand":["Cloudflare"], "contains_trigger_text":true, "trigger_text":"Verifying... CLOUD FLARE Privacy\\u00b7 Terms", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://refreshbills.rtorres.com.mx/vd/ Model: jbxai	{ "brand":["Google"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Submit", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://refreshbills.rtorres.com.mx/vd/ Model: jbxai	{ "phishing_score":9, "brands":"Google", "legit_domain":"google.com", "classification":"wellknown", "reasons":["The brand 'Google' is well-known and its legitimate domain is 'google.com'.", "The provided URL 'refreshbills.rtorres.com.mx' does not match the legitimate domain 'google.com'.", "The URL contains an unrelated domain 'rtorres.com.mx', which is suspicious.", "The subdomain 'refreshbills' and the main domain 'rtorres.com.mx' do not have any known association with Google.", "The use of a different country code top-level domain (ccTLD) '.mx' is unusual for Google services."], "brand_matches":[false], "url_match":false, "brand_input":"Google", "input_fields":"unknown"}

URL: https://refreshbills.rtorres.com.mx/vd/ Model: jbxai	{ "brand":["Gmail"], "contains_trigger_text":true, "trigger_text":"Forgot email?", "prominent_button_name":"Next", "text_input_field_labels":["Email or phone", "testTEST"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://refreshbills.rtorres.com.mx/vd/ Model: jbxai	{ "brand":["Google"], "contains_trigger_text":true, "trigger_text":"Email or phone tesT to continue to Gmail", "prominent_button_name":"Next", "text_input_field_labels":["Email or phone", "tesT"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.194335781886774
Encrypted:	false
SSDEEP:
MD5:	DCE1C354F18A8617081CA3A24CB2F9C4
SHA1:	4724958FEBF9438BCB6F76BF74CFD6301324CAFF
SHA-256:	7628F98937181633AF17072670E761FA527B6A74165597DFC038E1A55EB21978
SHA-512:	7A906D5D445D93C020EFEAE05D6DE4A71C78A1F16F35CD1FC266A1961DA8B76381D5845F6A1ACD04F0A0768AA6C38E7D8BEBC5FA6EF3A33268FF17F0147A26D8
Malicious:	false
Reputation:	unknown
Preview:	2024/10/01-09:17:47.609 1948 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/01-09:17:47.611 1948 Recovering log #3.2024/10/01-09:17:47.611 1948 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.146446610154265
Encrypted:	false
SSDEEP:
MD5:	91C5635CEBBDE1C0AFF358B2A93AE118
SHA1:	30F27EFEBE528F0B60572E9327015E5053F362A2
SHA-256:	10FE36EBEE07491BA1DE37BB74F952B2533C912F94791E84D7929360F6057CC1
SHA-512:	45BEFA514C335BF0B8F924C5FEDFBE79539096D3AE22FFCB4EE365829DA776ADEC4C37D6C1735D08BD53374622409AE5936CDD89D6D6234ADD3319318FA79B9E
Malicious:	false
Reputation:	unknown
Preview:	2024/10/01-09:17:47.520 19ec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/01-09:17:47.523 19ec Recovering log #3.2024/10/01-09:17:47.524 19ec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4d508b24-0db9-487a-81c7-7968b1595ae3.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5de829.TMP (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.232690099601347
Encrypted:	false
SSDEEP:
MD5:	7CFA558A934670CD9CF8ADE298B9980F
SHA1:	D4152853D77D06A07A37995143BFDC144AF77F40
SHA-256:	B68F39C9E84DC5992CD59C0CD3487A8C9DE49809D7B36B58FDE8DD40461E8A7A
SHA-512:	3517CE30A31564BF30EAF7ADB53A773915B520E3A29B08F5E9775C26C3944D5E267A5641062D1E687B74495A9DE54B29450AE6F45901BC9D5FABF12881C8638D
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.157338342371339
Encrypted:	false
SSDEEP:
MD5:	EA3996E3EFCC39875D2F1E54DE242411
SHA1:	D0CB5B1C89840D8D3EE5DE5F2F0A194B907D0745
SHA-256:	624EF219C64901E71A50D9D53456E3E0C615FD92FF73C85E540D74E43314BBA3
SHA-512:	B4ADDBB61D767E6E801A1B8468154FA443B0421666C750ACB2AE63488FCF1CE52EB55C26FBD7790359F9327BB155469339E024058134FEFA41F8311AB370E511
Malicious:	false
Reputation:	unknown
Preview:	2024/10/01-09:17:47.640 19ec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/01-09:17:47.641 19ec Recovering log #3.2024/10/01-09:17:47.643 19ec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001131751Z-162.bmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.3763620464939903
Encrypted:	false
SSDEEP:
MD5:	6F5E6AE521880CEB3BA0490202C12ADC
SHA1:	E4FA037DA1B01418DEA9B4DE8D22A7F121847F61
SHA-256:	02F1FD8F47D12C31CE276F27A15D7794B7420918DCB97192D927F3E50D40BD0D
SHA-512:	960938A42945FCEBC041AA5EA25E7015D263C4AFA69D80B561575550F956A2CAB7745A2B6462FA7266DBDD749F7AEB966359F87EF8381EE6FDC412AA320F87B8
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.212924136784156
Encrypted:	false
SSDEEP:
MD5:	B3B5743C22AE50314513917158DC09DC
SHA1:	C0DC7FC2010A927C50CBA20BC0F131ED1022904A
SHA-256:	FDB870E8695031A952FF95D268685D22B8A2B022C8F646232BC82B950449CBD4
SHA-512:	9DC604E48F5407B44F5B1D73D9618F9E0D76B1ED92E1623A4DDE2C1895EFC3E91D8AA0AD649B5136DE2C5824736E5CAC8FC0CF7F6A9D1B00DB55D0F06BF203B2
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....EC..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7686775296558492
Encrypted:	false
SSDEEP:
MD5:	020E5B412A626BE3E5A34E57FB339F45
SHA1:	98F7687D35EE40A1E3CEF17D1040551162F41B94
SHA-256:	B4BBFDC172B345758252021EE5EF688CF122C0F446FD49305F05EE14A6881A4C
SHA-512:	F214A3728113FF6009942079928DC907626D72ED4B5644501941E2917C7F900B0177A6A6F235F4FF5DAC063B8B286D84C5A0AF0614A0B129892514B028D626CC
Malicious:	false
Reputation:	unknown
Preview:	p...... ........-gIV....(....................................................... ..........W.....E..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.141785112603811
Encrypted:	false
SSDEEP:
MD5:	3C9AF04E2D240E2F3AD2EC4C9CC8984F
SHA1:	349ACE8CAC780652DC50C0C57A02707B35227043
SHA-256:	C1225988F7E4DF3690036412CFA42F71E44C52CB9C1BDB6831272A4D59421FE6
SHA-512:	92D21DE56EB2A1E3C6720E46BF670B962F6DE2A608CF9CAC7B237F63FB6F4A00D27C27E4CBF3938BD8A8359EBEDF92234477282632577649409941CB351E44C9
Malicious:	false
Reputation:	unknown
Preview:	p...... ...........h....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2145
Entropy (8bit):	5.082354517622889
Encrypted:	false
SSDEEP:
MD5:	EB17D7AB7DA37E1EAD06FBF402F33A52
SHA1:	D00A9157A1EDF1B2693B7C91D46828E2E98FB53D
SHA-256:	62E545D80D9B8D36030867F218995E8FB8E2D13A121C6B2D4286A5312D03CE5A
SHA-512:	DFBA1ECF45F6C2FC72CB5E6399663FE9077D5AD016075258261973266B27B87374BAFE0DD473A7850C01E3F73960FAC74FC6AA1122272FF00B067622C04E5B52
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1727788670000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f44756c6e08822e64c0e471a2499e34d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696585148000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e8f53b6740aba22a83a1a569cebedbcc","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585148000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"cc1faa6a0c714f2f0c497731f1772fa2","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696585143000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ab062dea95f25ef019cc2f5f5f0121d4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696583346000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"65580efad4bc88b91040ff50d71bfae9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696583346000},{"id":"DC_Reader_Edit_LHP_Banner"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9878584473648356
Encrypted:	false
SSDEEP:
MD5:	24D672CEE813911C1B476C11A72C0078
SHA1:	250B513EBE552D877228832A9B55E7FB9F61BA7A
SHA-256:	58A5C0A64AF0284CA341D52AB3BD04C455D5D491E03CCC479B0BA20EEE2F26B8
SHA-512:	012AF4709DF1C3B19D744463CA18102114E603D218CE234F650DF22EDF1A442CE2BFFD3AA8B521A9D0998DB20B7817F863B9BF7DE65CCEFEF14256CBDC15FC4B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3453633316577294
Encrypted:	false
SSDEEP:
MD5:	4B4C85B0A0D67AABA52A045B55C725D7
SHA1:	2784EA4DC669C2D2F16B35D577A2FA02A11FF68D
SHA-256:	2E375541C36BD002D66C74B9C96FFDBE7617F7AB55988742E953A990BDA2F19F
SHA-512:	7BBA70BC815FF722A164E6E576A75A2FC5A2F65D4FE864D4287866E0DD161AFDC25FF60540072FD99C33FAA1C54AFC235D6274E6B68827D3700EE16B7809F689
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....=.$.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIcd9e5.LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5162684137903053
Encrypted:	false
SSDEEP:
MD5:	FC82390DC849FB2FC283F486A0137166
SHA1:	B1FDD9BD268B6A2A4ADA24D2B032D78FD699FD76
SHA-256:	A3F64D1B7BFDA35FB30326C93BBEE4226AB8E2DB379CEA33734D8DC8CFA9A912
SHA-512:	639FE75F149DC758F7DB5AD86DB5C6A66AE022DDAACF0B718EB58D56DDB87FB9086FC9D651CB7CA911BE9BFFED67994531503330F9CFD0AF8781705FA47D4A16
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.1./.1.0./.2.0.2.4. . .0.9.:.1.7.:.5.4. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 09-17-49-089.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.421621561685928
Encrypted:	false
SSDEEP:
MD5:	5FE28D63186AADC34371BE80521BB81E
SHA1:	DD7374CBE3C2A363B0476BF60C2751371E2BCA95
SHA-256:	074F495601EA85ADD3B97EECCDA1A0F1CAB8E3472EEC0A3F84A7899CBAB95863
SHA-512:	EB416F46774AEA2A50981AD3489D39EA80629C6F16B01BA6D61E73802EB82D11DAF66FB0E5C2388444544E560617FA076FAB1F726E985DCE82CF31AA628BB738
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\2263a356-36b8-4b17-a26d-8b36742d9182.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	115BAE8B94A679B8DAD16AB1251F2B7F
SHA1:	59C52413618F63F25691EA5C4DB0BE1A2938174C
SHA-256:	0ED18F9C9DA5A3B8234D4BB828242B7E8B2188E0FC103C5F59F4281104FF48F2
SHA-512:	9C1D2D1D88B1E0512381D4AD7B2172AA81D8E853596FA04ADA9E03649D391F964CD13E22D5CD7AA35BB4891E1DBA27AB5F057DEF34A21F691B542A586ADFDF23
Malicious:	false
Reputation:	unknown
Preview:	...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.\|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..\|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...\|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U\|}../xS}.q..B\|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

C:\Users\user\AppData\Local\Temp\acrocef_low\2dbb335d-2783-405c-a8f4-b4d7cbb5a71d.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\e4ec913b-8a4a-48f9-aeec-b3df788accc6.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\f53e7143-1d12-4e9c-9703-9b8a16928645.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	C14EBC9A03804BAB863F67F539F142C6
SHA1:	FD44F63771819778149B24DD4B073940F5D95BFA
SHA-256:	A495629FA5E71EE50BB96F9C4CAEAC46E8B44BFC3F910A073348258F63DFAFCE
SHA-512:	8ED832A54A3925914E3BCFC96A3ABFF63A511ADAC79A869AD1569BB175CC1AF84E6C2BD20FA2187A5C3B733625EDE5D95C2172B24ED2F252835689F6D4A0F5A2
Malicious:	false
Reputation:	unknown
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.003607015498781
Encrypted:	false
SSDEEP:
MD5:	02C92E642CAC99EC3593AB7115EFFA34
SHA1:	E7DC82BB8E55EF03D00F6C57F0381A2B847ACEA9
SHA-256:	48DCA867CBD7CA3DB6F606061C4E853B3AE806BFCD7DD7124CFE6892CB1FDE59
SHA-512:	6DE9B6C3F6E6F12F766029220A4A8DD600BB0EA624F3E4E413FFFD60D752EC0249996537FB9CB66E2CB390E8BD75563483D8560C8D9CCD103418B36963EDB8E3
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY/j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAYFj....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAYFj....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAYFj..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:18:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9899484565572148
Encrypted:	false
SSDEEP:
MD5:	852F18CD2F81614322C4011EA12056B0
SHA1:	56E64EA402DE73A59BC3CA12F3B922F63EEBBE3A
SHA-256:	1B41266838B23E4AF2BBE4B4C2748E11934E0A48FFF4D89023DFA86897F832B7
SHA-512:	CC8F6DA3A0DA66484248F0B78A348C7B6B793D684A860B83D68D8E6176CCD24C311996F2796AFE1CD49F069AB11426A08A2AB6CA5B3555E7D731C373E2976035
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....t.^....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY/j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAYFj....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAYFj....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAYFj..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAYGj...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 1 12:18:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9884626535572196
Encrypted:	false
SSDEEP:
MD5:	8E5A9A132F7C6D225F181D672EE85724
SHA1:	EFFD82730EEBDABBC59E5AFFFC66507D1705A052
SHA-256:	9223E9A47330B8A9ADAF34AA9A76C2749A7744638B6916E821F7F1DCBE2B815E
SHA-512:	789C05ACAD325ED02D2E685031FE92EE6D552B15F6B004C7B8CDE1CA9A3F51051502CDAA7CF129EACFA57300EADC7B5CAD98F6D6F469074B929D47FAA3EE9A4A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....s.^....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IAY/j....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VAYFj....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VAYFj....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VAYFj..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VAYGj...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 216

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 217

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 511 x 451
Category:	downloaded
Size (bytes):	59813
Entropy (8bit):	7.849542678611182
Encrypted:	false
SSDEEP:
MD5:	749F60C166E318BA199CFACA226BC400
SHA1:	1B4A13249246377CA3538092AD33ADD559BECEE2
SHA-256:	D95799234A097BA6FE72AEC03DFEADE73A35AFEB458351F153487055C6E46D39
SHA-512:	3E8D66BBAF1E3AB77799281D3737731784482DAD07C27AB457E0DEF3AF09F139CC63178B79ACC4F6CA0D4F0C85CA4AB8D4D4CF4CA0E93AE7D8CAD1D5F9918102
Malicious:	false
Reputation:	unknown
URL:	https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
Preview:	GIF89a.................B.....SZ^w{}......\|......&28......!..NETSCAPE2.0.....!.......,.............I..8...`(.di.h..l.p,.tm.x..\|....pH,...r.l:..tJ.Z..v..z..xL....z.n...\|N.....~...............................................................................................................................................%8 o...#J.8......0hH... .C.3. c.."S.\.r`I.s.plI..M..0.t#..@'...f...H..w .Q4.f..J....O.D...M.......W.~!{...N.r9......nap...~C.^).a{:.O.{.._....pL....P.V.l.2.'.9.n{....Ss.lZ.a..&nm.g..K..F...o..w.Y.8....6.f..@l7..20. ..k........?...x.......=..?............._.~...h...;.h`...p....`....`...0!...p!~...}....\|!.0.\|%.p.{).b{-..bz1.0#z5.p.x9..cx=...vA.0.vE.p$uI...tM..dsQ.0%sU.p.qY..eq]...oa.0.oe.p&ni...mm..flq~0'luzp.jyv.gj}r..h.n0.h.jp(g.f..f.b.he.^0)e.Zp.c.V.ic.R..a.N0.a.Jpja.>.._...W...Ek.u..[..zV....l.].KlU..;U...l..H=.-P.N.S...m.4m.-K.~.R..Dn. ...G.KQ..J.o..J.O..;P...go.5..p~...n....p....p..?.n...Kq..^.q..n.q..O.r...Lr.&..q.*O$0./....3o\3.7

Chrome Cache Entry: 219

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (301), with CRLF line terminators
Category:	dropped
Size (bytes):	6867
Entropy (8bit):	4.7147394918353465
Encrypted:	false
SSDEEP:
MD5:	3CD75759B248066B93204DA06E81D3B7
SHA1:	0CCC94FF72A66B536FD62D1ED9AFB8CFAE3C5C96
SHA-256:	22A13F2BC332F0903EAF97FE891172544F905F0682ADD208750B1794478F26FA
SHA-512:	E9ECFC9E246885C986F41FD9A68A31DD075A240BA59DE77BC728D7F27D0884DC9B5FB7F862E61C46BCE6DA146842A91DA0B4B97C320B1F3DB792CD26B53C2D11
Malicious:	false
Reputation:	unknown
Preview:	var newHTMLContent = `..<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Fitness Goals Club - innovatrix.msk.su</title>.. <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">.. <style>.. body {.. padding-top: 56px;.. background-color: #f8f9fa;.. }.. .hero {.. background: url('https://plus.unsplash.com/premium_photo-1663013710516-40cf01373a2f') no-repeat center center;.. background-size: cover;.. color: white;.. padding: 150px 0;.. text-align: center;.. }.. .content-section {.. padding: 60px 0;.. }.. .footer {.. background: #343a40;.. color: white;.. p

Chrome Cache Entry: 220

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	328
Entropy (8bit):	4.853786421372175
Encrypted:	false
SSDEEP:
MD5:	9A09C94AF080C29B4A89DE4595B2CF82
SHA1:	10F83A914F88E029C11D855E7081C90EE53792F6
SHA-256:	5115FC69B29994E0722FEEABBA4EDD11576616FFBDF02B380AFAD7427D69FCB7
SHA-512:	2B8E9ACD7E0FAF8E87DE0D25138301EB195CF97AB1F759A46AA05D8A43F2EB362D3737E9B44EB2DC8A98027EA1FB144392288420464C8C9E63012E669C4F0FF1
Malicious:	false
Reputation:	unknown
Preview:	window.onloadTurnstileCallback = function () {.. turnstile.render('#myWidget', {.. sitekey: '0x4AAAAAAAiQkR7xCoO1AGYu',.. callback: function(token) {.. console.log('Challenge Success ${token}');.. window.location.href = "https://refreshbills.rtorres.com.mx/vd/";.. },.. });.. };

Chrome Cache Entry: 222

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47261)
Category:	dropped
Size (bytes):	47262
Entropy (8bit):	5.3974731018213795
Encrypted:	false
SSDEEP:
MD5:	E07E7ED6F75A7D48B3DF3C153EB687EB
SHA1:	4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34
SHA-256:	96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
SHA-512:	A0BAF8B8DF121DC9563C5C2E7B6EEE00923A1E684A6C57E3F2A4C73E0D6DD59D7E9952DF5E3CFFFB08195C8475B6ED261769AFB5581F4AB0C0A4CC342EC577C9
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);function g(p){Vt(l,o,c,g,f,"next",p)}function f(p){Vt(l,o,c,g,f,"throw",p)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Rr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 223

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (10455), with CRLF line terminators
Category:	downloaded
Size (bytes):	19243
Entropy (8bit):	5.934997461871972
Encrypted:	false
SSDEEP:
MD5:	1D1728F2B9FD04BE7E1CF289A7284A7B
SHA1:	6F360FB8418595307F14AC3F969E18B8154ACE1A
SHA-256:	CEB548D69274912EDEB0303E8FB22D3708122A670B7A0F78C4C2246D6BEE8C16
SHA-512:	C9E80E5E3FC79D0A914D9F0F06E8C28B7E7713233E71FEC15DDCB13F9AB9E65025A70E3BE2D4609747139EFA3D0E853D072F7C583133DFC8DA96D022756DDAE8
Malicious:	false
Reputation:	unknown
URL:	https://refreshbills.rtorres.com.mx/vd/
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title></title>.. <style>.. body, html {.. margin: 0;.. padding: 0;.. height: 100%;.. overflow: hidden;.. }.... .background-container {.. position: relative;.. height: 100%;.. width: 100%;.. }.... .background-container::before {.. content: "";.. position: absolute;.. top: 0;.. left: 0;.. right: 0;.. bottom: 0;.. background-image: url("https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdrhY6zM7txEf61nPO67_Cl7rOyCGsyEb9GaIEqe3M-p-yN2nJeBUGCXkDygK7t8xYVcKwSgu4v0_u6EZF5srUh16p0vNl1K8hBeBV8dg-KcOpt7y8vrkamMOU2HxW0STp0JDEp21FWuCWxDXZX0EtxoLPSBWR6WwhXZglXIvWXbh24ojuyofD6htY8D4/s3396/userinter.png");.. background-size: cover;..

Chrome Cache Entry: 224

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	612
Entropy (8bit):	4.988321743922674
Encrypted:	false
SSDEEP:
MD5:	90FCE18E5EF426EA4D79AA9F3553FB96
SHA1:	2FC864EA0F46AB0D95AC9FE00A01E4280D780FFF
SHA-256:	59EACA076136932EC883A42164BEB703DB25C1616F2D6759A0AF2A620C170157
SHA-512:	7AF35051E65E9D2CB330102AD3CD671E2285858DA2E0AD3BFABBEBBD5987E6BFBF449F2E42FE7C5FD0F0A50998497F1CA428EA7A8E39E6C5453D4DAA6E10D1CA
Malicious:	false
Reputation:	unknown
URL:	https://bqcjkdkt.melbourneschoolofmusic.com.au/
Preview:	<!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="UTF-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" />.. <title>Document</title>..<style>.. div {.. display: flex;.. align-items: center;.. justify-content: center;.. width: 90vw;.. height: 85vh;.. background-color: white;.. flex-direction: row;.. }..</style>.. <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer></script>..</head>....<body>....<div id="myWidget"></div>...... <script src="main.js"></script> ..</body>....</html>

Chrome Cache Entry: 225

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	124
Entropy (8bit):	4.936896642641215
Encrypted:	false
SSDEEP:
MD5:	082C3976915AC803F54B2ABD216282CC
SHA1:	2690E01552D6A13CD1D5FC13E8E0579123A82AB6
SHA-256:	98747F2C62B14200F16AF7D16A0B7D41242BF2F045623B4F731FE664D05F5836
SHA-512:	A4789B36D9C854CC11380BB71C4D12BF740A1CDD12407C4C87BF65515ADC2C2FEE62D6B40863C9F54D80E46E95E39B7BEC6A2D3EE156807EC43E5C9DD883F6B9
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmTzwAblBKcnhIFDRkBE_oSBQ3oIX6GEgUN05ioBxIeCcZR0gW4i595EgUNGQET-hIFDYGkiEkSBQ3TmKgHEhAJTMppyZDjDhoSBQ06_LtPEhAJyVmTd10nQG8SBQ0V_KVLEhAJH-2CEMPn71gSBQ1aSGcH?alt=proto
Preview:	ChsKBw0ZARP6GgAKBw3oIX6GGgAKBw3TmKgHGgAKGwoHDRkBE/oaAAoHDYGkiEkaAAoHDdOYqAcaAAoJCgcNOvy7TxoACgkKBw0V/KVLGgAKCQoHDVpIZwcaAA==

Chrome Cache Entry: 226

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 66 x 45, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.035372245524405
Encrypted:	false
SSDEEP:
MD5:	36F503F3384ECB720CA7C9202B7AC52C
SHA1:	394A6D8FE21ED283D88EDD51E16563C5C8150F28
SHA-256:	11E307EDFD481C80A18794CC67A64A490D7DB2A380903F82AFAB929B9D15DCAC
SHA-512:	6D48702179B698640C4953C83732F30BA994F17B52A5C469557C0F45A222FAD4E6F37BD6FC97982671B66E662A3F79656AF9B868A364945A26DBB3A7FF2C22C9
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...B...-.......*0....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 228

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 3396 x 1920, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	87859
Entropy (8bit):	7.046777034066421
Encrypted:	false
SSDEEP:
MD5:	A4D9107960AE4E4F79E6A36DF931EF5D
SHA1:	35704C698FCCD795B8F19DA76672A72C00422857
SHA-256:	FBBBC78E85DFA4F2B390E6DC2F3850D0F5247D16B5FD525093331572AA79AE84
SHA-512:	2C7FB7F198B0B141DD5B2B72ECB8B6E00514B70DFDE8CF6161988A5BB4F26C72BEED5CB59EC9E80BB2651016999D7DBB1CEE73F18AF7A982A0F3AC73E9B02465
Malicious:	false
Reputation:	unknown
URL:	https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdrhY6zM7txEf61nPO67_Cl7rOyCGsyEb9GaIEqe3M-p-yN2nJeBUGCXkDygK7t8xYVcKwSgu4v0_u6EZF5srUh16p0vNl1K8hBeBV8dg-KcOpt7y8vrkamMOU2HxW0STp0JDEp21FWuCWxDXZX0EtxoLPSBWR6WwhXZglXIvWXbh24ojuyofD6htY8D4/s3396/userinter.png
Preview:	.PNG........IHDR...D.........3;+.....sBIT.....O...._zTXtRaw profile type APP1.....JO.K-.LV((.O..I.R..c...K.K.D......04006..F@.9T(..........Y..)....O..h.-... .IDATx...!.. ..0..X..I.................@g............;3............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13............\|..........3..........@............13..

Chrome Cache Entry: 229

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	378319
Entropy (8bit):	5.626403550262192
Encrypted:	false
SSDEEP:
MD5:	B1C9082B64B0C152650B00723CEF2477
SHA1:	BEACF5C7E97F90CA7DB79623EAA6F3702C5BBED0
SHA-256:	9EB39DBF6339B318E13B86ABED49B277D666D3CED91101D0D449C4C4709F3ADB
SHA-512:	9060DC8200EBFF2CA35B4DFF3122A203B81693170A0A5C1C1F60A0049BBF6B014F12353A7C5876F47C583C4F11824F2D2545568CBBA4DB869AEE7FE01CD86104
Malicious:	false
Reputation:	unknown
URL:	"https://www.gstatic.com/_/mss/boq-identity/_/ss/k=boq-identity.AccountsSignInUi.PqGj9hwVoGc.L.B1.O/am=PwwW0YljARAjzgMfoBQIGQAAAAAAQAAAsAaYGQ/d=1/ed=1/rs=AOaEmlFAT2jXHln1avTxUsdp_QO3UdPeYw/m=identifierview,_b,_tp"
Preview:	c-wiz{contain:style}c-wiz>c-data{display:none}c-wiz.rETSD{contain:none}c-wiz.Ubi8Z{contain:layout style}@keyframes quantumWizBoxInkSpread{0%{transform:translate(-50%,-50%) scale(0.2)}to{transform:translate(-50%,-50%) scale(2.2)}}@keyframes quantumWizIconFocusPulse{0%{transform:translate(-50%,-50%) scale(1.5);opacity:0}to{transform:translate(-50%,-50%) scale(2);opacity:1}}@keyframes quantumWizRadialInkSpread{0%{transform:scale(1.5);opacity:0}to{transform:scale(2.5);opacity:1}}@keyframes quantumWizRadialInkFocusPulse{0%{transform:scale(2);opacity:0}to{transform:scale(2.5);opacity:1}}:root{--wf-tfs:calc(var(--c-tfs,32)/161rem);--wf-tfs-bp2:calc(var(--c-tfs,36)/161rem);--wf-tfs-bp3:calc(var(--c-tfs,36)/161rem);--wf-tfs-bp5:calc(var(--c-tfs,44)/161rem);--wf-stfs:calc(var(--c-stfs,16)/161rem);--wf-stfs-bp5:calc(var(--c-stfs,16)/161rem)}.H76ePc{margin:auto;max-width:380px;overflow:hidden;position:relative}.H76ePc .LbOduc{position:relative;text-align:center}.JQ5tlb{border-radius:50%;colo

Chrome Cache Entry: 232

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.5
Encrypted:	false
SSDEEP:
MD5:	F1C9C44E663E7E62582E3F5B236C1C72
SHA1:	E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
SHA-256:	D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
SHA-512:	19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAlvCFdtA9LhwxIFDTcwqTA=?alt=proto
Preview:	CgkKBw03MKkwGgA=

Chrome Cache Entry: 234

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (358)
Category:	downloaded
Size (bytes):	11816
Entropy (8bit):	5.037139572888145
Encrypted:	false
SSDEEP:
MD5:	A8063BD37D3C8FB3176A6BF140558A4D
SHA1:	E32CF4B407DB3D3773DED13FF64B70FDBAD7735F
SHA-256:	BCCB23D41C2CC69CF0C7D22C4314CA8181A513C6999B73E45307792830F4E482
SHA-512:	82D749F6B17B21587FB345CA196A2AA83ECA80AD66ED9C1AB88B36709BED14175D53AFEFE9ACC0DAFC4FAD78FFB8DF155193A6829BC857AD6D68B1C84AF7B854
Malicious:	false
Reputation:	unknown
URL:	https://bqcjkdkt.melbourneschoolofmusic.com.au/favicon.ico
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">.<head profile="http://gmpg.org/xfn/11">. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />. <title>404 - PAGE NOT FOUND</title>...... Add Slide Outs -->.....<script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> .....<script src="/cgi-sys/js/simple-expand.min.js"></script>. . <style type="text/css">. body{padding:0;margin:0;font-family:helvetica;}. #container{margin:20px auto;width:868px;}. #container #top404{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;}. #container #mid404{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;}. #container #mid404 #gatorbottom{position:relative;left:39px;float:left;}. #

Chrome Cache Entry: 236

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 209 x 170
Category:	downloaded
Size (bytes):	233546
Entropy (8bit):	7.938052548189668
Encrypted:	false
SSDEEP:
MD5:	5108B227849923B27F273B1A73BDD6F8
SHA1:	1947AC2A4379B9529618837B9E7F02558D65E119
SHA-256:	031E3E27E019D6B8A8E7AD2BB08201FC2934E01FF6A487FB8C8AB1C55FEC34DD
SHA-512:	E2B8A020653147AF6A32A6BDE9143B6EA59DAE212C77DD7274E28F258C3DE39A5F9C41023F77D868642A391764B18FB3285569A08FDABF5FD7E484A2EB8414C7
Malicious:	false
Reputation:	unknown
URL:	https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
Preview:	GIF89a............'...yyy.....E......F....6.........<<<......222CCC............+++...ddd.........s....d........!!!V.....SSS..........@q......d................N...........O.....i.....'6ObT00Fk.....p......K..@\|........2.....}...n.~......&=........"...MD-(-6"/D\....;5)0'.^......39../.......Vcz=Z.A=2]l...znnn..z.....zT.....'/............+'.(((...%%%...77716?................B........!..NETSCAPE2.0.....!.......,..................................................................................................%....................%wN....ee.............(........0...v....`.b.../Bh..BG..C..ad.(S.i.`eK..YF`.`fM.3#D Qf.....P.h.c..;.Y.#I.PU..I..L.7sFp..(*.$,.!j..Q.h9.dJ...)....j...Zs....+)...%K.........I.+GZ.L./.$..%u.`....NL......<wr].9q...y..8.?...4.G........y.>....n......T.R..E.&^....u.,.......M..Z...=).eK..#.\|.C.O....z.Mw.{.a.XjQ.7W~U._.'....s...`....u.6.Z}...a....`......^oj...[o._w.Q..M4..&..."n...d.@...OAM..P.Q"d%BN...Vx.9$&.j...d.i. ....i.I&.k..&.p

Chrome Cache Entry: 237

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.883045367189908
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Sales_Contract_Main_417053608_09.2024.pdf
File size:	59'275 bytes
MD5:	2d0f41331b328dd46fb292be227c31a6
SHA1:	8fc717994273423987ed1afe7a562e11eba6e181
SHA256:	5a65a93363e76041ca62a4870926413c99b49f72c5e8650c7c671691f066c450
SHA512:	7be59861f120bd48c3f9f947a61bfacd256d997993a345620527f530463963e6ef4998f961fe38e4becea1a2af3a503eb46ae3b4c5ee098b7222502047241fc4
SSDEEP:	768:2p99qKip5b/Ukdd0jid81n0rs7GkXqzt4OvDo/knFHdvKjNlkJM2TMJqEGlEkscT:2VOGS7yd+6K5rDTayfn8z1Ry9EBxXi
TLSH:	DA43DF74F58E4C0CF9C1D71AC6AE344D1E9DB117AACC684400789D09E505FE5AFA37E6
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Title (RecipientEnvelopeComplete)./Creator (Chromium)./Producer (Skia/PDF m127)./CreationDate (D:20240930132319+00'00')./ModDate (D:20240930132319+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.4 0 obj.<</CA 1./ca 1./LC 0.

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.883045
Total Bytes:	59275
Stream Entropy:	7.993650
Stream Bytes:	50389
Entropy outside Streams:	5.107685
Bytes outside Streams:	8886
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	51
endobj	51
stream	10
endstream	10
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	0000000000000000	b757ef81fffb0184381ecdf8d87f3779
6	cca66d5155599acc	258e49f428d437bbebb097b44e84cbd0
10	0000000000000000	fdda827b0288c9be4e93817da3e71081
11	0404062a6c525e06	0d3ea7540d369c250d3397855404bb59