Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Sample Name:phish_alert_sp2_2.0.0.0.eml
Analysis ID:1323002
MD5:e32a833191ac4faaf81adbdeb439a1c1
SHA1:cb18288f68b042d5f50d7a09b69d56c7ad7a442d
SHA256:eb6bf4ac4d39c65a6820572b5c7db90c2060ac443d010994c2a124391e2194cf

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Creates files inside the system directory
Stores large binary data to the registry
Queries time zone information
Checks for available system drives (often done to infect USB drives)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 5920 cmdline: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6464 cmdline: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "87418C7C-7AC9-412E-A1F2-73B3F48F6045" "2DA15817-FECF-4690-A794-4335DA202691" "5920" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 5736 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\PLATEAU TELECOMMUNICATIONS INC. C01_202308699 2023-10-10.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6740 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6004 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1672,i,18121945511314805399,7744953512290867732,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • EXCEL.EXE (PID: 5984 cmdline: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\2093054.csv MD5: 4A871771235598812032C822E6F68F19)
    • Acrobat.exe (PID: 5704 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\PLATEAU TELECOMMUNICATIONS INC. C01_202308699 2023-10-10.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 4316 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 1080 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1688,i,277324741950081347,17349145131873246790,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • HxOutlook.exe (PID: 4384 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca MD5: 6F8EAC2C377C8F16D91CB5AC8B8DBF5F)
  • HxAccounts.exe (PID: 4076 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca MD5: 6FEB00C9A2C3FF66230658B3012BAB6A)
  • HxOutlook.exe (PID: 6096 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca MD5: 6F8EAC2C377C8F16D91CB5AC8B8DBF5F)
  • HxAccounts.exe (PID: 3648 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca MD5: 6FEB00C9A2C3FF66230658B3012BAB6A)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Spreading
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: z:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: x:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: v:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: t:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: r:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: p:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: n:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: l:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: j:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: h:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: f:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: b:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: y:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: w:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: u:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: s:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: q:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: o:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: m:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: k:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: i:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: g:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: e:
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile opened: c:
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile opened: a:
Source: excel.exeMemory has grown: Private usage: 1MB later: 70MB
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.176.141
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIF05F.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF05F.tmp
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "87418C7C-7AC9-412E-A1F2-73B3F48F6045" "2DA15817-FECF-4690-A794-4335DA202691" "5920" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "87418C7C-7AC9-412E-A1F2-73B3F48F6045" "2DA15817-FECF-4690-A794-4335DA202691" "5920" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\PLATEAU TELECOMMUNICATIONS INC. C01_202308699 2023-10-10.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1672,i,18121945511314805399,7744953512290867732,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 0573A59252517362574F4485FCD25C8D
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\2093054.csv
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1672,i,18121945511314805399,7744953512290867732,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 0573A59252517362574F4485FCD25C8D
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\PLATEAU TELECOMMUNICATIONS INC. C01_202308699 2023-10-10.pdf
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\2093054.csv
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\PLATEAU TELECOMMUNICATIONS INC. C01_202308699 2023-10-10.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1688,i,277324741950081347,17349145131873246790,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1688,i,277324741950081347,17349145131873246790,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\PLATEAU TELECOMMUNICATIONS INC. C01_202308699 2023-10-10.pdf
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9B189D7-228B-4F2B-8650-B97F59E02C8C}\InprocServer32
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeMutant created: \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Local\SM0:6096:120:WilError_03
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeMutant created: \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Local\SessionImmersiveColorMutex
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeMutant created: \Sessions\1\AppContainerNamedObjects\S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433\Local\SM0:4384:120:WilError_03
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20231010T1616460398-5920.etl
Source: classification engineClassification label: clean4.winEML@42/87@0/76
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe TID: 5624Thread sleep count: 32 > 30
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: unknown FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe c:\program files (x86)\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\ai.exe" "87418c7c-7ac9-412e-a1f2-73b3f48f6045" "2da15817-fecf-4690-a794-4335da202691" "5920" "c:\program files (x86)\microsoft office\root\office16\outlook.exe" "wordcombinedfloatielreonline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe c:\program files (x86)\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\ai.exe" "87418c7c-7ac9-412e-a1f2-73b3f48f6045" "2da15817-fecf-4690-a794-4335da202691" "5920" "c:\program files (x86)\microsoft office\root\office16\outlook.exe" "wordcombinedfloatielreonline.onnx
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: unknown VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
1
Replication Through Removable Media		1
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		1
Replication Through Removable Media		Data from Local SystemExfiltration Over Other Network Medium2
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)1
Extra Window Memory Injection		1
Virtualization/Sandbox Evasion		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Process Injection		NTDS11
Peripheral Device Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets1
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
File Deletion		Cached Domain Credentials14
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Extra Window Memory Injection		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
52.113.194.132
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.3.84.164
unknownUnited States
16625AKAMAI-ASUSfalse
162.159.61.3
unknownUnited States
13335CLOUDFLARENETUSfalse
52.109.8.89
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.39.1.167
unknownUnited States
16625AKAMAI-ASUSfalse
23.62.176.141
unknownUnited States
3257GTT-BACKBONEGTTDEfalse
20.189.173.12
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
13.107.42.16
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.109.0.142
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
18.213.11.84
unknownUnited States
14618AMAZON-AESUSfalse
20.189.173.10
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.109.0.91
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

General Information

Joe Sandbox Version:38.0.0 Ammolite
Analysis ID:1323002
Start date and time:2023-10-10 16:16:17 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:26
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample file name:phish_alert_sp2_2.0.0.0.eml
Detection:CLEAN
Classification:clean4.winEML@42/87@0/76
Cookbook Comments:
  • Found application associated with file extension: .eml
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 52.109.8.89, 52.113.194.132, 23.39.1.167, 23.72.90.13, 23.72.90.28, 20.189.173.12
  • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, self-events-data.trafficmanager.net, fs.microsoft.com, a1864.d.akamai.net, onedscolprdwus11.westus.cloudapp.azure.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, s-0005-office.config.skype.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, e16604.g.akamaiedge.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, omex.cdn.office.net.akamaized.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKey calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetValueKey calls found.
  • VT rate limit hit for: phish_alert_sp2_2.0.0.0.eml

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):290
Entropy (8bit):5.146952025310695
Encrypted:false
SSDEEP:
MD5:D745482A993740927DB0813C8060B870
SHA1:61680F0ABA7E807034D84B748EC5B925A6C46F9E
SHA-256:26C69C9E006A906AFFCF33C21905EA15322B5D0D4B6372C95355C3F3975606EB
SHA-512:4237DBEB70227483F5053514DD11422BD34A00F715305A084023217F748BF8869E036B1CDC2CCE2F00C770FD7A0BE4B9544F467B3D48D961C5CF649E0DE63717
Malicious:false
Reputation:low
Preview:2023/10/10-16:17:06.503 1b30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/10/10-16:17:06.518 1b30 Recovering log #3.2023/10/10-16:17:06.519 1b30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):290
Entropy (8bit):5.146952025310695
Encrypted:false
SSDEEP:
MD5:D745482A993740927DB0813C8060B870
SHA1:61680F0ABA7E807034D84B748EC5B925A6C46F9E
SHA-256:26C69C9E006A906AFFCF33C21905EA15322B5D0D4B6372C95355C3F3975606EB
SHA-512:4237DBEB70227483F5053514DD11422BD34A00F715305A084023217F748BF8869E036B1CDC2CCE2F00C770FD7A0BE4B9544F467B3D48D961C5CF649E0DE63717
Malicious:false
Reputation:low
Preview:2023/10/10-16:17:06.503 1b30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/10/10-16:17:06.518 1b30 Recovering log #3.2023/10/10-16:17:06.519 1b30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):334
Entropy (8bit):5.145965719963253
Encrypted:false
SSDEEP:
MD5:5393D06F2B4C28233F249CF265D263E8
SHA1:969D9816EB616369989386A29A91029EEF89396E
SHA-256:37EBF2049E346278EDD08A8735C24194E9E00C648F2830C81D8FF89458BD9F19
SHA-512:A93B8490A3A780A23526234F52158A656EBDBED419AC3467CF9D6822138A4A8830E5145D2A15E74EC4AEEA3012523E3EB1BCA1B3B96CA9D9CCF2E88C5EE5619A
Malicious:false
Reputation:low
Preview:2023/10/10-16:17:06.521 1ba4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2023/10/10-16:17:06.524 1ba4 Recovering log #3.2023/10/10-16:17:06.524 1ba4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):334
Entropy (8bit):5.145965719963253
Encrypted:false
SSDEEP:
MD5:5393D06F2B4C28233F249CF265D263E8
SHA1:969D9816EB616369989386A29A91029EEF89396E
SHA-256:37EBF2049E346278EDD08A8735C24194E9E00C648F2830C81D8FF89458BD9F19
SHA-512:A93B8490A3A780A23526234F52158A656EBDBED419AC3467CF9D6822138A4A8830E5145D2A15E74EC4AEEA3012523E3EB1BCA1B3B96CA9D9CCF2E88C5EE5619A
Malicious:false
Reputation:low
Preview:2023/10/10-16:17:06.521 1ba4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2023/10/10-16:17:06.524 1ba4 Recovering log #3.2023/10/10-16:17:06.524 1ba4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6f225235-be57-41c0-bdab-75c54fcd3226.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):371
Entropy (8bit):4.992423188708374
Encrypted:false
SSDEEP:
MD5:1B6C4F9577E1DC3F24E7EAC6951B177C
SHA1:F04D7991A8F9AB13CEF09716B851EE5A6E05DAFB
SHA-256:B0D8D3CECF89C7F4348BD854DB0FE3777AF69CBCA9B4098062B8BD30FB9D90BF
SHA-512:E7CB17172DEE4BAB544CD37229B862F19F358B02496343829C6CA24E61ED03BA7399B709DECC34341C9363867570FA27CB16EC7F74033B23E7D6F9C4E6B0025E
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341507432770106","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\97bb7241-5a15-430e-b573-bbcda9669776.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):403
Entropy (8bit):4.977416062059362
Encrypted:false
SSDEEP:
MD5:04E394C8B77F3D884200782813754AEB
SHA1:0A94A76AD667AE8AA2609F6996A54AE42F922FDC
SHA-256:94ACDB7B98BC7B1D0A87F08407A676C018DA2CF75CA9AAF9B67100AD1F9EA323
SHA-512:B2984BCB0CC595B52857BE23614716BDFF15A2CB8B766654CAEF6EADD5FA5C6C96FCFF96CF81FCF4D1FF9C3AE02528BA0B5E178D4A8DED4950253A89B6E7A686
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341507513351623","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":171427},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):371
Entropy (8bit):4.992423188708374
Encrypted:false
SSDEEP:
MD5:1B6C4F9577E1DC3F24E7EAC6951B177C
SHA1:F04D7991A8F9AB13CEF09716B851EE5A6E05DAFB
SHA-256:B0D8D3CECF89C7F4348BD854DB0FE3777AF69CBCA9B4098062B8BD30FB9D90BF
SHA-512:E7CB17172DEE4BAB544CD37229B862F19F358B02496343829C6CA24E61ED03BA7399B709DECC34341C9363867570FA27CB16EC7F74033B23E7D6F9C4E6B0025E
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341507432770106","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF672d54.TMP (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):371
Entropy (8bit):4.992423188708374
Encrypted:false
SSDEEP:
MD5:1B6C4F9577E1DC3F24E7EAC6951B177C
SHA1:F04D7991A8F9AB13CEF09716B851EE5A6E05DAFB
SHA-256:B0D8D3CECF89C7F4348BD854DB0FE3777AF69CBCA9B4098062B8BD30FB9D90BF
SHA-512:E7CB17172DEE4BAB544CD37229B862F19F358B02496343829C6CA24E61ED03BA7399B709DECC34341C9363867570FA27CB16EC7F74033B23E7D6F9C4E6B0025E
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341507432770106","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4509
Entropy (8bit):5.226330564420764
Encrypted:false
SSDEEP:
MD5:190C27A4353E53DB337C0B9EA76949B4
SHA1:D0F2D20CE29539FD36A240A7749B54605C2B9084
SHA-256:600C86C622F070BDBED83C9DB9A07491CA5BA6F44C3D63CBDA3AB6AFD80C07F0
SHA-512:49BF37A5E29CEE3E0222DAF20621D8F4B6F6E6F35F783582B11EA835ADD2D86D3F212FC1E7C4A87FECC7A2E1B692FEE1DE6BF64E43DEE5BDF4F834C421E8D70B
Malicious:false
Reputation:low
Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):322
Entropy (8bit):5.18059161976122
Encrypted:false
SSDEEP:
MD5:F1344FB591069E239379849BCC972EAA
SHA1:2A684B987B052911E9B05137DFA144E3BCEECBD2
SHA-256:C15EFD1DEAF71E8FEA3ED265D5881AD14E5791DB1287170AA46F89C302AC71D7
SHA-512:E0EBA544BBB23DE8885142FCF0D7D453D532567F932E2D41062286383F9FAA03F127700B9B308F2D59DB2EB54948C26BBDAD2EACC1C559F1AA89E49D8E03C57D
Malicious:false
Reputation:low
Preview:2023/10/10-16:17:06.958 1ba4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2023/10/10-16:17:06.961 1ba4 Recovering log #3.2023/10/10-16:17:06.961 1ba4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):322
Entropy (8bit):5.18059161976122
Encrypted:false
SSDEEP:
MD5:F1344FB591069E239379849BCC972EAA
SHA1:2A684B987B052911E9B05137DFA144E3BCEECBD2
SHA-256:C15EFD1DEAF71E8FEA3ED265D5881AD14E5791DB1287170AA46F89C302AC71D7
SHA-512:E0EBA544BBB23DE8885142FCF0D7D453D532567F932E2D41062286383F9FAA03F127700B9B308F2D59DB2EB54948C26BBDAD2EACC1C559F1AA89E49D8E03C57D
Malicious:false
Reputation:low
Preview:2023/10/10-16:17:06.958 1ba4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2023/10/10-16:17:06.961 1ba4 Recovering log #3.2023/10/10-16:17:06.961 1ba4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-231010141711Z-165.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:dropped
Size (bytes):71190
Entropy (8bit):1.3324286704219235
Encrypted:false
SSDEEP:
MD5:4B6D4C72D7B3CF2A857980B7E6DCC17B
SHA1:8B4971F81D9A625528B6E1A8984745695239F40F
SHA-256:2D99F2EC814C5C827E83838363EA7B226D58DE7C29E13B08439A5F5564A5B399
SHA-512:5485028598CBAA88354DC84D6ACB646DE8FF2B9CB629867D45E315BCEFE43E5DD2D1F89B1B46CBF97B47E01DAB65D0485DDD8FECAEF1BCAFA7721D628AE089C1
Malicious:false
Reputation:low
Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 9, cookie 0x5, schema 4, UTF-8, version-valid-for 1
Category:dropped
Size (bytes):36864
Entropy (8bit):0.6478669371782999
Encrypted:false
SSDEEP:
MD5:F447B2D9D27C6446C01B19F020040229
SHA1:3A7A021F4428E2F696FF8FFC43A8CA90D72C2CA9
SHA-256:C3617160CEB4F24C6A3CBDBF7D9D1A6B391F397BE299FD738DD35CFBD17E7FDD
SHA-512:20A603861123F82CC173FDEB45885414CD986DB9B37DC89C6913F3185C831A3E87E24BBD38AA8717A21C71337CA0AEE82D082E0530A21F4BA6A8A5AA86001443
Malicious:false
Reputation:low
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):512
Entropy (8bit):0.28109187076190567
Encrypted:false
SSDEEP:
MD5:C88E70DC86FCAEBF03BA95B936C6F412
SHA1:5C71433C01405FE50FECAAC792536319DDDC551C
SHA-256:1F7B9AD8AED1C645AF17E100227E350FB2155CF5237A6CAD4EBF039273AE6020
SHA-512:8187FD7FAC60A93D543765A109FC79FCA16B9D088B11570DEA4FFD75EFBF2D88F84F1FEF0656482E5DF91BCC10D07084AD317B587EF445791C5C21E8F227C008
Malicious:false
Reputation:low
Preview:.... .c.....<.B.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2064

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Reputation:low
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Reputation:low
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):227002
Entropy (8bit):3.392780893644728
Encrypted:false
SSDEEP:
MD5:265E3E1166312A864FB63291EA661C6A
SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
Malicious:false
Reputation:low
Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.3726709527821725
Encrypted:false
SSDEEP:
MD5:29EAFF2B492BBC4B9575D6D0538DAEAF
SHA1:A113978646925FC028FF1AFB3C07C4911B83DBEB
SHA-256:FF29D31E467727901260B10DA96791330463D0FED6FC4E6DB78299D4B9317CB8
SHA-512:E900862EF3F5103188689B69373DA13D82A7684BC26423679654FC00094F322B6EC50023F022C46E950FDA5C1F7EFD4ADD4C91D612C257402D69E7DACF28007E
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.321109791602957
Encrypted:false
SSDEEP:
MD5:200C5EB8F39890056CA9B4C27A6261CF
SHA1:E873C23F6D8D91B9381C5B64B3BB6FEE1E1B3C3B
SHA-256:F5410C93DAF306D10AD9D378B384895F80031E25A2264DEBE13E12537F9381F7
SHA-512:69B3E6AF31A68C0836644EFD1CF1C4E568344F67B55EE553F6E6F71B16DF3F09451D552C4A58C9533E78307A22229E423AB1F64A69C188DD7A692A01DD8B745A
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.299369286960764
Encrypted:false
SSDEEP:
MD5:231DAAB6E72626E3BEB407E48B1B527F
SHA1:18D62395A845107A90561CECD0F72A5BBDA7DDC4
SHA-256:846C4914587DE0AFACF610071DBED46F61CBA7C43D0A967A7D17ACF6F3C514B9
SHA-512:FE64D0DA4B982D12FDEDA5DC83E5BB32659777E7FFF5BACF391EDC58558E245B13E35D9037968FC86489BD3FCBC2A59F1289762E522FF8E1FBA21F9C637FBA95
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.36137772280264
Encrypted:false
SSDEEP:
MD5:2F35CBDB8BA03DC7242FA2FD78745714
SHA1:511127C6AAA9E91B85C7D91C58F009F1EAF4F898
SHA-256:2A5C5207C422F8A2ACAE320E115E2248A419C586B727B672B63C1BAFB5DDB882
SHA-512:72EC517915FDAA1CA2CB8848958E9D89751FF8C71B4CF1595228818A49E0F6A1A49C1A2B6EE45DC67E7283F0C86DA4C00E8D38960D1C22736DD9EB177CB8013F
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1255
Entropy (8bit):5.697596833670244
Encrypted:false
SSDEEP:
MD5:8A1DDE8DCDD6BF8DA53FD0E25F14C2EF
SHA1:A0E651461EBD5145BB9B3CE4BCF03A18F45591A2
SHA-256:3529F9C6179421A30B5180604AFCBF96759DD0DD9CEFDE72E4A3CCBC33E59590
SHA-512:CB4979F11E491D51E60C45F5D5934FC8B97C2AFAE47B7637F7D842DF80EB226F6311C60CFD622AE2D637F4A2CC539B887E170B483F55C5F8E2EEC2E6EFBBFD64
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_0","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"f7fa0e9f-7d25-4321-b719-c501bbb8a162","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0IGZpbGVzIHRvIGFuZCBmcm9tIFBERiBcbndpdGhvdXQgbGltaXRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5k

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1250
Entropy (8bit):5.705449883842315
Encrypted:false
SSDEEP:
MD5:03D55793A48BEEDE404E1A8EE886536D
SHA1:A8F8D58EBC46BF8462C44CB828713272325E9767
SHA-256:53B47314EB603EB6C896C83CA04D6AEA00F57F464779066342BE0EC8CA6929E6
SHA-512:5ED98540E8A07E6ED5203941A098F2A19984453520A4459D9146D7596ED6658CAFFB50E89CC977F58DFD0E59046D5764B4800A4B85355789D7E72D87CC4DB3E7
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_1","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"250f56c6-2d66-4fca-8033-eabbd2bc9951","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0LCBlZGl0IGFuZCBlLXNpZ24gUERGXG4gZm9ybXMgJiBhZ3JlZW1lbnRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2Nvb

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.311775428590273
Encrypted:false
SSDEEP:
MD5:083A9017E6D150CCF92CB765087C108D
SHA1:9E910A374C259E24DB86AD2274FA1ED595EA1944
SHA-256:39466AB092EB5BBA82B69855360F91F4442549D70DF87F9524C29DDD44DADBF7
SHA-512:D2B3223250E55F5EA4AB5669A8DD53D34A31B6631FEAF5DA133CF5D9534211010DFCCEB9CFEED236CCBCDA0328AA801CEB038E10673D0D4752EABEEC4183D484
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1230
Entropy (8bit):5.686468698850318
Encrypted:false
SSDEEP:
MD5:0B31799C935E1FBE435602663296239A
SHA1:C4E504CC76726721C9170DB3F46104459FE87176
SHA-256:FA580B6E2109A3E3986457113B86D10F75188A236EED9F2F2CAE50B4AC492F55
SHA-512:143EDE933F099DD14A5BB9A0B727F113AA1FBC7675C9DB2C9CE5880176385F6F7E7CE6D488526A0C35CDC511BEE26A038868ED2CFECF929A6F4AE8CCBF3B5B9E
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_3","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"07caa165-20a7-4c5f-adf8-061ef3d98af3","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2NvbG9yX2RhcmtfdGhlbWUiO

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.333989864172569
Encrypted:false
SSDEEP:
MD5:5B287D8312F7A99E1B47DAC1A45C8887
SHA1:B7E170984F67A0F9990078CF18F3744117C1F33A
SHA-256:645F6CC76B39C8D1F30DBC9EA85FBAA32065466EE0FFA665F7CACD158E4D63E4
SHA-512:14773E2C676505C26D9AC50BAF6819C10233A61C56FB4F109CDF19FB3D5F97635A0FBA2483BDA61493ECBF0FBEDDF5B901F2C969A41066DBEA8C7ED68180558E
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.315214743500875
Encrypted:false
SSDEEP:
MD5:C56EB123EDA877E96D2A749D651460FB
SHA1:BC80213949B4413364DC6F9A9A8691AE65DF5087
SHA-256:4911D2BF43B2D7D3ECA0949BA0702D247B8F0EA88188CC8712A5354F2DCE1838
SHA-512:FFEFE9149D6C777B58A414BB76C14526284FBFB85EA0A6E2A51C34C70D5DB630E34DCC5902DF101785137658CED5104EA7AE6B3561793CC6208ABE3BA6F05F16
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.774847423042974
Encrypted:false
SSDEEP:
MD5:D8BBAC392D1B89A7A0B0AD76FB347058
SHA1:F72BB98CE54FDC1F2AD1FF435A7EFA7A60A06A39
SHA-256:3F5690B73C757A132A07310C9D72848F884D7B4361C3D57BE4ABCEF236D58416
SHA-512:9A7E30C05AA2FB38066BF94EE517D9680239E1D4EFA2A0A3CD51843F17212B5F3E70C28158126EF8687ACC9D5F23F55FFE55A2FF421C5124EAF6D96F7740BFE3
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.298657272490883
Encrypted:false
SSDEEP:
MD5:B11BD458C7AC8CB0CF15AC821328E2E1
SHA1:0797D9E16B693F7FE485639EB62941B396A0E89B
SHA-256:E4AFA677139A3443ED1061472AA62A8BE9BBB6C8C7003CAD44FF38563301DF08
SHA-512:FD6328F31F58C1B2417EB4ED9B99F1C1D80D7250BC2503038A9B913170B8D88D4B7B9E0AFE67291BEB7DC0D643011BAB31A1AB8FD4A2EE9C76985E4D4220941C
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.302545053162362
Encrypted:false
SSDEEP:
MD5:C4122A6F92AB9A2D873A4D6D2DFFBE0A
SHA1:1913535EAE16A874423129C39CC395EA28D8BB6A
SHA-256:66C55FBB3654E08B79F623C569B2FB04CF4CCC25C893D26AC26E69670E8041B5
SHA-512:D56090254300BD8536AD4E638B135FB608AB186FFCD5670F97F7E8FC72D486BE6D8AB7FAD44B7BBBF6B2B12160E78B05CEC71E3FF2A6232CA0373297E0BF3EB2
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1250
Entropy (8bit):5.71621354320267
Encrypted:false
SSDEEP:
MD5:01B9007459705C195D3999239C4E985C
SHA1:6EE17BAAB30B6DC11FDEF872DA790A81C6F3C54F
SHA-256:27487CD92EBF22168226E45C3CDFA052A0646FD81340223A97FC34A28F1CACAF
SHA-512:0E248B4B77AA2E5E2B49749ECFFB2937FFD1F051FBEDD2D812E47B866A02FBF5FBB82FECC32D6D8C182863E6080A567F6873D547C1A3E1B11CCDFE4D8169C3DA
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_2","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"8deb148d-1a64-4e57-9648-e8bf939c598e","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJTZW5kIGRvY3VtZW50cyAmIGZvcm1zIFxuZm9yIGZhc3QgZS1zaWduaW5nIG9ubGluZS4iLCJiYWNrZ3JvdW5kX3N0eWxpbmciOnsiYmFja2dyb3VuZF9jb

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):5220
Entropy (8bit):5.804019138369534
Encrypted:false
SSDEEP:
MD5:3B21C1F564F7518DBD2587BE7727BEC2
SHA1:14CE66EAFA2ED7CCFDDE659A56DAFEEBF77519E0
SHA-256:FF030A93D355973620E240EF3C290550AFCF8D91B82A21299CC6B433D9A676BB
SHA-512:9EDC004333CC42D168AAD34720586E88D85B5420B7326EE359C00E628A884C7C587CFE50E745B7A698CAA47B35B128EFABD788E47452EF6A4F42B61569597D33
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Upsell_Cards"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65872_202577ActionBlock_0","campaignId":65872,"containerId":"1","controlGroupId":"","treatmentId":"fde975b8-6690-4353-9b93-ee40b641f60f","variationId":"202577"},"containerId":1,"containerLabel":"JSON for DC Reader Upsell Cards","content":{"data":"eyJVcGdyYWRlQWNyb2JhdFBlcnNpc3RlbnRCdXR0b24iOnsiZGF0YVR5cGUiOiJ1cmwiLCJkYXRhIjp7ImxpZ2h0IjoiaHR0cHM6Ly9jdnMuYWRvYmUuY29tL2NvbnRlbnQvZGFtL2N2cy9hY3JvYmF0ZGVza3RvcC91cHNlbGxjYXJkcy9yZ3MwMjU0L3YyL2luZGV4Lmh0bWw\/ZXhwZXJpZW5jZT11cGdyYWRlLXRvcHxlbnwxfGxpZ2h0IiwiZGFyayI6Imh0dHBzOi8vY3ZzLmFkb2JlLmNvbS9jb250ZW50L2RhbS9jdnMvYWNyb2JhdGRlc2t0b3AvdXBzZWxsY2FyZHMvcmdzMDI1NC92Mi9pbmRleC5odG1sP2V4c

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.367502900131992
Encrypted:false
SSDEEP:
MD5:455C1B756C006DA81F55EF911C6560EC
SHA1:93EAF8295E618EDC89A0CB21CF97FE4E102CBCE9
SHA-256:769AECC208190054083E7DF83DA93C1C3ECADA1ABFF56C9018DCE3E9F29201DB
SHA-512:A665D0F28652DB217A6A993175B7431E44CE16B7EA6A65544F7324498EF77F864B0B69C66679D2EEC1B52B8D3212C36D06C4321B9920190C4A354C1F02FA7672
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"d4e27f6a-08d4-48c9-9108-b210c0af348a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1697122393180,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1696947433208}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Reputation:low
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2818
Entropy (8bit):5.1384399472078535
Encrypted:false
SSDEEP:
MD5:6CBB0AE41EB7FCF5067E66660F3A4F71
SHA1:8B21943BF43EF0BE0EB8B2A8A6E8DC08E8C249FE
SHA-256:2357288F0B5D944F52E63B061EBEE0D5F296C2FCFC6E06B3682ACB428E0DC1A3
SHA-512:B74E2D808649F79FC87B452617F18B09DE9F2E30E05ACB161CCA166D861EF1E42CA3F4412DD170137553061BE952F529BFAF3CDF12685C95917526EB58E487EA
Malicious:false
Reputation:low
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"d2ccba35191b7572e480fe6bc853509e","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696947432000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"415d24c1bf38b4b1e27f5f75b8cebab6","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696947432000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"42b331ed17c77133ca95ce78e7b13fa2","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696947432000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"3d42978198efea182b9c6f487002400f","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1696947432000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"b66724ecd9b2c70006de04239d208643","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":5220,"ts":1696947432000},{"id":"Edit_InApp_Aug2020","info":{"dg":"20811738a3101fe2d7c7205df74f682f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1696947432000},{"id"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:dropped
Size (bytes):12288
Entropy (8bit):0.9879981585346314
Encrypted:false
SSDEEP:
MD5:7E03E817D976C4A9D45D5017B0767C32
SHA1:1E422950951CAD722627CAE680EEA3C402950C07
SHA-256:0D02276845186A2CE63E8B0A9D3F4B9BB55BF8560565107A075AC5BDD4B1F19E
SHA-512:24B2D8DBA595B851361C0AD0AD3BDEF411F615A85BCE02BEB8E814ECE42AC813AE71ECCC6819F29C212367A372B45926D09018648D9B8CCAB3E565E6FCA680BF
Malicious:false
Reputation:low
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.3448593374394862
Encrypted:false
SSDEEP:
MD5:8D90F7EB01A3551ABBE565B243AC74D4
SHA1:B1A016C476C54BCE0542739C35DDF72823E92DB9
SHA-256:DB6AE3F864ADB8C0BD82DE526A97E478E7C1C0393D743A3199AD8BA79FE5E5A4
SHA-512:8C20A369E22210ABF2D0812461C6036CAFD535259B7B8704DF40C995E9D85B9DC353FD555E0C5B83C2424DDAE6B159D242E0DCFDCF0F85E1BAA015BE1719439A
Malicious:false
Reputation:low
Preview:.... .c......-/......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with very long lines (2008), with no line terminators
Category:dropped
Size (bytes):2008
Entropy (8bit):5.081793950704674
Encrypted:false
SSDEEP:
MD5:5019D741CE629AEA49F43FC9E1A23328
SHA1:691DA04B50665210B7389CB453F013AC24C305E5
SHA-256:8B4FE4A344C305900D9ED13547A2D03CA3D0C522EBBB9987F3E7A1DD438DF590
SHA-512:66938165C206351362FB2A2A8B04E32CAC76E34A8812A61567E2A656F0B68C868AB38CB2CD6CED424F11354FD20A6C7DD15282C2F00DD1A398F2955E507C4F9E
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>13</Count><Resource><Id>Aptos_26215680</Id><LAT>2023-10-10T14:17:19Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-10T14:17:19Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-10T14:17:19Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-10T14:17:19Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-10T14:17:19Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-10T14:17:19Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Roboto\29157941112.ttf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularGoogle:Roboto Regular:2016Version 3.
Category:dropped
Size (bytes):469544
Entropy (8bit):6.8480115015387035
Encrypted:false
SSDEEP:
MD5:4F6375B8EA6B4094295CCD33334B0B7A
SHA1:1476EDA17FED0A7F71B30161265D40DBE26E5577
SHA-256:2F420C946304315909C1672B14CB4343A3D70C45879C39B85D2345A75850C287
SHA-512:63DF47FCE03B3458E05472B6541B3E6317B50DBB561AF896CFAF3E9D86D6297E189E1D34C52DDAA877E85F39286473317E06C11C2960F031441903D1C69C8A16
Malicious:false
Reputation:low
Preview:............GDEF..."........GPOS&.........>.GSUB..q|......-.OS/2...........`cmapg+.B..6.....cvt ;.&}..bD....fpgm...2..O.....gasp............glyf..qR...4....head.?,........6hhea...M...T...$hmtxo..,......4.loca$A....cD..4.maxp...m...x... name>.n...'0....post.7....*.....prepyX...._t..............Y._.<.........................\.s.................l...........\.................:.....;.P...v......./.......u.................3.......3.....f..................P.!....!....GOOG.@.........f.... ........:..... .....d...............................w...n...i...f.f.h.......'.r.....N.....6.&.....M.....s.......^..._...5...........N...q...d.......)...H.d.../.....K./.m.8.......5.x.@.......l...s.z.....-...j.5.....O.............w.......n.......Q...2.0.........=...:.......W.....I.).....X.@.....y.9.Z.m.~...0.]..._.>.]...=.~.a.h.......................k.....\.~....._.....!._.....i.....!...+...*.......Y...@.........q.......a.i...[...i.4.........[.Y.e.I.\.......e.n...J.[.........G.a...B...?...{.......D.......t...{

C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.CampaignStates.json

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:JSON data
Category:dropped
Size (bytes):1538
Entropy (8bit):5.170046666246265
Encrypted:false
SSDEEP:
MD5:F903C4A051E8AA36E9E085B08D1BC55E
SHA1:FF9AF9BBA28D4F3FF2238A64425CABE8123250AB
SHA-256:59D97433D58543D3CAE4BFDF9AC0DC6990A99BFB10D118B0D62D32DA15D30968
SHA-512:7B9A526C71B8DF94CF6556AB827C07E2265ACF6F81B4A12B3303ACCD6601C92735ECAA0F4AD5DC054FD1E7EA19B29FC220F41213822CD04E71DC27FDA8C9027B
Malicious:false
Reputation:low
Preview:{"CampaignStates":[{"CampaignId":"398f8b35-ef06-4a2b-a5dc-d85540d6fff3","LastNominationTimeUtc":"2023-10-06T09:25:18Z","LastNominationBuildNumber":"16.0.16827.20130","DeleteAfterSecondsWhenStale":31536000,"ForceCandidacy":false,"IsCandidate":true,"DidCandidateTriggerSurvey":false,"LastSurveyActivatedTimeUtc":"1601-01-01T00:00:00Z","LastSurveyId":"7e1f72bd-2c13-423b-93cf-2786588bccbb","LastSurveyStartTimeUtc":"2023-10-06T09:25:18Z","LastSurveyExpirationTimeUtc":"2024-10-05T09:25:18Z","LastCooldownEndTimeUtc":"1601-01-01T00:00:00Z"},{"CampaignId":"8a42827d-29d2-473e-998e-3217724c5b68","LastNominationTimeUtc":"2023-10-06T09:25:18Z","LastNominationBuildNumber":"16.0.16827.20130","DeleteAfterSecondsWhenStale":31536000,"ForceCandidacy":false,"IsCandidate":true,"DidCandidateTriggerSurvey":false,"LastSurveyActivatedTimeUtc":"1601-01-01T00:00:00Z","LastSurveyId":"0bb7f335-0b8a-4926-bb93-540e4e5b86c8","LastSurveyStartTimeUtc":"2023-10-06T09:25:18Z","LastSurveyExpirationTimeUtc":"2024-10-05T09:25

C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.GovernedChannelStates.json

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:JSON data
Category:dropped
Size (bytes):740
Entropy (8bit):4.578658879460996
Encrypted:false
SSDEEP:
MD5:439A34DE8DA5C04AF25AADB84A2120D4
SHA1:F12F9FF6E03A5762BD03061557029446680B1DAE
SHA-256:32B560C75C25C6F56C0439F67A3FA7D4F271F07B435EE41575A3D82C6C612880
SHA-512:BE704CD0DF8041945D16B8103135650B33D5E97D6F7C202E9C9499C3AE57E33855C2CC3A8F73B578DB482F47026C756F1FAA411A2CC58B5E53CE23CD24229834
Malicious:false
Reputation:low
Preview:{"ChannelStates":[{"ChannelType":0,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":1209600},{"ChannelType":1,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":0},{"ChannelType":2,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":0},{"ChannelType":3,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":3600},{"ChannelType":4,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":10800},{"ChannelType":5,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":7776000},{"ChannelType":6,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":1800},{"ChannelType":7,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":0},{"ChannelType":8,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":1209600}]}

C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.Settings.json

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:JSON data
Category:dropped
Size (bytes):87
Entropy (8bit):4.576828956814449
Encrypted:false
SSDEEP:
MD5:E4E83F8123E9740B8AA3C3DFA77C1C04
SHA1:5281EAE96EFDE7B0E16A1D977F005F0D3BD7AAD0
SHA-256:6034F27B0823B2A6A76FE296E851939FD05324D0AF9D55F249C79AF118B0EB31
SHA-512:BD6B33FD2BBCE4A46991BC0D877695D16F7E60B1959A0DEFC79B627E569E5C6CAC7B4AD4E3E1D8389A08584602A51CF84D44CF247F03BEB95F7D307FBBA12BB9
Malicious:false
Reputation:low
Preview:{"ShouldFloodgateTakePrecedenceOverRateAndReview":false,"AreRatingSurveysEnabled":true}

C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.SurveyHistoryStats.json

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:JSON data
Category:dropped
Size (bytes):14
Entropy (8bit):3.378783493486176
Encrypted:false
SSDEEP:
MD5:6CA4960355E4951C72AA5F6364E459D5
SHA1:2FD90B4EC32804DFF7A41B6E63C8B0A40B592113
SHA-256:88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3
SHA-512:8544CD778717788B7484FAF2001F463320A357DB63CB72715C1395EF19D32EEC4278BAB07F15DE3F4FED6AF7E4F96C41908A0C45BE94D5CDD8121877ECCF310D
Malicious:false
Reputation:low
Preview:{"Surveys":{}}

C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\1380790193167760279.C4

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BB7DF04E1B0A2570657527A7E108AE23
SHA1:5188431849B4613152FD7BDBA6A3FF0A4FD6424B
SHA-256:C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479
SHA-512:768007E06B0CD9E62D50F458B9435C6DDA0A6D272F0B15550F97C478394B743331C3A9C9236E09AB5B9CB3B423B2320A5D66EB3C7068DB9EA37891CA40E47012
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:data
Category:dropped
Size (bytes):137
Entropy (8bit):5.453658199260318
Encrypted:false
SSDEEP:
MD5:EC5B798A0F1284D5153AD0E141AF2EBA
SHA1:C634D99373338982F1D8909940CF16AD9390952A
SHA-256:96C41538CE45A3001BE273DA8AC0CE9E42F0A010FB31B70C64876F016972CC48
SHA-512:2E3E04D3CC3DF8A83234C826A9079268BF8BB50080D327A3D991A82520CC7DA11EF5B268AA058301801C048378D5D16528E5AFCD893C8C49521688A7BD9F1F28
Malicious:false
Reputation:low
Preview:S..Frn.....}..Y..t..........Yfile:///C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\..2093054..csv..d.

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\EFFF9E7A-3801-4025-A2ED-8E09A3E66DDC

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):162209
Entropy (8bit):5.344618296238684
Encrypted:false
SSDEEP:
MD5:90FDEC319EB8F2EB28108811107745BA
SHA1:D9DAC9A38FE47997643DBA2C259C72C7F813820E
SHA-256:96E68F8DD3954187C0128403F9D1E67FA10E45160312F41138B550E19863A91D
SHA-512:99E11B3FF905E0CAF0C687839B0E37F9E82F50A3F3C5E61A2D334702426B09917FC093203C9F6209C71BB7716E55C062B80374787DF1F525E5B039D5FDD74B1D
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-10-10T14:16:49">.. Build: 16.0.16925.30529-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.03556172285978935
Encrypted:false
SSDEEP:
MD5:8E8C1D31D83C10EC25F3B2744FC7FE8F
SHA1:0D6FE7E43892238B2B96B8B213E8F11B7F8E40CC
SHA-256:5D8DC5C5CDB37A72DC9F86B52091FFD7E2F3C6CE2653152B59D34299A799EA94
SHA-512:4D2FC9948315EB04F22C70B40591A7F88C00C353004B0881841DB68A0B49A4C9DEBDDB4012A191888DF835AB28FE141BCC92F361CB8B809F1BBA0D07B9E0CBC4
Malicious:false
Reputation:low
Preview:..-......................c.....b.c{.*4..WdF....-......................c.....b.c{.*4..WdF..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:SQLite Write-Ahead Log, version 3007000
Category:dropped
Size (bytes):4152
Entropy (8bit):1.3867794370564404
Encrypted:false
SSDEEP:
MD5:88FE0137D5C11C5C8A949C2C496EB4B6
SHA1:0B2D10462594637FFC8B39D6F64A807202B261E9
SHA-256:7BA13D8B1DCB8549C3D085F9A8C20676E85AC252B4F4365E0DAB5E671A762D57
SHA-512:3DE0CECC418CE8FF9A7079D723C022DFB91D5E335AFE3BF66904C9DC261E3AB62A901058D32F12B61381C038F83C376C88A65210D39F809ED63C871C4D8BE8D3
Malicious:false
Reputation:low
Preview:7....-...........b.c{.*48.e.$.2..........b.c{.*4..c...SQLite format 3......@ .......................................................................... ..........#.....g............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
Category:dropped
Size (bytes):4096
Entropy (8bit):0.09216609452072291
Encrypted:false
SSDEEP:
MD5:F138A66469C10D5761C6CBB36F2163C3
SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
Malicious:false
Reputation:low
Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):4616
Entropy (8bit):0.1370048545379396
Encrypted:false
SSDEEP:
MD5:8874C412A5D5C2BFB1D5C16682351D02
SHA1:A7B4AE6796798C713B55A04EB2F14A1C9A1EEF29
SHA-256:8124F089F23D932FD9FA6654788D5765D142A3782BE1755586FBDACA28FF1196
SHA-512:402E56799C17C1FCABB9A76F15D01E1CF44A3C9C3FDED6EA6EC25A7226AD12B2938B0E5FB77049203A8E0FB9A9B72746C4F0F54166078F2F46BA8521873C584A
Malicious:false
Reputation:low
Preview:.... .c.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.04470641479249482
Encrypted:false
SSDEEP:
MD5:2F7F68C433D11E81E379DEE1FB296F5F
SHA1:BDE4430FF38AA02D6F8C03C28A3C6FA63B910D1D
SHA-256:5C0C18C94F71A448DDB4868BE38A8B642017166C81AD222ED5E97A4AD79AFF51
SHA-512:4103E55263CBD94DD6EBE54703EB9C3A1D585AD6B52435723E8E1AD432C0952218BE117CA42C29AAFC0E71A58FA5A478ADEECB2FCA9689C5450A3AE8DB22AE55
Malicious:false
Reputation:low
Preview:..-.....................N...<..D.p...f.u.O.f%.z..-.....................N...<..D.p...f.u.O.f%.z........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Write-Ahead Log, version 3007000
Category:dropped
Size (bytes):45352
Entropy (8bit):0.3947478726456417
Encrypted:false
SSDEEP:
MD5:0DE0B7B64537ECED6689E55011DF8378
SHA1:63A1314D0A3CD5C90D458844B75FD98E12C18761
SHA-256:2B18AC5CB09C388C0EA063F5D7A9B1035A180307C0D87C52788ACF9840C30EB7
SHA-512:A6A4910C3FCE67F5402F636CBA8F1E09D3D010FAEFF8CD80F2F2616743D1C1C402A67553DE32BF22F60F8AFB030BDBC9E1205F34EDD2F04CE1CE1080E9DADEE0
Malicious:false
Reputation:low
Preview:7....-...........p...f..s.............p...f.....".SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\2093054 (002).csv

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:CSV text
Category:dropped
Size (bytes):15567
Entropy (8bit):5.140936656178684
Encrypted:false
SSDEEP:
MD5:9673711EC03202901407C3049B0E0B39
SHA1:0D28807B4BAA4D97FDA044299F4B3E06D9ED2E4F
SHA-256:F63532DBC444ED695BF7E2667334A5C93B73E3891189F1265B7A71F00895D8DE
SHA-512:6C8F682CD530A0EE528847040CE597D7F557BB4C620F2B8BC717DCB2EB3E0C96C0281F77C736A4B463C976D961945921526B6A6B1F09199E9A3BA73031D80764
Malicious:false
Reputation:low
Preview:Account_Number,Legacy_Account_Number,ACCOUNT_NAME,Transaction_Date,Service_Account_Number,Service_Customer,Service,Transaction_Type,Internal_Reference_Number,Line_No,IB_Number,Connection_Number,Customer_Point_Code,OPC_CLLI,OPC_LATA,Destination_Point_Code,DPC_CLLI,DPC_LATA,Order_Number,Service_Install_Date,Switch_Owner,Transmit_Rate,Address,Carrier_Circuit_ID,CIC_Code,Usage_Count,Rate,Amount..ACCT_00001713,236301,"PLATEAU TELECOMMUNICATIONS, INC.",09/01/2023 - 09/30/2023,242869,"PLATEAU TELECOM - CLOVIS, NM",Trunk Signaling,TSIMM:TRUNK SIGNALING - ON NET,2093054,5,,D411889,'005048175,CLVSNMXCDS1,664,'002212003,CLVSNMXCH00,666,1100203598,2010-05-31,ENMR TELEPHONE COOPERATIVE,,,,,1,0,0..ACCT_00001713,236301,"PLATEAU TELECOMMUNICATIONS, INC.",9/30/2023,242869,"PLATEAU TELECOM - CLOVIS, NM",Regulatory Cost Recovery Fee,S7ISO:SIGNAL TRANSPORT - QWEST,2093054,43,,005048175:S7ISO,,,,,,,,2006-11-01,,,,,,2505,0.000024,0.06..ACCT_00001713,236301,"PLATEAU TELECOMMUNICATIONS, INC.",09/01/2023 - 09/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\2093054 (002).csv:Zone.Identifier (copy)

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:CSV text
Category:dropped
Size (bytes):15567
Entropy (8bit):5.140936656178684
Encrypted:false
SSDEEP:
MD5:9673711EC03202901407C3049B0E0B39
SHA1:0D28807B4BAA4D97FDA044299F4B3E06D9ED2E4F
SHA-256:F63532DBC444ED695BF7E2667334A5C93B73E3891189F1265B7A71F00895D8DE
SHA-512:6C8F682CD530A0EE528847040CE597D7F557BB4C620F2B8BC717DCB2EB3E0C96C0281F77C736A4B463C976D961945921526B6A6B1F09199E9A3BA73031D80764
Malicious:false
Reputation:low
Preview:Account_Number,Legacy_Account_Number,ACCOUNT_NAME,Transaction_Date,Service_Account_Number,Service_Customer,Service,Transaction_Type,Internal_Reference_Number,Line_No,IB_Number,Connection_Number,Customer_Point_Code,OPC_CLLI,OPC_LATA,Destination_Point_Code,DPC_CLLI,DPC_LATA,Order_Number,Service_Install_Date,Switch_Owner,Transmit_Rate,Address,Carrier_Circuit_ID,CIC_Code,Usage_Count,Rate,Amount..ACCT_00001713,236301,"PLATEAU TELECOMMUNICATIONS, INC.",09/01/2023 - 09/30/2023,242869,"PLATEAU TELECOM - CLOVIS, NM",Trunk Signaling,TSIMM:TRUNK SIGNALING - ON NET,2093054,5,,D411889,'005048175,CLVSNMXCDS1,664,'002212003,CLVSNMXCH00,666,1100203598,2010-05-31,ENMR TELEPHONE COOPERATIVE,,,,,1,0,0..ACCT_00001713,236301,"PLATEAU TELECOMMUNICATIONS, INC.",9/30/2023,242869,"PLATEAU TELECOM - CLOVIS, NM",Regulatory Cost Recovery Fee,S7ISO:SIGNAL TRANSPORT - QWEST,2093054,43,,005048175:S7ISO,,,,,,,,2006-11-01,,,,,,2505,0.000024,0.06..ACCT_00001713,236301,"PLATEAU TELECOMMUNICATIONS, INC.",09/01/2023 - 09/

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\PLATEAU TELECOMMUNICATIONS INC. C01_202308699 2023-10-10 (002).pdf:Zone.Identifier

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with CRLF line terminators
Category:modified
Size (bytes):26
Entropy (8bit):3.95006375643621
Encrypted:false
SSDEEP:
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:false
Reputation:low
Preview:[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\JPMXDC58\PLATEAU TELECOMMUNICATIONS INC. C01_202308699 2023-10-10.pdf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:PDF document, version 1.4, 2 pages (zip deflate encoded)
Category:dropped
Size (bytes):35492
Entropy (8bit):7.956205110543364
Encrypted:false
SSDEEP:
MD5:7D7222991491C81BBAD3A32392483381
SHA1:B24B27CBAE9C42B0D08F31DB8656C5CA93DCF541
SHA-256:98F54A2E79BEE67A5933C32C44375EF4FE48DC4206C82D4ECD26007DC9611683
SHA-512:D197870636FF3B31239B19276C5D5356A998167437BC0EA605F0703CAB879587F89D8443F102B9649D947538369A2366807250A5AC0C115BE90EAA65AA78ABAD
Malicious:false
Reputation:low
Preview:%PDF-1.4.%.....2 0 obj.<</Filter/FlateDecode/Length 2713>>stream.x..[[o...&...zi..iv..C...x.$.TG..wS......L{..R".I..{....rFT7......9sn3.O.W.4$.t/[...Q.S.'$....>0.&d...Z.....'Z..&.~8.).$..\{7.Odz.....u~.......<G.....').^.eLMLLL.B.y..M.Ew..o..?...|.e4.@:..s...n..a.n..b..a6.0._^....n.....s...9#...d4. ..D0......j.EK.I9.]P7.|.. .&...o.\.H....(.M.(..T.....GG...]V..lq8....&...0..1...d.jAdJY.......P...,FWs..y*EJ.ZN2..b~..d..'h......'..(.9:..F{..#w..$.I.....h..O.....1.{........;....'.X.P.........M..X.8'@..yp9..S...\...!.{...p..ZT......#>....y..~$..>s......8..kP.-&.QT;..d...0=.&.-.]..|..ea..S......hH..a..\R.e.\....... 0.j.....?...?N.>...iot.FKh...r.8...|.L..........p.J./_.P..eq..V......32h1.4.2{|.7D..r...2.g....K.w.6H.A5.V....._0*h.4......0..gC...z..B.rM...%I.T1#...ZJ*..T..!.Td..9b.rE.^o K.."...IOF[.3.V./.W....w./.#.1.I".).......4../MM)`.pf...d..l.z.......... '4..=...b....9....."R ...r...`....C...J.o..P.:.....@%kr..C.p.7.X..f.U.*...0aLq.y.l..:Q4.A..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{7069C48A-4327-468B-ACAB-1FF8152D110A}.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):1604
Entropy (8bit):1.3383304950652501
Encrypted:false
SSDEEP:
MD5:84E4DAB41CCEB873647E6751B8FC01C9
SHA1:92159E82D69FB59E3F0E786583BF98242132BED3
SHA-256:6CA3898F2F7CE1221BB2ACCA375BF46BC6D4933DB158D07A0A2587F6CE9BDB4E
SHA-512:D83E11769997EEFBC3FA2C4E4EEB54C93E1504AA3F5CDD8753453DFD046EB65266D398AB727F76298D208D42CE900FFF82D6EFEF2C8E03A6EB30511CD74EE8F3
Malicious:false
Reputation:low
Preview:......S.o.m.e. .p.e.o.p.l.e. .w.h.o. .r.e.c.e.i.v.e.d. .t.h.i.s. .m.e.s.s.a.g.e. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .t.n.s.i.@.m.y.w.o.r.k.d.a.y...c.o.m... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6CBCD875-4312-41AA-B061-CE575F5BB9E2

Download File
Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):159071
Entropy (8bit):5.347920084322511
Encrypted:false
SSDEEP:
MD5:0A73D9201BF36DB78FC606A247773780
SHA1:92F2CB77F2C9BA19B74DBF5D26DBE00E1379478E
SHA-256:70E0EA42C7F70F1C68C95FC341B08FBE68CD7F6E2A8373C7504C1CE15677154D
SHA-512:DB1B10F3198B160EF06FC4C23D3564D4188908ED82565308146E151EB9BFA9479D5C2CF7258CD3A501397B59479CEEB946BCE8930359F92D3E77F1D3FF080E77
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-10-10T14:18:03">.. Build: 16.0.16925.30529-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl

Download File
Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.20601244128698862
Encrypted:false
SSDEEP:
MD5:F6BF469086C8933549EE470EFE9CB0A7
SHA1:F6E057B8BC4AD3F69E7BF9557AD1BD637C258BE5
SHA-256:07B7BDF48A1969A35D1DC8EA01B233A0A204C591A961BB394C6221E84A225724
SHA-512:F361D4E796928594E7AA57A66B14343943C65F021E3A7A513261FF950355ACB5920DF859DE6A54A55AC46389B604EF30701C963EB06F2252AEE11295252AFD6D
Malicious:false
Reputation:low
Preview:............................................................................b.......@...1......................eJ..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...............................................................).........................H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g.g.e.r...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g...e.t.l.............P.P.....@....-.....................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog_Old.etl (copy)

Download File
Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.20601244128698862
Encrypted:false
SSDEEP:
MD5:F6BF469086C8933549EE470EFE9CB0A7
SHA1:F6E057B8BC4AD3F69E7BF9557AD1BD637C258BE5
SHA-256:07B7BDF48A1969A35D1DC8EA01B233A0A204C591A961BB394C6221E84A225724
SHA-512:F361D4E796928594E7AA57A66B14343943C65F021E3A7A513261FF950355ACB5920DF859DE6A54A55AC46389B604EF30701C963EB06F2252AEE11295252AFD6D
Malicious:false
Reputation:low
Preview:............................................................................b.......@...1......................eJ..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...............................................................).........................H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g.g.e.r...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g...e.t.l.............P.P.....@....-.....................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl

Download File
Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
File Type:data
Category:dropped
Size (bytes):65536
Entropy (8bit):0.11940239676635044
Encrypted:false
SSDEEP:
MD5:9E2EFA8A22E3E50A308671B1AD2B61F0
SHA1:C2AD164D345D503C06D867C81BBBD2C25D73BD91
SHA-256:ADD4C83B782E744517B3E9F8FF75B578341C68BB92CCBF501AC979C404F9047C
SHA-512:7D1A651751CEAE5A65DF842A669C0E637C5AEFF5AB4312A6473B77945F9600C998DA8555B884C46D586BCE410FF2BC887429B35D1BBE178B1CE1A36B3A98D39D
Malicious:false
Reputation:low
Preview:............................................................................@............,@.....M...............eJ..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...............................................................)............[..............H.x.M.A.l.w.a.y.s.O.n.L.o.g...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.m.A.l.w.a.y.s.O.n.L.o.g...e.t.l.......P.P........./hA.....M.......................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog_Old.etl (copy)

Download File
Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
File Type:data
Category:dropped
Size (bytes):65536
Entropy (8bit):0.11940239676635044
Encrypted:false
SSDEEP:
MD5:9E2EFA8A22E3E50A308671B1AD2B61F0
SHA1:C2AD164D345D503C06D867C81BBBD2C25D73BD91
SHA-256:ADD4C83B782E744517B3E9F8FF75B578341C68BB92CCBF501AC979C404F9047C
SHA-512:7D1A651751CEAE5A65DF842A669C0E637C5AEFF5AB4312A6473B77945F9600C998DA8555B884C46D586BCE410FF2BC887429B35D1BBE178B1CE1A36B3A98D39D
Malicious:false
Reputation:low
Preview:............................................................................@............,@.....M...............eJ..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...............................................................)............[..............H.x.M.A.l.w.a.y.s.O.n.L.o.g...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.m.A.l.w.a.y.s.O.n.L.o.g...e.t.l.......P.P........./hA.....M.......................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696947439284295500_51442EDA-3E1B-4A2E-8943-F119E667946F.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:ASCII text, with very long lines (28286), with CRLF line terminators
Category:dropped
Size (bytes):247762
Entropy (8bit):5.027474654291168
Encrypted:false
SSDEEP:
MD5:0AE1135937B3AFB09109B998B90FED3B
SHA1:30840DA978C4900EB4FC908DF4290FAF942CE5C7
SHA-256:56DB9B6E03DECE96245E3619C578EDFD915EFFE9F587ADBDE6850A7A4F886C46
SHA-512:E160AC6809733737026B5E2D7FF514FCA9F6F7FD1C9BC9CCED9F153B17C340AC66C354C7480C6D16AAB06FA1DA5E4E369553F68353C1F1D60CA1B0C9C3A05772
Malicious:false
Reputation:low
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/10/2023 14:17:19.286.EXCEL (0x1760).0x644.Microsoft Excel.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Experimentation.FeatureQueryBatched","Flags":33777005812056321,"InternalSequenceNumber":14,"Time":"2023-10-10T14:17:19.286Z","Data.Sequence":0,"Data.Count":128,"Data.Features":"[ { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.TrackCPSWrites\", \"V\" : false, \"S\" : 1, \"P\" : 0, \"T\" : \"2023-10-10T14:17:19.0314574Z\", \"C\" : \"33\", \"Q\" : 6.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Telemetry.CPSMaxWrites\", \"V\" : 2, \"S\" : 1, \"P\" : 0, \"T\" : \"2023-10-10T14:17:19.0314574Z\", \"C\" : \"33\", \"Q\" : 13.0, \"M\" : 0, \"F\" : 5 }, { \"ID\" : 1, \"N\" : \"Microsoft.Office.Word.UAEOnSafeModeEnabled\", \"V\" : true, \"S\" : 1, \"P\" : 0, \"T\" : \"2023-10-10T14:17:19.0314574Z\", \"C\" : \"\", \"Q\" : 2.0, \"M\" : 0, \"F\" : 5, \"G\" : \"Opt\" }, { \"ID\" : 1, \"

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1696947406766928400_FE4A881F-A8D3-42D2-BF8D-5A4927B8BD47.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (831), with CRLF line terminators
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.010988607373468488
Encrypted:false
SSDEEP:
MD5:0879D680F00C2899CB20A7404B2C0591
SHA1:99ABDBE7E0478C59F8077498ECEAC9E2EE3CCAF3
SHA-256:287AEDBBE61ABB5F64989064EE71CBC7D3666128CDB37F689722422BE90568F5
SHA-512:A2F44576B236FA003A636E21BA3BC9BBA9CC9FADAF9C5BB2BD5A28CCC46F17F2FEB68E0FA6118F7C0088E53C3E194EEF8CAFD49AF21043F9DCCA4F5408F2916A
Malicious:false
Reputation:low
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/10/2023 14:16:46.859.OUTLOOK (0x1720).0x14AC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2023-10-10T14:16:46.859Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"A9C9A11F-9E5B-4E89-B894-7CF70EA9997D","Data.PreviousSessionInitTime":"2023-10-10T14:16:33.569Z","Data.PreviousSessionUninitTime":"2023-10-10T14:16:36.397Z","Data.SessionFlags":4,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/10/2023 14:16:46.907.OUTLOOK (0x1720).0x1AB0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,"Time":"

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1696947406768845700_FE4A881F-A8D3-42D2-BF8D-5A4927B8BD47.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI5f409.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.504899586627176
Encrypted:false
SSDEEP:
MD5:9693F9994B567CCF60EE07AE3B81E0E6
SHA1:86265AEF3526C483D8DF5045ECF3F6955FE5B285
SHA-256:F15C1CBB213872BE27070862DFF87E48C62193AD00206611CF7142D09BB013DB
SHA-512:CD7B7CC1B9F5B226CAD004C7ACA261E6D65EFC00494D6A9E0CF12F157AB1DA884C48DEF724019A670AA86A3E3B6B979C980A1963C68B73D4E258968051896E58
Malicious:false
Reputation:low
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.0./.1.0./.2.0.2.3. . .1.6.:.1.7.:.1.4. .=.=.=.....

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20231010T1616460398-5920.etl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:modified
Size (bytes):135168
Entropy (8bit):4.701771253900813
Encrypted:false
SSDEEP:
MD5:2758132F9100052CE6F7F9FCDDAF08FF
SHA1:729638DD7367F42777ACE0061450BA6580050FD4
SHA-256:7A62318DAEE27BDA7CFE6A36BECE0F59A79096DB0EA9505DB88AA979758E4B01
SHA-512:CFD2F7403FE2F7E1C5E130607238AD2A5FD079050A73F8588FB567591FAE8CD010FD604C06AF3954FBDC277F7B8A67E9C6E3641778A1661D39ABE646D0444962
Malicious:false
Reputation:low
Preview:............................................................................`....... ....m.f....................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...............................................................)............m.f............v.2._.O.U.T.L.O.O.K.:.1.7.2.0.:.6.d.6.c.a.1.b.1.0.6.c.2.4.4.1.4.a.1.4.4.e.c.9.5.e.a.1.4.7.0.f.3...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.3.1.0.1.0.T.1.6.1.6.4.6.0.3.9.8.-.5.9.2.0...e.t.l.......P.P..... ......f............................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A911i9btc_1krrt2l_1lc.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PDF document, version 1.6, 0 pages
Category:dropped
Size (bytes):358
Entropy (8bit):5.014518884413296
Encrypted:false
SSDEEP:
MD5:B5252594A7633A636512AD5A67F20481
SHA1:E796066755972AA85890ED51F581FA5A251E3280
SHA-256:5764EDBB9A76DB3DBE01BBD0BF5D00DE19701C9426DDAA67B36C5FB33D03C18D
SHA-512:D212AE5C2F673D099AD8720E977E65AB02CDAD66DE516B220E11ECB102B776A37C33FADABE54C9031658CF4A3FA55A402DCD56CD663511281A3BF82854DF76C9
Malicious:false
Reputation:low
Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<B0A0BD19A7017F49B689A200358B71ED><B0A0BD19A7017F49B689A200358B71ED>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91mx352q_1577liq_2pw.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PDF document, version 1.6, 0 pages
Category:dropped
Size (bytes):358
Entropy (8bit):5.03470624811194
Encrypted:false
SSDEEP:
MD5:569816D700A0195C6156EBBAB8CED6A8
SHA1:718FB5BD9F911D0248A63C48ABE107243D9D9500
SHA-256:460590784EF3A2D404A637B0A4652D4D9B254AC9547E22BA76F8046806591B51
SHA-512:55D1C2100E371F941890471491C3EA0E3CC002D9535AF84BFC177DE294963E7D78A95626B75B7EF8101FB43C1498C6FD82ABE1351B2EF648CF402E2FA0285409
Malicious:false
Reputation:low
Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<FAC831137E5E4042B64357BB17E750BD><FAC831137E5E4042B64357BB17E750BD>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-10 16-17-08-675.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.353642815103214
Encrypted:false
SSDEEP:
MD5:91F06491552FC977E9E8AF47786EE7C1
SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:false
Reputation:low
Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-10 16-18-23-532.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16529
Entropy (8bit):5.325160591530016
Encrypted:false
SSDEEP:
MD5:B0BEC8A4A7CA3AC9B7646E4F2E757E50
SHA1:1C4E5E4D26400B41B34FFB37D75C8E9964465150
SHA-256:5B98A0421EE63DAAFAE0F1F4BD4495F2F705F6CD54C6E819A3293171D1B0EF25
SHA-512:86645FF974148B8967B2F9CD7C9AA46FC85B427170C904BF339C1B2C35A0CC1E2DD473F432EA3ED418B04364BF67CA9C94D64538A88CE6C9D934A2D6BE475379
Malicious:false
Reputation:low
Preview:SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:687+0200 ThreadID=7140 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:688+0200 ThreadID=7140 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:688+0200 ThreadID=7140 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:688+0200 ThreadID=7140 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:688+0200 ThreadID=7140 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):16603
Entropy (8bit):5.342650039175598
Encrypted:false
SSDEEP:
MD5:1987E13761840FCB6C00C6B89F7994EE
SHA1:59F4432C2C82C0FDC6B75E897E55D06D2DD2461C
SHA-256:C2BB94CC5B6F6DF7CB84E264ED65CDD84EE6C1772FB733CD21F828B181DC4ABA
SHA-512:79905F206E9F806CEDDA52E265DE617427E3EF9A544ED549F555116DAA818868E7B21C35860BA21DC9E6AE32E8F4DBA981F3A1A393E699D789EBC725CA68478D
Malicious:false
Reputation:low
Preview:SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:687+0200 ThreadID=7140 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:688+0200 ThreadID=7140 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:688+0200 ThreadID=7140 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:688+0200 ThreadID=7140 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=6a399d18-74f7-4ea0-af11-a2813fc6ee3a.1696947428687 Timestamp=2023-10-10T16:17:08:688+0200 ThreadID=7140 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29845
Entropy (8bit):5.414417578191669
Encrypted:false
SSDEEP:
MD5:E00359174401B93FB1F227AC345F99B0
SHA1:C8ABCA2D25B79B4D0D88C2319724E71A22C66F04
SHA-256:D52448F155625CD088F6E11BA58F4508A5D1A01717F131FA75710512F19AD454
SHA-512:9CE5555AACE21438BA288B5773164375DA2088D222D59AF86997D904158F785CE481BC130E4FF85FEDAC04AC0A4E0B3F5B64AAE836EE3614A6E277ECB46BC1DB
Malicious:false
Reputation:low
Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\21485f3c-a309-4792-9f13-796f2c4ee04e.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Reputation:low
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\2b91c0b8-cbed-427e-8a28-c44ceb626549.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:
MD5:716C2C392DCD15C95BBD760EEBABFCD0
SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:false
Reputation:low
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\59ab3f9c-a14a-4e3f-a2b2-72b98c924433.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):684206
Entropy (8bit):7.978753154520273
Encrypted:false
SSDEEP:
MD5:C330C69C35D254FFE33CF6AA010E50A5
SHA1:B0AD6C6A6C09A07D217216DB2969D28523033E46
SHA-256:0495D836DE06D4274218E99AE60BDCD04DF28C267686ED0A1CD1A95B99A00C27
SHA-512:5F84AE982C96654CA80519DCAE63A3E1C56C8BC303942C822A2FDE712C63BE1C1495C99AB5F254AF896A8935ACEEB9EF5A3F41CC466B0CB53251977C9F6BB946
Malicious:false
Reputation:low
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\b8eb7f93-29d1-4eaf-8d25-66ede7515376.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Reputation:low
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:modified
Size (bytes):538835
Entropy (8bit):5.985492588139089
Encrypted:false
SSDEEP:
MD5:73F4F86A7C4E25432E0114DA056BF03A
SHA1:26390B8C1ED97345F86FBDAC997F0B5E5AE2C165
SHA-256:F7CFCE08530811B742935FB81C4A977D8F20B4B776EE8C905D61EA9DF2031F29
SHA-512:9678984F5E216DF97CC5D98D0DDFDD26561FBE8CCC2990A6A444C8A47AD5F1E11B452F9E9CE157316DC675E44CC2DC685F23872DDCE7FCF2B884B1FCD10A28A2
Malicious:false
Reputation:low
Preview:RNWPREP...A..<.l.........8......X....tL..G..p...9.cz.i1q......5_@...P.Q.....uY|x8.......$S.,..`......L`.....$S...`VY.....L`.....M.Rb.................c.@........... ....Qb..z.....ii..`......D..Qb*..(....Nd..`0....D..Qb:.......ev..`.....D..QbF.......ib..`......QbJ.......Kc..`F....D.....`......QbZ.q.....wh..`4....D..Qbr.......Bv..`T.....Qbr.?.....gA..`t....D..Qb...F....Or..`X.....Qb.@......Nk..`.....D..Qb..{R....Cm..`Z....D..Qb..qa....zA..`.....D..Qb.@$.....Wh..`x....D..Qb...?....fl..`.....D..Qb........so..`.....D..Qb.......Uo..`......Qb.@.....BS..`.....D..Qb.......BA..`h.....Qb..]V....d1..`f....D..Qb...U....Bs..`"....D..Qb.A.7....E_..`n....D..Qb".......yv..`0....D..Qb..M.....pr..`.....D..QbB..a....zu..`.....D..QbN../....Sg..`......QbR.-.....Xm..`.....D..QbN._.....IA..`......Qb^..`....Is..`:.....Qbb..?....fm..`L.....QbbA.....F_..`.....D..Qbr.......yr..`N.....Qbr../....Sr..`......Qbz..H....L_..`......Qbr.n.....wS..`.....D..Qb..R.....Ht..`.....D..Qb.A......kl..`......Qb...C....Zd..`0.

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):30
Entropy (8bit):1.2389205950315936
Encrypted:false
SSDEEP:
MD5:6ADB379339757340D06029A4CA376F6A
SHA1:8046E47A99D30644AFDE78D284C1B725C764D99A
SHA-256:5CEC0B69E107FF3F39613D51C031BBE7AA54CF90E30671C708C2EFD56E3B7A6C
SHA-512:595DC7CA80FA8F6991A32EC01C3B6D33A5B562EFB288D01A7326136A1039D6B0567FE77DE6E31CABB533C14D3F5DB7EA62997D1EDD044694D53A1B35F096E3F5
Malicious:false
Reputation:low
Preview:..............................

C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):16384
Entropy (8bit):0.6712284520478311
Encrypted:false
SSDEEP:
MD5:FE209ABB1EF8B6819074F5F86783B07C
SHA1:81A985BFA34813F52B063BFFFBFF8C4D43D38699
SHA-256:D0F2BB43FFB643B76870C9B9A7F4DF8F8444EFC8EF061F818E6162E1B8106A29
SHA-512:2E0521D607208BCEBFBC5B75FBB0A4A82899E094721792226AC1B200C6E02F9BC8114833623F9C8B0A469588E73FEEC7153D332D225527A8F3455A1619A83DE9
Malicious:false
Reputation:low
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9ACDPPJEXUD0UWA1BDQT.temp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:data
Category:modified
Size (bytes):12
Entropy (8bit):0.41381685030363374
Encrypted:false
SSDEEP:
MD5:E4A1661C2C886EBB688DEC494532431C
SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
Malicious:false
Reputation:low
Preview:............

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms (copy)

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
File Type:data
Category:dropped
Size (bytes):12
Entropy (8bit):0.41381685030363374
Encrypted:false
SSDEEP:
MD5:E4A1661C2C886EBB688DEC494532431C
SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
Malicious:false
Reputation:low
Preview:............

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Outlook email folder (>=2003)
Category:dropped
Size (bytes):271360
Entropy (8bit):4.279105389334776
Encrypted:false
SSDEEP:
MD5:F3CB593DB112F2A2A086DFEC4C375083
SHA1:014A20CD1E9E03E3DA428AB6DA6D7D470D94B883
SHA-256:057547200B981A0AC1ED111605C90DD83E7C096C638B08EF1C5B8134AC10D2F4
SHA-512:D55BCD575C6A956151B3E9008A0769AC6F70A93321E226D53137E087A63E7C332E5DC469D9644440B2DD49CF7A0C389EE70AC44F89385E246157E511FB5DF685
Malicious:false
Reputation:low
Preview:!BDNm.r.SM......\.......................m................@...........@...@...................................@...........................................................................$.......D......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):5.892748794278284
Encrypted:false
SSDEEP:
MD5:109B9496DC1FE1F2B84D50016379A7B6
SHA1:00A7E220E593FCDEB48C28DE053DBF587FE4DAC4
SHA-256:057C397CA9F0E80526E0478626D5BC2BF03B01002A9487A6AF599C550CEDF305
SHA-512:8754AE8D4020F62420BAA61D27CDB07860AAEE374A122EC532D9EC63E153DE3F8C89881ED1A27CD93597DED6450C4E7C6CC4E8F2C81C9DFCF00D914985A32145
Malicious:false
Reputation:low
Preview:.=..C...z....... ......f......................#.!BDNm.r.SM......\.......................m................@...........@...@...................................@...........................................................................$.......D.....................................................................................................................................................................................................................................................................................................................................................f......................#............................ .S............................ .S............................ .S........................."... .S............................. .S............................. .S.........H................... .S."......................."... .S.-........................... .S............................. .S./........................... .S.B.......(..............."... .S.M.......

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):454233
Entropy (8bit):5.3561673401918
Encrypted:false
SSDEEP:
MD5:7012E4340BC8ECBC180083C71DE6D36A
SHA1:535867558BDDBAA98C369098B80BF089F8E47E9F
SHA-256:6568A3CC37EA6ECFA055702FB48AF07CEE6A024464D373920FFFEC4F505773FF
SHA-512:7A6ADCF36E46BF88ADB59009D0129969265D295C693E01108746B83359E2E3559A17350C45CBFF6906C97928892FB92D175A33230EB950725A72BED9D8D1E552
Malicious:false
Reputation:low
Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

Static File Info

General

File type:RFC 822 mail, ASCII text, with very long lines (1945), with CRLF line terminators
Entropy (8bit):6.168532783352778
TrID:
  • E-Mail message (Var. 5) (54515/1) 100.00%
File name:phish_alert_sp2_2.0.0.0.eml
File size:77'842 bytes
MD5:e32a833191ac4faaf81adbdeb439a1c1
SHA1:cb18288f68b042d5f50d7a09b69d56c7ad7a442d
SHA256:eb6bf4ac4d39c65a6820572b5c7db90c2060ac443d010994c2a124391e2194cf
SHA512:29d8f0dd0e73a0464613510c69cfe7fbaec121336b56b967166763bc71ed3a0e8cf474463efecd2ae574c5489ae448839da854fd401a1bd9735928e144a1e34f
SSDEEP:1536:STWrw524/9prUV106SKVaa7NH+pv7j7ZnuvGjHtR4KmxN160UfI6bxh2ydk6I4Th:STWrw524/9prUV106SKVaa7NH+pv7j7H
TLSH:99739D139D5D4385F2C89F4AD5FEBD006AE07CCF5EB26284BEB861B0D3255091633A97
File Content Preview:Received: from MW3PR15MB3756.namprd15.prod.outlook.com.. (2603:10b6:303:47::12) by BY3PR15MB4882.namprd15.prod.outlook.com with.. HTTPS; Tue, 10 Oct 2023 14:03:09 +0000..Received: from BN9PR03CA0768.namprd03.prod.outlook.com.. (2603:10b6:408:13a::23) by M

Static Mail

General

Subject:Invoice Attached - Invoice Number C01_202308699
From:Workday Notification <tnsi@myworkday.com>
To:Accounts Payable <AccountsPayable@plateautel.com>, Alan Herman <alanh@plateautel.com>, Jason Gonzales <jgonzales@plateautel.com>, Network Engineering <NetworkEngineering@plateautel.com>
Cc:
BCC:
Date:Tue, 10 Oct 2023 07:02:50 -0700
Communications:
  • Some people who received this message don't often get email from tnsi@myworkday.com. Learn why this is importantCAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.Attached, please find a copy of your Transaction Network Services, Inc. scheduled Invoice.If you have any queries please e-mail: billingdept@tnsi.com Please do not respond to this email as it is not monitored. Thank you. This email was intended for accountspayable@plateautel.com body, table { font-family: Verdana, Arial, sans-serif; font-size: 12px; width:100%; } div { padding-top:5px; padding-bottom:5px; } img { border:0px; } Some people who received this message don't often get email from tnsi@myworkday.com. Learn why this is importantCAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.Attached, please find a copy of your Transaction Network Services, Inc. scheduled Invoice.If you have any queries please e-mail: billingdept@tnsi.com Please do not respond to this email as it is not monitored. Thank you. This email was intended for accountspayable@plateautel.com Some people who received this message don't often get email from tnsi@myworkday.com. Learn why this is important Some people who received this message don't often get email from tnsi@myworkday.com. Learn why this is important Some people who received this message don't often get email from tnsi@myworkday.com. Learn why this is important Some people who received this message don't often get email from tnsi@myworkday.com. Learn why this is important Some people who received this message don't often get email from tnsi@myworkday.com. Learn why this is important Learn why this is important https://aka.ms/LearnAboutSenderIdentification CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.Attached, please find a copy of your Transaction Network Services, Inc. scheduled Invoice.If you have any queries please e-mail: billingdept@tnsi.com Please do not respond to this email as it is not monitored. Thank you. This email was intended for accountspayable@plateautel.com CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. CAUTION: Attached, please find a copy of your Transaction Network Services, Inc. scheduled Invoice.If you have any queries please e-mail: billingdept@tnsi.com Please do not respond to this email as it is not monitored. Thank you. This email was intended for accountspayable@plateautel.com Attached, please find a copy of your Transaction Network Services, Inc. scheduled Invoice.If you have any queries please e-mail: billingdept@tnsi.com Please do not respond to this email as it is not monitored. Thank you. This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com This email was intended for accountspayable@plateautel.com
Attachments:
  • 2093054.csv
  • PLATEAU TELECOMMUNICATIONS, INC. C01_202308699 2023-10-10.pdf
Key Value
Receivedfrom wire-prod-x4qisrlj.prod-wire.pr501.cust.ash.wd (localhost [127.0.0.1]) by wire-prod-x4qisrlj.prod-wire.pr501.cust.ash.wd (Postfix) with ESMTP id 4BCF312194C; Tue, 10 Oct 2023 14:02:50 +0000 (UTC)
Authentication-Resultsspf=pass (sender IP is 209.177.165.161) smtp.mailfrom=myworkday.com; dkim=pass (signature was verified) header.d=myworkday.com;dmarc=pass action=none header.from=myworkday.com;compauth=pass reason=100
Received-SpfPass (protection.outlook.com: domain of myworkday.com designates 209.177.165.161 as permitted sender) receiver=protection.outlook.com; client-ip=209.177.165.161; helo=wd1-az-mail-nat.myworkday.com; pr=C
Dkim-FilterOpenDKIM Filter v2.11.0 wd1-az-mail-nat.myworkday.com 6249B78001F95
Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=myworkday.com; s=0s4jk2p1; t=1696946570; bh=OUVNui6NkZZ84YQKUXLy/pWhdgu66CSKOpfhQaHFD9A=; h=Date:From:Reply-To:To:Subject:From; b=LiJmDHEIi+Mx/83NWnlyXRVbljCAxEMAdVkFTZKFHqIQvdsQqzbRdhkb2XsuYQrtN eR3jEPGmEFsOaj9E9MWT3seHLoNGj2IuwU5N7KCYhyoUM9e0Yo0DBhOfQAK6kRTbQT XUht97Y1c3qwzc+mee0jfTX0vpNg5AQR0hQ0Thgc=
DateTue, 10 Oct 2023 07:02:50 -0700
X-Mshv 0.10.16
FromWorkday Notification <tnsi@myworkday.com>
Reply-Tonoreplybilling@tnsi.com
ToAccounts Payable <AccountsPayable@plateautel.com>, Alan Herman <alanh@plateautel.com>, Jason Gonzales <jgonzales@plateautel.com>, Network Engineering <NetworkEngineering@plateautel.com>
Message-Id <1486099840.5703905.1696946570307.JavaMail.wday@wire-prod-x4qisrlj.prod-wire.pr501.cust.ash.wd>
SubjectInvoice Attached - Invoice Number C01_202308699
MIME-Version1.0
Content-Typemultipart/mixed; boundary="----sinikael-?=_1-16969466630810.5291069849380476"
Return-Pathtnsi@myworkday.com
X-Ms-Exchange-Organization-Expirationstarttime10 Oct 2023 14:02:50.6761 (UTC)
X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
X-Ms-Exchange-Organization-Network-Message-Id 1517239c-dfcc-420f-4cfe-08dbc9999730
X-Eopattributedmessage0
X-Eoptenantattributedmessagec66eaad3-4231-4d3b-873b-e9d98588a49e:0
X-Ms-Exchange-Organization-MessagedirectionalityIncoming
X-Ms-PublictraffictypeEmail
X-Ms-Traffictypediagnostic BN8NAM04FT021:EE_|MW3PR15MB3756:EE_|BY3PR15MB4882:EE_
X-Ms-Exchange-Organization-Authsource BN8NAM04FT021.eop-NAM04.prod.protection.outlook.com
X-Ms-Exchange-Organization-AuthasAnonymous
X-Ms-Office365-Filtering-Correlation-Id 1517239c-dfcc-420f-4cfe-08dbc9999730
X-Ms-Exchange-AtpmessagepropertiesSA|SL
X-Ms-Exchange-Organization-Scl1
X-Microsoft-AntispamBCL:4;
X-Forefront-Antispam-Report CIP:209.177.165.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:wd1-az-mail-nat.myworkday.com;PTR:wd1-az-mail-nat.myworkday.com;CAT:NONE;SFTY:9.25;SFS:(13230031)(4636009)(286005)(852800001)(451199024)(7126003)(9686003)(33964004)(2013699003)(3613699003)(55016003)(86362001)(356005)(7636003)(7596003)(26005)(21480400003)(6266002)(336012)(7416002)(4001150100001)(83380400001)(7696005)(58800400005)(8676002)(1096003)(450100002);DIR:INB;SFTY:9.25;
X-Auto-Response-SuppressDR, OOF, AutoReply
X-Ms-Exchange-Crosstenant-Originalarrivaltime10 Oct 2023 14:02:50.6292 (UTC)
X-Ms-Exchange-Crosstenant-Network-Message-Id 1517239c-dfcc-420f-4cfe-08dbc9999730
X-Ms-Exchange-Crosstenant-Idc66eaad3-4231-4d3b-873b-e9d98588a49e
X-Ms-Exchange-Crosstenant-Authsource BN8NAM04FT021.eop-NAM04.prod.protection.outlook.com
X-Ms-Exchange-Crosstenant-AuthasAnonymous
X-Ms-Exchange-Crosstenant-FromentityheaderInternet
X-Ms-Exchange-Transport-CrosstenantheadersstampedMW3PR15MB3756
X-Ms-Exchange-Transport-Endtoendlatency00:00:18.6672482
X-Ms-Exchange-Processed-By-Bccfoldering15.20.6863.027
X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
X-Microsoft-Antispam-Message-Info cKAmzeooix1HpYDnGrcSqfvsujnu+I0+C6qRoiKa8V/FgpgatH8N6LwBnSqyNWrcBxwc+oppFGpZVsHugH6XhxMe+4SFgJ5glSJ6zhhe9NWXDUHt25tLAjLlXDutr8Jj5u8G2ui0xuJmwihGtzWEW72JSV2RhmZtxsnx3rmmbz3ZcaBTrJyOtjIUZm9RaYCWpaXgW8jzE5FzhnSfXjnf6YN37cQG2VPLUotPYZr45R+OV5V+uf2Q9gW/hfpoVFwZT6O8oh6EJLBWCQeshmMqWCMGP7c2U6itAksIsJPaljG8lsefAgAVSyf07vHBMG/9XSk/jGR6zBhHfLWgPoYWl7J+7vJwZGW2Q5q8PC9ApvmodNToooDy6Uvq1KrLUXVg541fwUfybESyoIk1tUAwqY7O7eTEkgh2T1QRATb626D/wG3e2J3DSa0H1fHh4ONRyIHFvyZGZWr4CDQbAR1uXapVYU+tDvx0TWatc9xGJS3DM4tS+2uZJ5FHZG1fV6xuaRuKQdPZHO0AOjiPgbxjohjrYXvSO8O5fDWth5PfeM2uqvPgN/3poCm1kuQHZ3+DO6SV0g2gxkZtwjj6l1w6ZjKVMlDF+nDgGyn92fsj5hZ6hqs243UY74FLO2c5c/FDg8GZli/vChlNiiDK0HJOTaDL00cRIDATONTbIikpEYNDxu76Thdtwagzu78QGZFdWbrwvsWS4Ym1rwd/F54nh4F7OX0dnhihE08E4zS8xqExLdTgHMYkzD5v9bJPkjCw754UR5V2bCnwXZJL16Dg+hoOQVUnsjCznw5VLiTvwp0ORUIR84VGlKr0fJZz7VOrWrR6bhdwkHgndzGHVCQKjYQ7Y48MVTHkcuB/rtovWeVLh9KW5XjtpcYKABcMoOT5PQKUVSaIJr0+iGRawRkttfNsDsdMLlsHLlTxid+f10ERXtI+ztAtCD4o0AgEXBeDMSJTAnPgGtQEgCltAoEXVVWmC1NNkw97PDJ4ug15um1mL/24MK9Nt1LrF+uIsWXO2x0XSA4N5OW0lrwuc3HY5HOp64Q0zus5Y7oK/1uivl8e3Q7vy1WSVDGX5cee2Z/qPL0x7ZOWjcYBUrifH2SLxSLUnwasrPlWQ55OJhjMf/mTPkXaYqxyqUY1/rIj5kAj1qKJmpZ/AuWoHYLrWVZ9A5vDwVpVIrrT9RPLoNUIRliN6xwX6wMp0TKLgNqMdrp9e9fEPftQT0NJC3++l6pYUveCqx6YQbf2ue+lZ/Mo6Mmpiy1aqSPhB28d+SHRHWeAzGfYYBijVnfsFIMm2iy6UenGH2zENglyV6YXpb7fL2OhK4LDp66+W2AbMqv7PWfy2mux30KjiXGjf/WG26oPnBHCTkKaRHez1Obk/wX+aDdJZdzlArQOs7LlKMWx9xWJMFVTaBDAVW9BWbOscfhyoNhRiczXrQ+kuS9h446KlR3ns9erc5TRXIDIVKWcciULgRT6h62P6NMMdkNxyolRDyxVyEYTUeGipgJkTc37R2Y/iSCAN75P1EpPfrobYK+QZjN8eEyol3K1PaRrhJ+LmcK8jlJqWJXpemX3gjqw7wG5nvplqful0EPjdjeHcC1M+e5OFxnSXAJQons7Ah7CMs/nHWKiCsmICunlTgqHnlh9To6H00g11wmTgxPvvINRVQvcUuNvz1dqVnatT6O1GXZmmt2HXe5VsNY595LVjMjN8ZbEwmiMiTCVR3O8AY6Z/Up32LvRSz85j14WhdgoaLGZJE6cHbiLAT2llwhBI0sjFujW4GmI39xxjaaaYW4X19Xc9dACbOGcHK5xqBk3u4tv7Pzmo2BYma7epb+1ARi5jvxcv3LT/PPkjRKILKTKU62gyRQ0LpTahMkxbFuSKPABUGV05g7QiBzjOi7vuXt8QUEI9jrj8vvqYX6TIL3uWPZqrEf/pi2xZyZfTRnp5g==
Content-Transfer-Encoding7bit

File Icon

Icon Hash:46070c0a8e0c67d6