Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Fwd Past Due Notice Cust ID 0602830216.msg

Overview

General Information

Sample Name:Fwd Past Due Notice Cust ID 0602830216.msg
Analysis ID:1338216
MD5:8e9c1fe6c3963415b7a89ba591787763
SHA1:f62daebf0935e42623f085f81cdf92c876682143
SHA256:fc9c9a32887411c945c2afb7917f9c2025dabbc1da0d0dbe39502decf9128336

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Deletes files inside the Windows folder
Creates files inside the system directory
Stores large binary data to the registry
Checks for available system drives (often done to infect USB drives)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 1056 cmdline: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Fwd Past Due Notice Cust ID 0602830216.msg MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6100 cmdline: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5524050D-03A0-4448-A089-80496D0AE068" "A2DBF82D-12C3-4100-AA12-B655357A08BE" "1056" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 7060 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\CVYOFDH4\Past Due Notice Cust ID 0602830216.PDF MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6016 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6328 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1612,i,7807859934856939791,16777643933807458948,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Spreading
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.216.80.138
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI8ED4.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8ED4.tmp
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Fwd Past Due Notice Cust ID 0602830216.msg
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5524050D-03A0-4448-A089-80496D0AE068" "A2DBF82D-12C3-4100-AA12-B655357A08BE" "1056" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5524050D-03A0-4448-A089-80496D0AE068" "A2DBF82D-12C3-4100-AA12-B655357A08BE" "1056" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\CVYOFDH4\Past Due Notice Cust ID 0602830216.PDF
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1612,i,7807859934856939791,16777643933807458948,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding C51234FB52F98A9A9C4CF8794C2D40E2
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\CVYOFDH4\Past Due Notice Cust ID 0602830216.PDF
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1612,i,7807859934856939791,16777643933807458948,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding C51234FB52F98A9A9C4CF8794C2D40E2
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20231107T1437160327-1056.etl
Source: classification engineClassification label: clean3.winMSG@21/57@0/101
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: unknown FullSizeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
1
Replication Through Removable Media		Windows Management Instrumentation1
DLL Side-Loading		1
Process Injection		11
Masquerading		OS Credential Dumping1
Process Discovery		1
Replication Through Removable Media		Data from Local SystemExfiltration Over Other Network Medium2
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
DLL Side-Loading		NTDS14
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
52.113.194.132
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
104.117.232.185
unknownUnited States
16625AKAMAI-ASUSfalse
52.109.20.47
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.109.8.89
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
8.253.133.112
unknownUnited States
3356LEVEL3USfalse
23.216.80.138
unknownUnited States
33652CMCSUSfalse
20.50.80.209
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
34.193.227.236
unknownUnited States
14618AMAZON-AESUSfalse
52.109.20.39
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
172.64.41.3
unknownUnited States
13335CLOUDFLARENETUSfalse

General Information

Joe Sandbox Version:38.0.0 Ammolite
Analysis ID:1338216
Start date and time:2023-11-07 14:36:47 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:13
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample file name:Fwd Past Due Notice Cust ID 0602830216.msg
Detection:CLEAN
Classification:clean3.winMSG@21/57@0/101
Cookbook Comments:
  • Found application associated with file extension: .msg
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 52.109.8.89
  • Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, us.configsvc1.live.com.akadns.net, officeclient.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Created / dropped Files

(copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):10880
Entropy (8bit):5.214360287289079
Encrypted:false
SSDEEP:
MD5:B60EE534029885BD6DECA42D1263BDC0
SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:false
Reputation:low
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):287
Entropy (8bit):5.222180112838519
Encrypted:false
SSDEEP:
MD5:4E5A170532C214320EE1FC6FC1181151
SHA1:594609C4FD33B4A9695CC35CF6354E94EC13E3E0
SHA-256:0A9CC72539BD6BF882BF64908F6AE68436C9EF34DB7190545FA0BD24829FF1FF
SHA-512:4EAF0F1ACE7441E602E6CE77821AFA2AF9523E6C4B92C60AA42A127E018678CDB70E881F3A8E83E4BBDA6703710555C547721BE4EA4372195FB0B2BDDB9600E3
Malicious:false
Reputation:low
Preview:2023/11/07-14:37:25.898 79c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/11/07-14:37:25.900 79c Recovering log #3.2023/11/07-14:37:25.900 79c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):331
Entropy (8bit):5.201492653712525
Encrypted:false
SSDEEP:
MD5:E3A2A2BD81321AF1CE33F934791CF249
SHA1:1E94E23D1BFCA80E471D9E9BB388B8CC0530354E
SHA-256:604D3C517762DAF6143E9ADEC3054FF492634555BA51D464F47402F8120338B2
SHA-512:B87B1BFC23BD20D0238BDF1F89CAA423E82D031BEF697086EC72BA519EA143BA0EB887EE606346B1833B4499CB4BF315B2FE61C3510FF005C25144133045228C
Malicious:false
Reputation:low
Preview:2023/11/07-14:37:25.961 c5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2023/11/07-14:37:25.962 c5c Recovering log #3.2023/11/07-14:37:25.963 c5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4099
Entropy (8bit):5.233551509175718
Encrypted:false
SSDEEP:
MD5:E041E7E12F22885DB805C75748CB9AFE
SHA1:5D4ADCEA340890804CBCC662D24C3F5228B5B988
SHA-256:947D8ECC0ADFC0DB2CF0A2A0C4AAB791034EBE2BEE6CB28C0ABE18EE8052958C
SHA-512:012654FCA2300D831FA3F5851D291DCB7C47FE9140D0B50613BAE3D89262D5526F7FBEEE337CDEEB55AC901A69229014839B2DA6CC19FE85C6103EA2E925E27E
Malicious:false
Reputation:low
Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):319
Entropy (8bit):5.19734272401407
Encrypted:false
SSDEEP:
MD5:35BE81D5571F6A0A2E551690C7E3FAF7
SHA1:812035F50C5552A6FC4B98114CC59A79EA5A00BC
SHA-256:60B646B3A33566552AA617425D63410F981769A49510E8DD862DC9AA1602D894
SHA-512:320A95C890FA41D3FD0E06DA826525AE4AD2DFD4810B9040EFED5C60F5B7A0693C44B9DC4A4E6080569C137FF350002E7333424C9F96306A68DDF69749BC6D70
Malicious:false
Reputation:low
Preview:2023/11/07-14:37:26.179 c5c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2023/11/07-14:37:26.226 c5c Recovering log #3.2023/11/07-14:37:26.232 c5c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-231107133730Z-161.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:dropped
Size (bytes):65110
Entropy (8bit):1.1301763742240016
Encrypted:false
SSDEEP:
MD5:AC15CB75932AF7929619DB7C20A07130
SHA1:D0FE9839FE36A7B1EDC87FD614C01522FF65D25E
SHA-256:54F0FB9F222B585646E7FB8AAAF42972073603526900C18C9CAD9872C8C7E3F5
SHA-512:3027B0662F560657344AE147D664DEFB823D16ED7125BCA57CA629B5DE028AB26D73C4CF1E74C39FC91511CF3CB231A24E9B6D2BFA7B4FC7DEF2BE4BF47E8F63
Malicious:false
Reputation:low
Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
Category:dropped
Size (bytes):4770
Entropy (8bit):7.946747821604857
Encrypted:false
SSDEEP:
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA1:719C37C320F518AC168C86723724891950911CEA
SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
Malicious:false
Reputation:low
Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):338
Entropy (8bit):3.174857563182266
Encrypted:false
SSDEEP:
MD5:B939CAFA8BEA65FC2E6E8C5E0652E35A
SHA1:DE903C671161024FD0F93DA46FD03763DE792077
SHA-256:BE910FC9B5A62AA1317D5C1E98A50107DFDBE6FF142328331350A3345A838963
SHA-512:AD34F4AC0D71B549166EEB701AA0FCD6F736489AC92A846295D9EF0C81C977F8E41334D48B0D51928554CF2581E2CACE2695BE199FAD1F1252B931C3555FE5FB
Malicious:false
Reputation:low
Preview:p...... .........'I.....(....................................................... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6920

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):1233
Entropy (8bit):5.233980037532449
Encrypted:false
SSDEEP:
MD5:8BA9D8BEBA42C23A5DB405994B54903F
SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:false
Reputation:low
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6920

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):10880
Entropy (8bit):5.214360287289079
Encrypted:false
SSDEEP:
MD5:B60EE534029885BD6DECA42D1263BDC0
SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:false
Reputation:low
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.37274439493639
Encrypted:false
SSDEEP:
MD5:F580D29549BE4CACF3A3244198D694C8
SHA1:79C7284C9114ABF67424B1C3AC9075883856B3F0
SHA-256:AB8CEB8760674172399D19F488290D7ECA3837AD2DE149F06E059DA792A52AF5
SHA-512:CA24404424727324696EE463CD4ED92549A865B0A308DF3CC1EE3415F73DE1F72DDE9A588D4E655B7EF979C92118C912768B652B4530B077DB50012F4BF41449
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.322478453937417
Encrypted:false
SSDEEP:
MD5:A37BBFA952252724253E6BF345568C6E
SHA1:7C33D1E8E4944D53E0D6E363FF9B8522F1453689
SHA-256:2AE47C4AABB0CA24E22C280FA65300CB6C5DD51738C2C36BABB9AF7E5D0B1424
SHA-512:57BE6D919D049C13B7078E4E7AB69B57863CBFD57D2E92E34B8F1069EC3833695071EEBE3418D544C2941687F61FC4679D5443AF690A9B32C5C9DAD2BE292516
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.3007379492952245
Encrypted:false
SSDEEP:
MD5:3193E96F92AADF54B888EB6E18610FFE
SHA1:161233DB632EEBF14306B4F96D3D823E54CE7B28
SHA-256:27923E82DD36B9810E4969F024BCBF10078019D75F632A9ACDD82BA97A74FF30
SHA-512:42379EAA9976AE98BCEE2E8AB2411F15680F487C15EF26BDBA0779500883D8301FC3C8570C95B4227CC882FB54A53A155364389DA1F087A2B4FBC9DF3551F012
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.36145374187455
Encrypted:false
SSDEEP:
MD5:2690BF7EF26B96A863609E6115450A25
SHA1:1044BA35A7A2790723097A2FBB098193B40374D0
SHA-256:1A802DDD669E4069E41AEAAC500B3D52DA94262C32C38CB9A62DB3EE7C9B8B6E
SHA-512:365E02EA51081D67B88EC41E1B4B5E0BF3228F89C5F0ADEDF29EB3E2B5F811243EBE2293D061131700BE9F4C30D5C9C3A09D79A206CA9649986193F41A6BEE6F
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1255
Entropy (8bit):5.696211511938841
Encrypted:false
SSDEEP:
MD5:56507931E32D7D6EA852C4699E6EB46B
SHA1:3DD66ED611104B27AAEB72838DA6D0B93B1617C8
SHA-256:1139E19405F34A0D76BC52C70031935CC6BEC7D7E26FA1E942017E62EBE2AB6A
SHA-512:D4A7F0DC900D441EAA13B83709FB60EE6253B1D6737D9C66F38FF4D2E6F6652236F1C3CD31B42B405CF1AD0A8F0DC01EBBF6CC0218700611425FD7F236FEE5B8
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_0","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"f7fa0e9f-7d25-4321-b719-c501bbb8a162","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0IGZpbGVzIHRvIGFuZCBmcm9tIFBERiBcbndpdGhvdXQgbGltaXRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5k

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1250
Entropy (8bit):5.704181059132105
Encrypted:false
SSDEEP:
MD5:1B96B18DFD44250D47DDAAA98A7832D9
SHA1:C2B7895250EF33BA02F438DC3AA40E0E0690BA23
SHA-256:8DD79AD441B7217786D740A0DFF0476FB1D5F0A4394DB56976A749E94E02A69C
SHA-512:B9B25690B5757AC73F42157B40BBA3A065A5F46BC95F6D8BFD970689955A6F853F1921476B77275FCB14458E4B99A44348DF5DA5057C3CED423AD2DF366CD6D0
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_1","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"250f56c6-2d66-4fca-8033-eabbd2bc9951","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJDb252ZXJ0LCBlZGl0IGFuZCBlLXNpZ24gUERGXG4gZm9ybXMgJiBhZ3JlZW1lbnRzLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2Nvb

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.313407006150131
Encrypted:false
SSDEEP:
MD5:BDB594FB1BDCBED836EED9C715AD8A26
SHA1:F80A1C817FC3CED2AEFEDB9729CC944720D1A31B
SHA-256:F9EE6A93D6726F858CDEE29AFF7CE25FEE72E3B3236483D5AD613E5355996A3F
SHA-512:30A8121459A7622162FFF1DB871FFA40FD95C3202226FC3C57C2861337979F620BA9BE1383A816141873068EEFB900BF2C2E337AAF80A7C797A82164B9F55AFC
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1230
Entropy (8bit):5.688852627030641
Encrypted:false
SSDEEP:
MD5:790F8C68ABE3C28158C724C240DBCBF5
SHA1:9F236E715AF8E540A2EC4C69066B857CE65FC4BF
SHA-256:187B16DE4D65982F5D74F0B7A53C359137384952203AF6F66FA50BE2CA9B11E0
SHA-512:4C0B260498A910C9D9958E8E3FF3D1D24B986A8A06F0B8127EBD5114BADCDED21D439F779B7F9C1C4D595047B05753489E5B4CA597827D7D7EAAB31EE58DF155
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_3","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"07caa165-20a7-4c5f-adf8-061ef3d98af3","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiIsImJhY2tncm91bmRfc3R5bGluZyI6eyJiYWNrZ3JvdW5kX2NvbG9yX2RhcmtfdGhlbWUiO

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1412
Entropy (8bit):5.770351196494656
Encrypted:false
SSDEEP:
MD5:6C8234C5734629705020CA85C14D455C
SHA1:1E86C96A228DE3AFD46664AD7E4A8234E3A764F8
SHA-256:A876B6C17ED7DC75A3AA9C6D137A2A0426DD786714A5C66409ABB9EE2DC1F3C7
SHA-512:E9D5FDB43C6B44FD5E58F8F2C9C509571A87ED67A61F463281B27D623819CB5F89ECD9ACA751F2D1E2AE37EB445E94B3CDC90DE3BC0C2FE6D15434C54FD04C12
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"68411_210876ActionBlock_0","campaignId":68411,"containerId":"1","controlGroupId":"","treatmentId":"ae1ef9ee-c943-454e-b884-7af74088f2ef","variationId":"210876"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNyIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTEiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBhbGwgUERGIGFuZCBlLXNpZ25pbmcgdG9vbHMuIiwiYmFja2d

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.317157075926232
Encrypted:false
SSDEEP:
MD5:1881742A7B947DE013A3005DFEE3CF14
SHA1:A3D6A5C5CAC9BCBD13D5857BA439F306E2ACD186
SHA-256:079FEEEA46F8C230F86AA23FDD17A441C5F0EB9DF69D4C680D69D7FC67CCFEA2
SHA-512:E3A56B48214E58D0341D5FBEF63D27668360E4CCCD376F5DBE3B4C3697220EAA22AE1FDEAF06E066F84DD302E74E8CA30B364BA07486E5B7F88EB79AA81EDA85
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.776128896899024
Encrypted:false
SSDEEP:
MD5:A20557F561EEB8A654B2099BA6D7C60F
SHA1:6C32CBA4D4C0593826B2AF9F22673DAFFF279E42
SHA-256:6D6992A67D4AD4A6BDDD602226FA23F317BFBC68D5F9EB9579483AC5C1AE4213
SHA-512:4AA07F8D9B83ACDEB1408373BF047649BD3C31282477D7D0989021A4F40754966B5B063A3A25E5FBFAAF0F71F4B128AFDD178AF9C5AF4BEF08A8A37A5B96FB8C
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.300586255552492
Encrypted:false
SSDEEP:
MD5:F5D9086C75A63FAD630FA4DBCF0F83D0
SHA1:DBD396595FCF2882BFBA044C592EB40D32AC7B36
SHA-256:4CCC90099E9359BA8DB9EE44FA02426E674702FA7B4EDC2AB550855CB4B41589
SHA-512:35702FB68D1EE2E0607B7E57683C9F98ACFDC8FA68D9C8226FCEC963F4952E9CFF02FFDC4056FFDF75AF6642564FA65E313E3A998777BDF1A6874A9FB3723C69
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.304205055418382
Encrypted:false
SSDEEP:
MD5:C21C047DADCC9C1307AE17EA02D60389
SHA1:9E5235C6C65B354DF6164BDE70817F81BEF0A3DE
SHA-256:DF2F9B8D3553A5854EF0F2AF83A26312CD389821679E4102BB44CBEF370BE90B
SHA-512:82A1C18B61D8C5DA4489AB30D0A841ED920DA9B96E116AB78762AC84BB0C94CCB007A73478584135585975B4E4332CC7C5A5E2C130C5DC5A55F58E4BC5EC752C
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1250
Entropy (8bit):5.717021729519311
Encrypted:false
SSDEEP:
MD5:97761A1E4A0E0BFE04CC977D9FF9D4B7
SHA1:37A5144AB5F38E52815702052E450CD9DC610109
SHA-256:111FE31766ACB5604C3F5BA612E7E1C3B88A9B1830D44F2FA0938330CFF4FE4C
SHA-512:884FEA51D4D3F4C7DD3CC38961505248DB99AFC25E8FC52A6B2A8AC96EA598462B539DFAD715A1DA1B0849EC3077D7353F12B1D5C92072EF2BAE901AD36204A8
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65179_200306ActionBlock_2","campaignId":65179,"containerId":"1","controlGroupId":"","treatmentId":"8deb148d-1a64-4e57-9648-e8bf939c598e","variationId":"200306"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctZGF5IHRyaWFsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE0IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjoiIiwiZGVzY3JpcHRpb24iOiJTZW5kIGRvY3VtZW50cyAmIGZvcm1zIFxuZm9yIGZhc3QgZS1zaWduaW5nIG9ubGluZS4iLCJiYWNrZ3JvdW5kX3N0eWxpbmciOnsiYmFja2dyb3VuZF9jb

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):5220
Entropy (8bit):5.804908792649643
Encrypted:false
SSDEEP:
MD5:FB462AE0AE0B1A210ED3C06A65A60682
SHA1:4829F05F1B4716C1634372921B744C1266645F62
SHA-256:C3D1EF4BA8948F7364BD0C159FBFD583264CC48ACC589FE1CA886DEF02663F87
SHA-512:7D7C15516CE6117D1C0DC79E9B47A63D8A7A3F6EF01E2AF693A18C50F07BC0509D7DE46FBFA7B59F405072584738566575522013BD11FB96B3002CE3380EACCE
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Upsell_Cards"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"65872_202577ActionBlock_0","campaignId":65872,"containerId":"1","controlGroupId":"","treatmentId":"fde975b8-6690-4353-9b93-ee40b641f60f","variationId":"202577"},"containerId":1,"containerLabel":"JSON for DC Reader Upsell Cards","content":{"data":"eyJVcGdyYWRlQWNyb2JhdFBlcnNpc3RlbnRCdXR0b24iOnsiZGF0YVR5cGUiOiJ1cmwiLCJkYXRhIjp7ImxpZ2h0IjoiaHR0cHM6Ly9jdnMuYWRvYmUuY29tL2NvbnRlbnQvZGFtL2N2cy9hY3JvYmF0ZGVza3RvcC91cHNlbGxjYXJkcy9yZ3MwMjU0L3YyL2luZGV4Lmh0bWw\/ZXhwZXJpZW5jZT11cGdyYWRlLXRvcHxlbnwxfGxpZ2h0IiwiZGFyayI6Imh0dHBzOi8vY3ZzLmFkb2JlLmNvbS9jb250ZW50L2RhbS9jdnMvYWNyb2JhdGRlc2t0b3AvdXBzZWxsY2FyZHMvcmdzMDI1NC92Mi9pbmRleC5odG1sP2V4c

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.372747366356876
Encrypted:false
SSDEEP:
MD5:B0AFD7D7A4BB67F4956E674C8B4EA969
SHA1:B30EBCF19F9075DDD2EE759A223FA6C7C66CD088
SHA-256:F583CAB7821334A4F16648A36584598673C588195324E6C7EBE6B821311D1D0E
SHA-512:1A8E5534A6F12B811DA20CA69CF73F8DEAAF8F54DC225F4912BB3353EF2AF07D6ED002B0698974417419C64DA380719FC9381FB6C465BBD6577A5A6F66D3E598
Malicious:false
Reputation:low
Preview:{"analyticsData":{"responseGUID":"994b1b86-6a47-48ca-972f-3d6b5ec70246","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1699541177116,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1699364252149}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Reputation:low
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2819
Entropy (8bit):5.13474392175788
Encrypted:false
SSDEEP:
MD5:486383A67C5078D6574D4F62E9F29502
SHA1:DE1B90E7F1A484B61E3DDB940230E096C0F4129E
SHA-256:70C8E79A6641BA09B3224E992F78DEAAEAF1EA969C99A0B7783E6A4232C7B002
SHA-512:AEFD1F940197DCBF532F8708C397D4E04E481EF718348F062DFD31E849D054988A732087E79EA48ABCCD93DCA1DD42FDAB76383BC511B674F69192FCBEE9565A
Malicious:false
Reputation:low
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b1660fc6c90dfcf038f0a36c74feaaf8","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1699364252000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"113e6cc8a9d9a1274f2bce01530076d5","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1412,"ts":1699364251000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"98c39094c360d3a7dd7dbaa926f26658","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1699364251000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fdec8fd349d20b9a27569d309a026ea7","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1699364251000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"3545e8da05fd87e84d246c668917f34b","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1699364251000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"bda4cae91249931ebafd22fcb4964323","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":522

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:dropped
Size (bytes):12288
Entropy (8bit):0.9876635160373968
Encrypted:false
SSDEEP:
MD5:614520BD74708C71A88BE6F5E17738F0
SHA1:88A8D950B54F0A32C718B84C5E662F80004B015B
SHA-256:AC1B9C539F5EC284274790DEE40C2DAA4274251DC15E813ABA60CF20F8F7180F
SHA-512:DCA7ACDF94F198D4A754E513F0B45A26980B10FC56FD25DF4B909F6CE502F7D7430CB2811FDB18A8025AA919C1E4B421C2DEF700BDB75DBE2606388C819A26DD
Malicious:false
Reputation:low
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.3452316711960433
Encrypted:false
SSDEEP:
MD5:6571AB1EEAEE0AF6C730F8F64BDF9414
SHA1:453CDF5E0A7959C680648EB32E80203086CE06CF
SHA-256:9AE8F9CC4602F86F8BB8A20F87EA9FF9E426029D5DBCE3276E05314B97DD294A
SHA-512:4408BB580421337833B4152DF7D4B885BC935223F0E79DDC719E4C18C27CCCD55105C6985799E47355C27461AEB2FE50A4452FF5F90E9A5D4C3E80EEA7798A36
Malicious:false
Reputation:low
Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):66726
Entropy (8bit):5.392739213842091
Encrypted:false
SSDEEP:
MD5:A338239F03B8EA329C5719847C2ED69A
SHA1:40F65C339F21B15169FA4AA72FB5EA873E4A47DB
SHA-256:5DA993DE4975273D11CD9C808416BB720E4347E6CC1B1BE39D7FEDF51D0F7BBE
SHA-512:3CE4B05036A6AE6355F30617B36CEBC0B2FDA3E92E054F0ED9F89FDFE7A68CAD822CD3EC45DEC73F229B8159448B7338E934E316B8EDCA0C0B10D47376FABD96
Malicious:false
Reputation:low
Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):231348
Entropy (8bit):4.3941792116034675
Encrypted:false
SSDEEP:
MD5:165F62F0DF5B33DCA6D3B2E3B6E919E3
SHA1:D51D9CB1900EFE04E24A52602B75BA9C174FADAC
SHA-256:B92BE70FFD4B4E3F000EA0ADA8C8889C18B91D4049B0CA32D6BA339B1E69280C
SHA-512:7213DD48D26B438E6259C9FF6AEC47094C419B6E94114AA1B7EF2FE4D7372C56D837AB1E2F944A2089CF496751E807A3F9BF41164A45665984DDA18E6515A16F
Malicious:false
Reputation:low
Preview:TH02...... ..~........SM01X...,......~............IPM.Activity...........h...............h............H..h..........5...h........P.(.H..h\cal ...pDat...h.J..0.........h...]..-........h........_`.j...h..]@...I..w...h....H...8..j...0....T...............d.........2h...............k..............!h.............. h<..a..........#h....8.........$hP.(.....8....."h.4......x6....'h..............1h...]<.........0h....4....j../h....h......jH..h.4-.p.........-h .......$.....+h+..]....x........... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\EFCF9D11-0012-4002-ACA5-B3E322C46D71

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):162919
Entropy (8bit):5.344228117439529
Encrypted:false
SSDEEP:
MD5:8F8070A45F063589A86655F249640A65
SHA1:D3F40C74ECC3790CF81EDF3ADDF6D34D271B8E10
SHA-256:59CA4C9ED0B2443670E625A3693FD36162665622FC1293B1871E5D6637A05FED
SHA-512:10A9592D14EBF7BA561578F484DFCDAB7096E7BB024536653571E116F35D4F0937967A178C6DF7F52686D247CC6D02C5EDFF82D7A0D07308A7B40E8A5D4C0675
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-11-07T13:37:18">.. Build: 16.0.17028.30526-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
Category:dropped
Size (bytes):4096
Entropy (8bit):0.09216609452072291
Encrypted:false
SSDEEP:
MD5:F138A66469C10D5761C6CBB36F2163C3
SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
Malicious:false
Reputation:low
Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):4616
Entropy (8bit):0.13760166725504608
Encrypted:false
SSDEEP:
MD5:3944AD2A3AE490785BFD8100C0E94B11
SHA1:D425DDF692F205B1CBE61DD0DD875E51529C8EE3
SHA-256:7CA5704FE35CFB5663EAA635EFBC0CA514490A02C621E6779A0F0F2EF029665D
SHA-512:F52AE9D1ED3557B57BFF77D22055982B5ECDB060219F607D1308CBC82C65EB42762BFC1C22B84D0C591850F2D9F1D8FB67AF5174B740EC2F1DE061637361BB60
Malicious:false
Reputation:low
Preview:.... .c......JAv....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.04486648292292196
Encrypted:false
SSDEEP:
MD5:6D67FE2795D3DB875B71C928EB82F67B
SHA1:219057873875AFCF4C2AED0F74DD6893B6E8CE93
SHA-256:2EEC1354B756F258F54714EFA5DF5F5AC0C0DAFFD85E247650F03CF844EC8BB6
SHA-512:1FCBD882E27F1F6032437714E90093FD317E0BEF9E3A7DBB1E1882255F035F0895668A14B1149AFAB1983BC531A8D1C2E3B38517A4ED16A166BDD64F6CF0A138
Malicious:false
Reputation:low
Preview:..-......................h.)..A...>..,.{9|.pdT#..-......................h.)..A...>..,.{9|.pdT#........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Write-Ahead Log, version 3007000
Category:dropped
Size (bytes):45352
Entropy (8bit):0.3936754661490113
Encrypted:false
SSDEEP:
MD5:974E0935C1D9B349670B7CE360DEC155
SHA1:A8225E5E8E5F198798A0E73758D8100351A5F56A
SHA-256:F682BBA5E7F4606E8BCCF9C3B6E4A5731401543401E3319B8DE78752AAE3F162
SHA-512:D6517E3F8401723BC25D695C3AB55533B10F771AAFF5013546A11A5CF735A39225328A6AAA08877F84FB0C91AD0A70356617DE133D44D53641EA7099F9262995
Malicious:false
Reputation:low
Preview:7....-.............>..,....v.>............>..,.(Kt5..K.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\CVYOFDH4\Past Due Notice Cust ID 0602830216 (002).PDF:Zone.Identifier (copy)

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:PDF document, version 1.6 (zip deflate encoded)
Category:dropped
Size (bytes):17850
Entropy (8bit):7.0588049814267
Encrypted:false
SSDEEP:
MD5:84A83604F89101A0FA95480913CF7C28
SHA1:9B94D966C1511C8258FEDD0436A995F0740AF513
SHA-256:1913EDA39D4A3F9B14D5420C1D7E68C450CBA06FE002A110B20BEB83FE14B9D6
SHA-512:B07F83BAD952E3CDA0781B5B65558DC8672FDE688C5B01F6AD0C80D7EA5B8C8EDF1102DFFD1B12B3654EFE24F10DEE228075E0D37AE490ABE63E02DAD58304D8
Malicious:false
Reputation:low
Preview:%PDF-1.6.%......236 0 obj.<</Filter/FlateDecode/First 1611/Length 2739/N 193/Type/ObjStm>>stream..h.YMo.G..+}.C|H.........e...E..@..b...]..}U.C..Y.........h.I..3.P.....Eg..W.!o<....-DM.4.....L...h".W21F..X...$o..&.M&.h.....{P..)...)..`.z.`.A2..`.....+vFv!....V.. ..?....Xr.W.....}>Y.p+X.F...:...7...\."..d.bA../.>..A....(#n.}9!Z.+...i._)d"~s8..+. ?T.5.*-.....#@.&......Fp.yJp.#.]..$.....q..$v..C_fy..,.}...mWQ..}.7.C.........C.2Br...z.EF......f.z.....F.>....'T.....).W.T...:....dJ..I).....h...bpHje`.........0Ch..(c(.}..H2\...L..../".........$....?9.......0h-"......-..,.W.K.\.V..h.w(.E...F.........P......\.h.......(AN.O.?............h..A..a..4'..J.'.3f....U....].\PRBfbe.......e.....X..v&....aA...Yf..F..&5.l.v^.......'...?.U...L4.0...S.a.......@s.....3..9q..2..uh.`..@)......D...*2.... *........9J..LF;.........@.....0l@..A....4..2..8?..u....D.1q....eB.s.>...upc`.1..R..* #.D.....;/...Q...r-.I...P.b9?`ea....\X*.j.4'p..ca.J....U...0..z.f...%pM....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\CVYOFDH4\Past Due Notice Cust ID 0602830216.PDF

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:PDF document, version 1.6 (zip deflate encoded)
Category:dropped
Size (bytes):17850
Entropy (8bit):7.0588049814267
Encrypted:false
SSDEEP:
MD5:84A83604F89101A0FA95480913CF7C28
SHA1:9B94D966C1511C8258FEDD0436A995F0740AF513
SHA-256:1913EDA39D4A3F9B14D5420C1D7E68C450CBA06FE002A110B20BEB83FE14B9D6
SHA-512:B07F83BAD952E3CDA0781B5B65558DC8672FDE688C5B01F6AD0C80D7EA5B8C8EDF1102DFFD1B12B3654EFE24F10DEE228075E0D37AE490ABE63E02DAD58304D8
Malicious:false
Reputation:low
Preview:%PDF-1.6.%......236 0 obj.<</Filter/FlateDecode/First 1611/Length 2739/N 193/Type/ObjStm>>stream..h.YMo.G..+}.C|H.........e...E..@..b...]..}U.C..Y.........h.I..3.P.....Eg..W.!o<....-DM.4.....L...h".W21F..X...$o..&.M&.h.....{P..)...)..`.z.`.A2..`.....+vFv!....V.. ..?....Xr.W.....}>Y.p+X.F...:...7...\."..d.bA../.>..A....(#n.}9!Z.+...i._)d"~s8..+. ?T.5.*-.....#@.&......Fp.yJp.#.]..$.....q..$v..C_fy..,.}...mWQ..}.7.C.........C.2Br...z.EF......f.z.....F.>....'T.....).W.T...:....dJ..I).....h...bpHje`.........0Ch..(c(.}..H2\...L..../".........$....?9.......0h-"......-..,.W.K.\.V..h.w(.E...F.........P......\.h.......(AN.O.?............h..A..a..4'..J.'.3f....U....].\PRBfbe.......e.....X..v&....aA...Yf..F..&5.l.v^.......'...?.U...L4.0...S.a.......@s.....3..9q..2..uh.`..@)......D...*2.... *........9J..LF;.........@.....0l@..A....4..2..8?..u....D.1q....eB.s.>...upc`.1..R..* #.D.....;/...Q...r-.I...P.b9?`ea....\X*.j.4'p..ca.J....U...0..z.f...%pM....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\CVYOFDH4\Past Due Notice Cust ID 0602830216.PDF:Zone.Identifier

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):26
Entropy (8bit):3.95006375643621
Encrypted:false
SSDEEP:
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:false
Reputation:low
Preview:[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1699364236619462000_FEC26B60-35DC-415A-B16D-843B61761D9A.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (829), with CRLF line terminators
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.006404489291225736
Encrypted:false
SSDEEP:
MD5:5C4E53064B931F8423CB93747AD463D2
SHA1:2AE085E1429C778F5A6CA0967AA6164F7860E839
SHA-256:2DD5CF21A9EA64FCA69EADB0EEA6101A8C436EFF16E765370E9628C8C2018A9A
SHA-512:39BC8E894F253C5ED503BD98FEB83FBD0634396FC7A3E039F403174A23F00E06A7B3F1256113361C73CDC139D299C88C41BF387F94CD8D666CEA92591C6EF53E
Malicious:false
Reputation:low
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/07/2023 13:37:16.693.OUTLOOK (0x420).0x18C8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2023-11-07T13:37:16.693Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"4B85BB09-468D-4DF0-905A-24DD04F2EE89","Data.PreviousSessionInitTime":"2023-11-07T13:37:03.428Z","Data.PreviousSessionUninitTime":"2023-11-07T13:37:06.288Z","Data.SessionFlags":4,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...11/07/2023 13:37:16.725.OUTLOOK (0x420).0xAF8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,"Time":"202

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1699364236620697700_FEC26B60-35DC-415A-B16D-843B61761D9A.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20231107T1437160327-1056.etl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:modified
Size (bytes):122880
Entropy (8bit):4.690971418520782
Encrypted:false
SSDEEP:
MD5:B48A805986BC35FF19CB8B027CA1C196
SHA1:AF61FD393BEE242D3DDE234B121F12C783E20D5F
SHA-256:134353EA35849F597E37FBC19A03F7B2640C42B5FB0B3698ACDE2B3F1596EEC8
SHA-512:C7E33D4D9FA99862C8B7CDDD36BAB3FB2E3EB392E68B0BCF3A3FB10FEA4D468EBFD6E2D0516DD59F2C520636D39D2916AF500A2A93956677DAFF5F7EB6454D3A
Malicious:false
Reputation:low
Preview:............................................................................^....... ....G......................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...........................................................@................G..............v.2._.O.U.T.L.O.O.K.:.4.2.0.:.8.1.6.e.0.0.3.d.e.0.3.5.4.c.a.b.9.f.4.3.0.e.1.0.4.4.6.7.4.1.a.e...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.3.1.1.0.7.T.1.4.3.7.1.6.0.3.2.7.-.1.0.5.6...e.t.l.........P.P..... ..................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-11-07 14-37-28-208.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.353642815103214
Encrypted:false
SSDEEP:
MD5:91F06491552FC977E9E8AF47786EE7C1
SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:false
Reputation:low
Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):15114
Entropy (8bit):5.378599749853378
Encrypted:false
SSDEEP:
MD5:ECBEF16F381A48113638C8950CB9F5E9
SHA1:F4F7A570329CB440E7E99E91A4C422FCDD3EF2F4
SHA-256:C6C21C9FDCA492B2A53CAE882B010A478F113C3F2C5E8EAEF1BE49F74A309906
SHA-512:1B232BB73BE8AF714052C7003BEF2468A5B9B1796DB8AA84D2B4876C1DE7049616E8ED8E1EB177853B6F206EEC735FF2A155C151070AAB8369E10C8E99AF33B7
Malicious:false
Reputation:low
Preview:SessionID=2c5879ce-a47e-4b1a-b649-1b87b98ed6b7.1699364248218 Timestamp=2023-11-07T14:37:28:218+0100 ThreadID=5552 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=2c5879ce-a47e-4b1a-b649-1b87b98ed6b7.1699364248218 Timestamp=2023-11-07T14:37:28:219+0100 ThreadID=5552 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=2c5879ce-a47e-4b1a-b649-1b87b98ed6b7.1699364248218 Timestamp=2023-11-07T14:37:28:219+0100 ThreadID=5552 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=2c5879ce-a47e-4b1a-b649-1b87b98ed6b7.1699364248218 Timestamp=2023-11-07T14:37:28:219+0100 ThreadID=5552 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=2c5879ce-a47e-4b1a-b649-1b87b98ed6b7.1699364248218 Timestamp=2023-11-07T14:37:28:220+0100 ThreadID=5552 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29752
Entropy (8bit):5.420481287983741
Encrypted:false
SSDEEP:
MD5:B37E41BAF61177E241F6D376BAF7E470
SHA1:764D3A2E75A3DE86C6C5FCCC396A9AF37B9A3E18
SHA-256:EEA82E4AA78C48EA3F1E0AE955A7266B34B41A36F76CDF1D4B7899451BACA6EA
SHA-512:6E3CEA6E9B5C6D1E167F03C8C638AD2BF2336249A55F7D88C026D8822FED931A18604C6715A84D73910EB1B0BF898A190340798BF8554C60712E1652AD7C86A6
Malicious:false
Reputation:low
Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\0d7855e0-30c7-4c24-9e23-f4b53a964b7d.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Reputation:low
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\1dc19393-2377-467e-a136-0fc88dd0ba48.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:
MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:false
Reputation:low
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\1f23d76b-a841-4b5d-9461-720a7a60f489.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:
MD5:AE1E8A5D3E7B2198980A0CA16DE5F3D3
SHA1:A1DB2C58AFC81E6A114A8EB47BE0243956F79460
SHA-256:8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
SHA-512:5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
Malicious:false
Reputation:low
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f9046a6a-c6c8-498c-860e-656e1fecf4e2.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Reputation:low
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):538743
Entropy (8bit):5.984874009679249
Encrypted:false
SSDEEP:
MD5:95A419EEFA4C84C3CC8AE122933ADC17
SHA1:756496759FF51868AFFEC906A3380ACD30066F90
SHA-256:2135D8F92AE1FA868B9ACE97712A32110812AAD73A281C2E30269F0F52DA3FA5
SHA-512:1C1B836D01CDE7FB48594381AE894BF14F6ACC836D709CBEC8B582074F8900623C1E92511DC9C14FDD213AA997A7B33753E94AE70108F6068FC57B946997812C
Malicious:false
Reputation:low
Preview:RNWPREP...A..<.l........48......M..|...,...7.k.$...P/{..-.....T@...P.Q.....uY|.8.......$S.,..`......L`.....$S...`VY.....L`.....M.Rb.................c.@........... ....Qb..S.....$m..`......Qb...+....Ks..`Z.....Qb........nb..`......Qb........yl..`......Qb..DI....Jl..`......Qb..m|....Sm..`X....D..Qb...c....lI..`2.....Qb"..p....jd..`......Qb.n.....cC..`.....D..Qb2......up..`.....D..QbJ.P$....pe..`......QbJ.......Ob..`.....D..QbV..[....Ya..`......QbZ.O.....Ei..`.....D..Qbf.'e....Fs..`r....D..Qb.._m....BI..`p....D..Qb........ld..` .....Qb..(.....fm..`L....D..Qb..|.....xc..`......Qb.@Ot....w_..`D....D..Qb.@j.....Be..`.....D..Qb........bA..`.....D..Qb.@......BT..`H....D..Qb......Mg..`J....D..Qb..z0....Mp..`......Qb...{....Yi..`.....D..Qb.Ay.....I_..`P....D..Qb..:.....dc..`......Qb........Tc..`0.....Qb........Wc..`......Qb&A.{....Zd..`0.....Qb...}....ub..`.....D..Qb:.......Nv..`.....D..QbJ.......ma..`......QbN.......SM..`.....D..Qb^..V....zI..`.....D..QbjA2.....Ah..`X.....Qbn.7.....wv..`

C:\Users\user\AppData\Local\Temp\~DF97436570E3E38789.TMP

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):163840
Entropy (8bit):0.3654890938222627
Encrypted:false
SSDEEP:
MD5:B0D1D675419D31CCEC729638A1B07AAD
SHA1:75A19704BC3E83AEF21CA6CDBBEE48235A8B570B
SHA-256:250AFB60DE0ABCFFBB06AA4DC9B1C0C5425AB58BB7562C6BD0B59875099D6B70
SHA-512:0DA4CE19E452E91E67A5E48539AD492284A902A6CD9CF76D934D049CAD6FFEEBD286F904C0054CFBC6AFE26177B539FCC7E94AEDB2B4F6CA9390DFFAA3A9671C
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:modified
Size (bytes):30
Entropy (8bit):1.2389205950315936
Encrypted:false
SSDEEP:
MD5:B48B091720EDB9EFEC8CAAA1C2B6A2AD
SHA1:C3B97230DDA3CB21E64B1A12124C4889BE4D6FFB
SHA-256:E807D0412D0EE788453E5D35DBFD927F1AE8822D02050890B1DC9DADF993AF12
SHA-512:226777B2830A8413B8D3564E1754EC113ECE13863A4042871200061FA3DB7F4298110BCB5B8655C26208D4ADCE84DE6216648C66E10A583CBAE534A93B85DBB4
Malicious:false
Reputation:low
Preview:..............................

C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):16384
Entropy (8bit):0.6692737504152038
Encrypted:false
SSDEEP:
MD5:F9B60A0DD173D656AEE4B3ABA35EFD06
SHA1:79E03578503EBBFE36530126D990B870ACB525BF
SHA-256:32BF1453F25656B43DA24DD4B52C13D79C27EFAA6107252A7B471500A274CDE7
SHA-512:79F2B6FBA50E447B33A379707667BA66501D6DDC9CAEE546C59B9EDDAD58D46699E288EE7CFEF91D618623F3ED493E89ED5651EED1DF11F4A7F3823ADE8BE4B4
Malicious:false
Reputation:low
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Outlook email folder (>=2003)
Category:dropped
Size (bytes):271360
Entropy (8bit):1.4647243287263114
Encrypted:false
SSDEEP:
MD5:3E7A3874C0350D8B9355C469A2BDE319
SHA1:978C8144C182F4E2E95DC5DE79A8453251E8BEF1
SHA-256:D70E075AD7B75C9EEFFDCA7129E66D22FC91ADB2E08D88433C87736B4FF19B25
SHA-512:84663A53563460B6E6DE45591E53F7C860115A7EA9099C5C4A56507C14712F275AE90EE76E80E3B70F376E2A99FF2C23AFB9BF90FC3D10A78D3F14FD0C2689E2
Malicious:false
Reputation:low
Preview:!BDN.>.lSM......\.......................\................@...........@...@...................................@...........................................................................$.......D.......B..........................................................................................................................................................................................................................................................................................................................@.......q...<......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.8573986169980412
Encrypted:false
SSDEEP:
MD5:F9664DE881144F5C1496ED3F0767EF5E
SHA1:467C2F4DC9DF00A08871C0A8EEB43924795B3ECE
SHA-256:E2A50DEE16CF95A0A2265F66A0103312D8B1F2128016ABDDEBF845EA94051DF4
SHA-512:8AB5D2B3A9F1AAA83B27F0D29AC0844545A598FF39974D7FEB7061E3C1E49B389D3D9ADCFE871AD1E3A1B630AAC093AA8C3D7487B504D9DC8B4B00113420C732
Malicious:false
Reputation:low
Preview:..V.C...H....... .............................#.!BDN.>.lSM......\.......................\................@...........@...@...................................@...........................................................................$.......D.......B..........................................................................................................................................................................................................................................................................................................................@.......q...<...............B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):454234
Entropy (8bit):5.356161199709866
Encrypted:false
SSDEEP:
MD5:C2E7A1A0414535D47EB20BC52204EF4A
SHA1:307BF99D31110EB5777EDE42BC6A3B14118006A3
SHA-256:2BAF9BE9D84120F2592E04B6B9AC249A105702A1E5E8A456A58262AF6B055739
SHA-512:FF4E683A6F251322D736C4D4B647D19EE853C4C1C30A8C711A5A0D8D2D79236DAFC15F6E1839CB663C5C123D20B6393FEE4EE2C84C8CE8D4524795FF846481AE
Malicious:false
Reputation:low
Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

Static File Info

General

File type:CDFV2 Microsoft Outlook Message
Entropy (8bit):4.43491243011633
TrID:
  • Outlook Message (71009/1) 58.92%
  • Outlook Form Template (41509/1) 34.44%
  • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:Fwd Past Due Notice Cust ID 0602830216.msg
File size:120'320 bytes
MD5:8e9c1fe6c3963415b7a89ba591787763
SHA1:f62daebf0935e42623f085f81cdf92c876682143
SHA256:fc9c9a32887411c945c2afb7917f9c2025dabbc1da0d0dbe39502decf9128336
SHA512:7949b711779dd11d47782ee0afa7d2eef07d56c0fbc3036bbb8200212ccc405adaac0cb21ec394180b2a980af08f262eb56e90c14eec210133ebb0d8c35972b3
SSDEEP:1536:0a1z3WgWdWcW2qs5WIWoFNsFNYs3zQis1KYGxxWP:0a1zsHFNsFNYsRs1KYs
TLSH:78C301143AF91509F3B79F325EE680978932BD81AD20DA5F315D370E0B72A41A961F3B
File Content Preview:........................>.......................................................}..............................................................................................................................................................................

Static Mail

General

Subject:Fwd: Past Due Notice Cust ID 0602830216
From:Daryl Anderson <danderson@steamsolutions.com>
To:Terri Bollinger <tbollinger@steamsolutions.com>
Cc:
BCC:
Date:Sat, 04 Nov 2023 14:59:39 +0100
Communications:
  • Sent from my iPhone Begin forwarded message: From: DeluxeCredit@deluxe.com Date: November 4, 2023 at 5:12:11 AM CDT To: Daryl Anderson <danderson@steamsolutions.com> Subject: Past Due Notice Cust ID 0602830216 CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Dear Valued Customer, Our records indicate that your account is past due. Please click on the attachment to view your account details and remit payment. If you have already sent in payment, please disregard this notice and accept our thanks. To pay by check, enclose remittance advice and send payment to us at: DELUXE LOCKBOX 229 P.O. BOX 7247 PHILADELPHIA, PA 19170-0001 Please do not reply to this message. If you have questions or would like to make a payment, please contact us at 1-888-219-6327 or email customer.accounting@deluxe.com. Thank you, Deluxe Accounting
Attachments:
  • Past Due Notice Cust ID 0602830216.PDF
Key Value
Receivedfrom SJ0PR15MB4582.namprd15.prod.outlook.com
1359:40 +0000
Authentication-Resultsdkim=none (message not signed)
by SN7PR15MB4240.namprd15.prod.outlook.com (260310b6:806:109::14) with
2023 1359:40 +0000
([fe80:4983:d04c:6145:e738%4]) with mapi id 15.20.6954.019; Sat, 4 Nov 2023
Content-Typeapplication/ms-tnef; name="winmail.dat"
Content-Transfer-Encodingbinary
FromDaryl Anderson <danderson@steamsolutions.com>
ToTerri Bollinger <tbollinger@steamsolutions.com>
SubjectFwd: Past Due Notice Cust ID 0602830216
Thread-TopicPast Due Notice Cust ID 0602830216
Thread-IndexAQHaDwdfMX5hGFNGfkSZ8EN+YCYrR7BqMD/A
DateSat, 4 Nov 2023 13:59:39 +0000
Message-ID<7140F843-FC64-4BAA-B3AF-E7D2C1B8E693@steamsolutions.com>
References<ADR480000013981886000022487947AB1EEE9EDF41AC5AA2FB24@DELUXE.COM>
In-Reply-To<ADR480000013981886000022487947AB1EEE9EDF41AC5AA2FB24@DELUXE.COM>
Accept-Languageen-US
Content-Languageen-US
X-MS-Has-Attachyes
X-MS-Exchange-Organization-SCL1
X-MS-TNEF-Correlator<7140F843-FC64-4BAA-B3AF-E7D2C1B8E693@steamsolutions.com>
MIME-Version1.0
X-MS-Exchange-Organization-MessageDirectionalityOriginating
X-MS-Exchange-Organization-AuthSourceSJ0PR15MB4582.namprd15.prod.outlook.com
X-MS-Exchange-Organization-AuthAsInternal
X-MS-Exchange-Organization-AuthMechanism04
X-MS-Exchange-Organization-Network-Message-Id82a0c5a5-5934-4fd8-9ae3-08dbdd3e49dc
X-MS-PublicTrafficTypeEmail
X-MS-TrafficTypeDiagnosticSJ0PR15MB4582:EE_|SN7PR15MB4240:EE_|MW4PR15MB4618:EE_
Return-Pathdanderson@steamsolutions.com
X-MS-Exchange-Organization-ExpirationStartTime04 Nov 2023 13:59:40.6756
X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
X-MS-Office365-Filtering-Correlation-Id82a0c5a5-5934-4fd8-9ae3-08dbdd3e49dc
X-Microsoft-AntispamBCL:0;
X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR15MB4582.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:;DIR:INT;
X-MS-Exchange-CrossTenant-OriginalArrivalTime04 Nov 2023 13:59:39.9401
X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
X-MS-Exchange-CrossTenant-Idae77d94d-d50f-4ea7-877a-9ae2f36050b2
X-MS-Exchange-CrossTenant-AuthSourceSJ0PR15MB4582.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAsInternal
X-MS-Exchange-CrossTenant-Network-Message-Id82a0c5a5-5934-4fd8-9ae3-08dbdd3e49dc
X-MS-Exchange-CrossTenant-MailboxTypeHOSTED
X-MS-Exchange-CrossTenant-UserPrincipalNameMQZRHRfb4bzzdGOdLLWn4Pt1PDSnooi+pjL+D0UmLpZRcrBpJwD55WVUFAX3rquk6oqsvuW2f+lgtm3S6zrzhBYSaZ/CIboHxLKpmF9JjvQ=
X-MS-Exchange-Transport-CrossTenantHeadersStampedSN7PR15MB4240
X-MS-Exchange-Transport-EndToEndLatency00:00:02.8140083
X-MS-Exchange-Processed-By-BccFoldering15.20.6954.019
X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003);
X-Microsoft-Antispam-Message-InfoQbsy70SFtt5cE0eDTc8u4EH5YNEXOSYL9XccIN1rfBqpvtt6QNWNaA9xPA176+FYkpulgRJLPYPjpp5V5JHg3Z5ND0wdDlBuDIUNYxWD8U3oud/n0jqb3M8IvB6mFiMQXnlH/+Dxrz+2QstBGtXtfgmAclHZQ/l8k5uwKjEvEm8PvuHoICjoTtn9n7exhjwEtEwwAgE28EyJKh2bnrLghziqjhiaj/ICMR6o9fn9uqmQ+zn+sB8iNtRd2gdx3jED7Np360V7Hm31dIg6YzSzlQ5qZzSwRF3AkrWAc2dYbUktyLMa1kOb5x+u5YAqLFhyxNbyr0m2AvgHFZcJc5tbIASik5ZrNr6lRTU1eYKga2t/wILrSI77Pa54WRqaQoMddA+sy2afbNsU6+uFNttwtOA9WoC6OVfLXgvhtgy4Li8yi3NkkCtVALQNOnic9PxIpl19XFyjKHXEXoSgu9YdqwvrZRGMFIYjdOxq/7T+uN3pPtvWtaFX8uW8KFgYwS+e0wH9yImSwQGV0mCcld3lPMNFspec7iYD+gL1e4JF2Drh0lw28DQkDRU3ODCCR/s/e4aLdDJt8yY7uU2PgD+HPNOUqCmUXjrvBc0JYRmBV2cJwFZLm+iFusTVDB/CVxS9lQE89f9uQhQLvPiQ/IjgfQ==
dateSat, 04 Nov 2023 14:59:39 +0100

File Icon

Icon Hash:c4e1928eacb280a2