Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0-1.eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0-1.eml
Analysis ID:1556625
MD5:b2c0128d57b114daf67e5e941605d137
SHA1:6acea49f734190959654c568f4922e9b3ed753c6
SHA256:3bc06394fd08ca389eeaba5f4254061801ad0a47cfa3cbd4ed37d25fc013c80d
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
AI detected potential phishing Email
HTML page contains hidden javascript code
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6992 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0-1.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6560 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D1721940-1BD7-4DA5-A9A3-61A9CD9ACFD3" "C4C848F6-B038-4C36-AAC1-BBB4723E498C" "6992" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.es%2Furl%3Fq%3Dqueryz0mi(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253D%26sa%3Dt%26url%3Damp%252fsafrareal.com.br%252fyoya%252f5jo3txpcfyzbajysuzq86dl0a7xrer8uwmv60%2FbHNtaXRoQHJlbGlhYmxlY29udHJvbHMuY29t%24%3F&data=05%7C02%7Clsmith%40reliablecontrols.com%7Cdf8cad438dae44616a0208dd058956e0%7C70dc28cdaa9f493cabf35c1ff69c0ddc%7C1%7C0%7C638672810637105669%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=up6lPNcwGdbVJvD8diFCDQaetYjXN0Cn53CcecyWjy4%3D&reserved=0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 1360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1944,i,1017297042741614360,9748680034842615006,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • Acrobat.exe (PID: 7604 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8364J729\ilil.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 7952 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 364 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1568,i,14183725717667492424,7491317308005560967,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6992, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8364J729\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6992, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://safrareal.com.br/favicon.icoAvira URL Cloud: Label: phishing

Phishing

barindex
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: Suspicious sender domain 'almajapharma.com' doesn't match the business context. Subject line 'Our Vacation 2024' is inconsistent with the email content about vehicle repairs. Contains an extremely long, suspicious URL with multiple encoded parameters
Source: https://fkjfjdkdsjjsk.almajapharma.com/?no=bHNtaXRoQHJlbGlhYmxlY29udHJvbHMuY29t$HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.74
Source: global trafficHTTP traffic detected: GET /yoya/5jo3txpcfyzbajysuzq86dl0a7xrer8uwmv60/bHNtaXRoQHJlbGlhYmxlY29udHJvbHMuY29t$ HTTP/1.1Host: safrareal.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: safrareal.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://safrareal.com.br/yoya/5jo3txpcfyzbajysuzq86dl0a7xrer8uwmv60/bHNtaXRoQHJlbGlhYmxlY29udHJvbHMuY29t$Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: can01.safelinks.protection.outlook.com
Source: global trafficDNS traffic detected: DNS query: www.google.es
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: safrareal.com.br
Source: global trafficDNS traffic detected: DNS query: fkjfjdkdsjjsk.almajapharma.com
Source: global trafficDNS traffic detected: DNS query: en.wikipedia.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: upload.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: meta.wikimedia.org
Source: global trafficDNS traffic detected: DNS query: login.wikimedia.org
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 17:04:53 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.74:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49806 version: TLS 1.2
Source: classification engineClassification label: mal52.winEML@38/122@23/171
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241115T1204330925-6992.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0-1.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D1721940-1BD7-4DA5-A9A3-61A9CD9ACFD3" "C4C848F6-B038-4C36-AAC1-BBB4723E498C" "6992" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.es%2Furl%3Fq%3Dqueryz0mi(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253D%26sa%3Dt%26url%3Damp%252fsafrareal.com.br%252fyoya%252f5jo3txpcfyzbajysuzq86dl0a7xrer8uwmv60%2FbHNtaXRoQHJlbGlhYmxlY29udHJvbHMuY29t%24%3F&data=05%7C02%7Clsmith%40reliablecontrols.com%7Cdf8cad438dae44616a0208dd058956e0%7C70dc28cdaa9f493cabf35c1ff69c0ddc%7C1%7C0%7C638672810637105669%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=up6lPNcwGdbVJvD8diFCDQaetYjXN0Cn53CcecyWjy4%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1944,i,1017297042741614360,9748680034842615006,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8364J729\ilil.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1568,i,14183725717667492424,7491317308005560967,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D1721940-1BD7-4DA5-A9A3-61A9CD9ACFD3" "C4C848F6-B038-4C36-AAC1-BBB4723E498C" "6992" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.es%2Furl%3Fq%3Dqueryz0mi(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253D%26sa%3Dt%26url%3Damp%252fsafrareal.com.br%252fyoya%252f5jo3txpcfyzbajysuzq86dl0a7xrer8uwmv60%2FbHNtaXRoQHJlbGlhYmxlY29udHJvbHMuY29t%24%3F&data=05%7C02%7Clsmith%40reliablecontrols.com%7Cdf8cad438dae44616a0208dd058956e0%7C70dc28cdaa9f493cabf35c1ff69c0ddc%7C1%7C0%7C638672810637105669%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=up6lPNcwGdbVJvD8diFCDQaetYjXN0Cn53CcecyWjy4%3D&reserved=0
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F5680881B53DBC59B25EA95FEA442213
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1944,i,1017297042741614360,9748680034842615006,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8364J729\ilil.pdf"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1568,i,14183725717667492424,7491317308005560967,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account Manager14
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://safrareal.com.br/favicon.ico100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
can01.safelinks.eop-tm2.outlook.com
104.47.75.156
truefalse
    		unknown
    bg.microsoft.map.fastly.net
    		199.232.214.172
    		truefalse
      		high
      www.google.es
      		142.250.186.35
      		truefalse
        		high
        fkjfjdkdsjjsk.almajapharma.com
        		209.38.225.84
        		truefalse
          		unknown
          www.google.com
          		142.250.186.132
          		truefalse
            		high
            upload.wikimedia.org
            		185.15.59.240
            		truefalse
              		high
              dyna.wikimedia.org
              		185.15.59.224
              		truefalse
                		high
                safrareal.com.br
                		191.252.128.160
                		truefalse
                  		high
                  can01.safelinks.protection.outlook.com
                  		unknown
                  		unknownfalse
                    		high
                    en.wikipedia.org
                    		unknown
                    		unknownfalse
                      		high
                      x1.i.lencr.org
                      		unknown
                      		unknownfalse
                        		high
                        meta.wikimedia.org
                        		unknown
                        		unknownfalse
                          		high
                          login.wikimedia.org
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://safrareal.com.br/favicon.icotrue
                            • Avira URL Cloud: phishing
                            		unknown
                            https://fkjfjdkdsjjsk.almajapharma.com/?no=bHNtaXRoQHJlbGlhYmxlY29udHJvbHMuY29t$false
                              		unknown
                              https://en.wikipedia.org/wiki/Main_Pagefalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                142.250.186.67
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                52.202.204.11
                                		unknownUnited States
                                		14618AMAZON-AESUSfalse
                                184.28.88.176
                                		unknownUnited States
                                		16625AKAMAI-ASUSfalse
                                185.15.59.224
                                		dyna.wikimedia.orgNetherlands
                                		14907WIKIMEDIAUSfalse
                                191.252.128.160
                                		safrareal.com.brBrazil
                                		27715LocawebServicosdeInternetSABRfalse
                                185.15.59.240
                                		upload.wikimedia.orgNetherlands
                                		14907WIKIMEDIAUSfalse
                                52.109.32.97
                                		unknownUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                142.250.186.131
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                142.250.186.132
                                		www.google.comUnited States
                                		15169GOOGLEUSfalse
                                142.250.186.110
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                172.217.18.10
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                104.47.75.156
                                		can01.safelinks.eop-tm2.outlook.comUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                172.64.41.3
                                		unknownUnited States
                                		13335CLOUDFLARENETUSfalse
                                142.250.186.35
                                		www.google.esUnited States
                                		15169GOOGLEUSfalse
                                52.113.194.132
                                		unknownUnited States
                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                216.58.206.46
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                2.23.197.184
                                		unknownEuropean Union
                                		1273CWVodafoneGroupPLCEUfalse
                                93.184.221.240
                                		unknownEuropean Union
                                		15133EDGECASTUSfalse
                                20.189.173.26
                                		unknownUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                239.255.255.250
                                		unknownReserved
                                		unknownunknownfalse
                                2.19.126.151
                                		unknownEuropean Union
                                		16625AKAMAI-ASUSfalse
                                64.233.184.84
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                209.38.225.84
                                		fkjfjdkdsjjsk.almajapharma.comUnited States
                                		7018ATT-INTERNET4USfalse
                                52.109.76.243
                                		unknownUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                52.109.76.144
                                		unknownUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                Private

                                IP
                                192.168.2.16

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1556625
                                Start date and time:2024-11-15 18:03:55 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:22
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • EGA enabled
                                Analysis Mode:stream
                                Analysis stop reason:Timeout
                                Sample name:phish_alert_sp2_2.0.0.0-1.eml
                                Detection:MAL
                                Classification:mal52.winEML@38/122@23/171
                                Cookbook Comments:
                                • Found application associated with file extension: .eml

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 52.109.32.97
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, wu-b-net.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Report size getting too big, too many NtSetValueKey calls found.
                                • VT rate limit hit for: phish_alert_sp2_2.0.0.0-1.eml

                                LLM Input / Output

                                InputOutput
                                URL: email Model: Joe Sandbox AI
                                {
    "explanation": [
        "Suspicious sender domain 'almajapharma.com' doesn't match the business context",
        "Subject line 'Our Vacation 2024' is inconsistent with the email content about vehicle repairs",
        "Contains an extremely long, suspicious URL with multiple encoded parameters"
    ],
    "phishing": true,
    "confidence": 9
}
                                {
    "date": "Fri, 15 Nov 2024 15:22:37 +0000", 
    "subject": "RELIABLECONTROLS: Our Vacation 2024  (fq)", 
    "communications": [
        " You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. 352352 Yes  Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi  I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. 352352 Yes  Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi  I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important Learn why this is important https://aka.ms/LearnAboutSenderIdentification [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. 352352 Yes  Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi  I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. [CAUTION] [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. 352352 Yes  Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi  I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.es%2Furl%3Fq%3Dqueryz0mi(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253D%26sa%3Dt%26url%3Damp%252fsafrareal.com.br%252fyoya%252f5jo3txpcfyzbajysuzq86dl0a7xrer8uwmv60%2FbHNtaXRoQHJlbGlhYmxlY29udHJvbHMuY29t%24%3F&data=05%7C02%7Clsmith%40reliablecontrols.com%7Cdf8cad438dae44616a0208dd058956e0%7C70dc28cdaa9f493cabf35c1ff69c0ddc%7C1%7C0%7C638672810637105669%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=up6lPNcwGdbVJvD8diFCDQaetYjXN0Cn53CcecyWjy4%3D&reserved=0 352352 Yes  Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi  I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span    /* Font Definitions */ @font-face {font-family:\"Cambria Math\"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:userbri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; font-size:11.0pt; font-family:\"userbri\",sans-serif; mso-ligatures:standardcontextual;} a:link, span.MsoHyperlink {mso-style-priority:99; color:#0563C1; text-decoration:underline;} span.EmailStyle22 {mso-style-type:personal-reply; font-family:\"userbri\",sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt; mso-ligatures:none;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --> Yes  Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi  I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span Yes  Have not received estimate. Thanks Cyndi. Thank you, Thank you, John M Herrmann John M Herrmann John M Herrmann SERVICE MANAGER SERVICE MANAGER Hill Idealease, LLC Hill Idealease, LLC 740-633-3011 (Office) 740-633-3011 740-633-3011 (Office) 724-531-1195 (Cell) 724-531-1195 724-531-1195 (Cell) 740-633-2140 (Fax) 740-633-2140 740-633-2140 (Fax) ------------------ ------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 From: From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Sent: To: Cc: Subject: Unit 321806 is in the shop. Unit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi  I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span Unit 321806 is in the shop. Unit 321806 is in the shop. Unit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Unit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Thank you ~ and make it a great day. Cyndi Matvya Cyndi Matvya Service Administrator & Accounts Receivable Service Administrator & Accounts Receivable Shamrock Utility Trailers, Inc Shamrock Utility Trailers, Inc Shamrock Utility Trailers, Inc 500 North Center Avenue, New Stanton, PA 15672 500 North Center Avenue, New Stanton, PA 15672 500 North Center Avenue, New Stanton, PA 15672 500 North Center Avenue, New Stanton, PA 15672 500%20North%20Center%20Avenue,%20New%20Stanton,%20PA%20%2015672 724-925-9200 724-925-9200 724-925-6999 FAX 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 From: From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 jherrmann@hillidealease.com mailto:jherrmann@hillidealease.com Sent: To: cmatvya@shamrockutilitytrailer.com mailto:cmatvya@shamrockutilitytrailer.com Cc: rreuille@hillidealease.com mailto:rreuille@hillidealease.com lzwiesler@hillidealease.com mailto:lzwiesler@hillidealease.com Subject: Good morning Cyndi  I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you, Thank you, John M Herrmann John M Herrmann John M Herrmann SERVICE MANAGER SERVICE MANAGER Hill Idealease, LLC Hill Idealease, LLC <span <span "
    ], 
    "from": "HRmanager <Reliablecontrols_Reliablecontrols_tjah@almajapharma.com>", 
    "to": "Lindsay Smith <lsmith@reliablecontrols.com>", 
    "attachements": [
        "b77vbvbvn.png", 
        "ilil.pdf"
    ]
}
                                URL: Email Model: Joe Sandbox AI
                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Kindly check link below about our annual",
  "prominent_button_name": "WWW.VACATION.COM/SALARY/VACATION/OFFICE",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                URL: Email Model: Joe Sandbox AI
                                ```json
{
  "brands": [
    "Reliable Controls",
    "Vacation.com"
  ]
}
                                URL: http://safrareal.com.br Model: Joe Sandbox AI
                                {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                URL: http://safrareal.com.br
                                URL: https://en.wikipedia.org Model: Joe Sandbox AI
                                {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                URL: https://en.wikipedia.org
                                URL: https://en.wikipedia.org/wiki/Main_Page Model: Joe Sandbox AI
                                ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
```

The provided image appears to be a screenshot of the Wikipedia homepage, which does not contain any of the typical indicators of a landing page. There are no visible trigger phrases, prominent buttons or links, text input fields, PDF icons, CAPTCHAs, or urgent text. The page appears to be a standard informational website without any signs of a landing page.
                                URL: https://en.wikipedia.org/wiki/Main_Page Model: Joe Sandbox AI
                                ```json
{
  "brands": [
    "Wikipedia"
  ]
}
                                URL: https://wikipedia.org Model: Joe Sandbox AI
                                {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                URL: https://wikipedia.org

                                Created / dropped Files

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):290
                                Entropy (8bit):5.148432223411645
                                Encrypted:false
                                SSDEEP:
                                MD5:D0239B9FADF19468BB10DB69A249E887
                                SHA1:308D15095D9B2F1E19DEA2CD5F685343381AB4A0
                                SHA-256:23DEE3E28D263B021F919FBDC861937D22C9B8D19909BF17BD72DDEA7D620129
                                SHA-512:1C9B64A967F43AFE9CB3665B5F61D3A8EA5240E2B6C89DD23E448C1339DE601F789DF458A78656755ED966D708FFC5E9D3A07A5197F5FA3CF93739290FBFC447
                                Malicious:false
                                Reputation:unknown
                                Preview:2024/11/15-12:04:54.800 1584 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/15-12:04:54.802 1584 Recovering log #3.2024/11/15-12:04:54.802 1584 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):334
                                Entropy (8bit):5.199977157331789
                                Encrypted:false
                                SSDEEP:
                                MD5:B800CB054F2C3E06615DCAE7C9A117AF
                                SHA1:A4C09CAE7B674AD2EAC3E44DC044ADA1DB1E4C7C
                                SHA-256:C59A19A760B5C108711B51799716B9EF41B7671801744B6CA441C70483D7C894
                                SHA-512:55730AA442A5494DCD59F735510D3D9C281B28954834D48A8C7011D34B2FC7AF611F82330B70D745B09B168C3F98CF10BD2928BF5710D4B1E7F60736E22269DA
                                Malicious:false
                                Reputation:unknown
                                Preview:2024/11/15-12:04:54.675 1d18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/15-12:04:54.679 1d18 Recovering log #3.2024/11/15-12:04:54.680 1d18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3ec4925b-7702-431e-b8d7-825aa04c3b3a.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:modified
                                Size (bytes):403
                                Entropy (8bit):4.986781911962135
                                Encrypted:false
                                SSDEEP:
                                MD5:6F004FDDF5854FA5E1EF874E16EEBF4E
                                SHA1:093582B7124187670933FDD88504ADB03AF4D060
                                SHA-256:339E6BA86823DFE2EAFB35F6894D45F6389343BBE031E8E211CA44FEB685486A
                                SHA-512:1778D199C41533F7FDB18B8B5AD767DBB1A13AC266EB7306BB0E9882F97DFAD924A3D88DEFB7A7F3D225BE308E5109C302A1B01E964A409D043002F37DE8A3C3
                                Malicious:false
                                Reputation:unknown
                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376250300488540","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":236881},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):0
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:
                                MD5:6F004FDDF5854FA5E1EF874E16EEBF4E
                                SHA1:093582B7124187670933FDD88504ADB03AF4D060
                                SHA-256:339E6BA86823DFE2EAFB35F6894D45F6389343BBE031E8E211CA44FEB685486A
                                SHA-512:1778D199C41533F7FDB18B8B5AD767DBB1A13AC266EB7306BB0E9882F97DFAD924A3D88DEFB7A7F3D225BE308E5109C302A1B01E964A409D043002F37DE8A3C3
                                Malicious:false
                                Reputation:unknown
                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376250300488540","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":236881},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4509
                                Entropy (8bit):5.235225933633482
                                Encrypted:false
                                SSDEEP:
                                MD5:53CFB2778712A9257F27DFC82AAD4595
                                SHA1:22B03D14CAD906D0D7FF6B8F944DBD65F6E88E75
                                SHA-256:70D7CD76314C21E94FE6523AD7E24A0EF8FEF87B3B2FBB3A3F51ABDA97D833A5
                                SHA-512:CD8E0F204CD7BA990D10048A84F43A170C59159B8B5CF62503C567DE4C858D26FAE0F3774E72B52B5E88BDD3BD4F67AC01E9E7A1BACBF9F41BF1C456ED2C6AC7
                                Malicious:false
                                Reputation:unknown
                                Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):322
                                Entropy (8bit):5.215474404548316
                                Encrypted:false
                                SSDEEP:
                                MD5:3708AEDD0A97738E85FF2841AADF116D
                                SHA1:8F91217326027339BDF012F5731E3B5C4703F0F6
                                SHA-256:6CB26026FF25B9894710F9E5BC171E5EF8A0352D57EF9BC67533277D983CD5EB
                                SHA-512:5742FE74C0F5ECECF2D44FCC2EFE5986544845D716269AE42D3F2E4EEF0841A892F4ACA72785ADFE88255DBA53D6D46057369A7B7976B46FE2205A5FE803CC03
                                Malicious:false
                                Reputation:unknown
                                Preview:2024/11/15-12:04:54.836 1d18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/15-12:04:54.837 1d18 Recovering log #3.2024/11/15-12:04:54.839 1d18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):57344
                                Entropy (8bit):3.291927920232006
                                Encrypted:false
                                SSDEEP:
                                MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                Malicious:false
                                Reputation:unknown
                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):16928
                                Entropy (8bit):1.2151319694836435
                                Encrypted:false
                                SSDEEP:
                                MD5:2881EC2C5360E02A33C9A6253DB8D844
                                SHA1:81995435EE9775CA83E3056259FBBA3BDB1CEABB
                                SHA-256:C38921BF5419692EC73B6E1C0ACCE404ED3D37333D7A4C744CF46C8D90AFA491
                                SHA-512:3B79E290BD869D83AB2693685F233450EAC7592648FB55B48CF9CD77468E707B289770BFC10A4FB2C8796DD213F0A9FB05C772D0E9BDEAB8C9F3342C19F13AE4
                                Malicious:false
                                Reputation:unknown
                                Preview:.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:Certificate, Version=3
                                Category:dropped
                                Size (bytes):1391
                                Entropy (8bit):7.705940075877404
                                Encrypted:false
                                SSDEEP:
                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                Malicious:false
                                Reputation:unknown
                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                Category:dropped
                                Size (bytes):71954
                                Entropy (8bit):7.996617769952133
                                Encrypted:true
                                SSDEEP:
                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                Malicious:false
                                Reputation:unknown
                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):192
                                Entropy (8bit):2.742553200765872
                                Encrypted:false
                                SSDEEP:
                                MD5:496BA39A228389407D6AEE7E5A7B8B17
                                SHA1:32563B438E70A1B83A4E07965264283BCEDEAEBF
                                SHA-256:2C726B42DBBCF7F83620D806CAD4A71CC28B6DE55DB5E463B076B43ECA9A3123
                                SHA-512:BB636C7E40FF128240909382DD88E69CA01EB7A57286AB966D301EF30C728F8D7E1E04BB15BA5E96C5CB6E232957B52F774851C8F0207AA54FD5DF1C3981899A
                                Malicious:false
                                Reputation:unknown
                                Preview:p...... .............7..(....................................................... ..........W....r...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:modified
                                Size (bytes):328
                                Entropy (8bit):3.144086598890895
                                Encrypted:false
                                SSDEEP:
                                MD5:A82BDED5C05A9435A5968E5F078B9449
                                SHA1:1F06ECFB1E9F3217ACDABB6C21CF75650D88CF5D
                                SHA-256:C2A9F8BBAB3C943FE9967AB291AE89569F4694E511AEE48C85991D8C4931195C
                                SHA-512:9BDBEAB198073851420C4D3418684596E5F1B2955E407E80461D95898502B9690368534DBC8139CE2E4E33C122AD0A4F87EC69BCD0E507DC0827E73C83CBE73D
                                Malicious:false
                                Reputation:unknown
                                Preview:p...... ........=....7..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):0
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:
                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                Malicious:false
                                Reputation:unknown
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7704

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):1233
                                Entropy (8bit):5.233980037532449
                                Encrypted:false
                                SSDEEP:
                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                Malicious:false
                                Reputation:unknown
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):0
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:
                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                Malicious:false
                                Reputation:unknown
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):0
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:
                                MD5:B60EE534029885BD6DECA42D1263BDC0
                                SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                Malicious:false
                                Reputation:unknown
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7704

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):10880
                                Entropy (8bit):5.214360287289079
                                Encrypted:false
                                SSDEEP:
                                MD5:B60EE534029885BD6DECA42D1263BDC0
                                SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                Malicious:false
                                Reputation:unknown
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):227002
                                Entropy (8bit):3.392780893644728
                                Encrypted:false
                                SSDEEP:
                                MD5:265E3E1166312A864FB63291EA661C6A
                                SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
                                SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
                                SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
                                Malicious:false
                                Reputation:unknown
                                Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):295
                                Entropy (8bit):5.377598421750351
                                Encrypted:false
                                SSDEEP:
                                MD5:DAC059F91908FCDE883C9DD2C3D474AA
                                SHA1:7E7E0B1F2F04051B41769551934F25B550111384
                                SHA-256:67900660F4A057A6B298F7F35B6B0E340D94289B04B26A87B05BCDF65E68FE48
                                SHA-512:9C3381A2BD56B5BD4E367DC5B847A4B4980EC745FA74A3A6F977D2BAA8F934FC9E0BEDE91FEA6A01EA9B7CAC2D50D5A9EBDB520A8FAD175E0BEBAE5D8BDF9448
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):294
                                Entropy (8bit):5.325698141063384
                                Encrypted:false
                                SSDEEP:
                                MD5:6E5254D83573663D4EA8D9B05FA9B909
                                SHA1:179DA28E717F79D5280E06B0B09B01AF00DA0774
                                SHA-256:D159D76D360F2B2A04D50F8A357948CE8AE5E0B943E4FCC1832A4AC356737763
                                SHA-512:B271E6B5C3BC04A4F62D7F86B05CFA4CE60F18324E82E98E172717A054812F38F627EFF10B1C06EA488C5C49572F349D1A944FFF8545C9FA4A7C817F7A443A0B
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):294
                                Entropy (8bit):5.304965934978053
                                Encrypted:false
                                SSDEEP:
                                MD5:60771C8EB357AA4ABAFF471158DF6FDF
                                SHA1:4F7B7E86CC959E6AE5F0E4E97178DF96BCCBDEE7
                                SHA-256:17C705B8842F972386F79052B0F2D79C3407B85485DB551C3FDB873F40C28DC0
                                SHA-512:1E34161932DBAF852FF35259709971CACF0EE73E69A246075E07D3FFDD10C013E601831ACB13B4293B25330FC1C16B22F1DF61A8D487A172D6465FBC4D1A3F90
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):285
                                Entropy (8bit):5.366478085418826
                                Encrypted:false
                                SSDEEP:
                                MD5:47F2E14BF5F2106925EE5BA83535A2DE
                                SHA1:1F4D0AEFDD60A3A322E425D38953671B43F019F3
                                SHA-256:D1F8A94656CC6D71CAB455649F044BB42CDB29FDE009BCF1CD1DAA354B4543BF
                                SHA-512:1F0B59A2AB367F531E13E03981F43B528446BB481A21B41B328343429DAC7123273CD60A4A49B913C85B76D1D73D727B5035A44E9907B723F9E1C761607C7F7D
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1123
                                Entropy (8bit):5.682530354641204
                                Encrypted:false
                                SSDEEP:
                                MD5:93A98F7B1F8E864EA2F53664EC9C1A11
                                SHA1:E3BC8282B1F1C6CACD8C7C10FDBC90C7E8F1367F
                                SHA-256:EFE005F22561AACE4E995412286B2E2263CC206E5C5F98279CE8CC0CB28696C5
                                SHA-512:A5064F8EB42BF5D6D8BDDC5C87412110B8A6DFA390A10079BAF28923BE20AF0C45739B00BF1C1537E9D158D721F7CC068EC8A42EFEEEC4E745DA7272F5A9E291
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1122
                                Entropy (8bit):5.676432238302157
                                Encrypted:false
                                SSDEEP:
                                MD5:07D03261476A360A373C78A8C39F3E2A
                                SHA1:24CB5F0C193CBC1C8FA32CFB4047F0550147EA5B
                                SHA-256:69D867A8C5C4FEC2D1364D2078280B4C58E0D7C301EBBE21A431BE0E917CE2AE
                                SHA-512:5EE3E407EDB53FA28B056BBEC5738329894ACFEBB5A29FE3C8FF75D07E0684BE934380AC355797EFFA14130A322D042118F51564643D27FD278DE25875888C42
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):292
                                Entropy (8bit):5.312250757862085
                                Encrypted:false
                                SSDEEP:
                                MD5:54C60F582751FAAB874D6CA0F859946F
                                SHA1:036FEF92996E31FFD5F02FE8109C2CB4252D970E
                                SHA-256:8C202B383B00FCB9D49B92A793CE01D66818116A6F7F52EE204294696C7E010F
                                SHA-512:AD1B9E8F2D39F2B5AADB64043E4F6B4726C353867DCA526D5903A7642EEB8A176DC250F87DF7CE9AD39AD821D09228DBC60D2AA9D8891BC962FD73D1049BC52E
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1102
                                Entropy (8bit):5.667005806362385
                                Encrypted:false
                                SSDEEP:
                                MD5:1F2777DCE9D7744720261E3463CCCED9
                                SHA1:13EFAC175EB273029A24E9FB94DF8E903898600B
                                SHA-256:B372572BB29DF1242903ABE90374ACD2ADEBF9C2FF9E2F3B1D2A7D1B46A780DC
                                SHA-512:A96D396C45CC46F0E80F3C73719BB7DB9BF1622E0E40768FE195FE04E3452B1DDE4C5C536F45E2CC5F6CB88EC01D7E02EA01737084C0999A86367336C2BE2B0B
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1164
                                Entropy (8bit):5.694135156427056
                                Encrypted:false
                                SSDEEP:
                                MD5:F68DB406F9B4FEED14408E7A9FA0B237
                                SHA1:C41DC574B33FC6B110E57BDB2FA1CCC2EE31405D
                                SHA-256:6599FEE60D24DA84B2324B9741CF1813653F85AD42E500FB38A128AA52A66FB4
                                SHA-512:74BE0D6B24E11FA91DE6AB9B040E65F00314F96E26AD76BF8D51B9A1E16AE0DB7F6A41194427E328953D0A088725EE0DA3CA5C98CB7967F742FAB72D5D224F45
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):289
                                Entropy (8bit):5.315800992241214
                                Encrypted:false
                                SSDEEP:
                                MD5:32DDB1329D6FF72224D3D5F86B02FA5B
                                SHA1:4F5E6BFB26BDB64F9D2D79AC2F834D08FFEA6432
                                SHA-256:ECEDFD914E45BD1414745BE8F04112B10CF4049B4BD111E88C09259231FC3F79
                                SHA-512:4F9726AE3E0ECA08B9119388E44F30F91F75AFBF0EA06ADE6033C07666219408B7881CEEA3F99394FE9B2751A629C7089107947236C5E1AB48A8F1B1AFD83665
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):284
                                Entropy (8bit):5.302710905167666
                                Encrypted:false
                                SSDEEP:
                                MD5:87466734527B598FBBA87345A6928A94
                                SHA1:C10DE65DEEB1286DCC56E8BC89D93733389FCE7F
                                SHA-256:B73EF64A4379B537E8EDDAC7762F1306D22B35B83E74790BFE531C55F9C30CF7
                                SHA-512:FDBDB344F53A7113AE978DC19F08EAD77E74393E5BFDD2676652928F915B3F8202D7CAA7F676A9BBF887C74C07C0F517E32359392DFE9E33EB7E8EF8EAB132E3
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):291
                                Entropy (8bit):5.299239492030258
                                Encrypted:false
                                SSDEEP:
                                MD5:EF97EEBAF99BEC3DBFC064E925345336
                                SHA1:0F1B5EA890FD1C5CFDE88D6064FFD9873A0752BE
                                SHA-256:24B3D746B402912278F9180C48D5FDBC7AEAF75F5DECAC82468183CF2A13092D
                                SHA-512:C6E5AB1B6A6E2F4F5ECB8A5CEDFD97307E01875CD7F0B9ED3EFC8C6741078839326022083F4B0ED96DD605720EC5E6391EAB81336C7880A2951897C72359217F
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):287
                                Entropy (8bit):5.30252514106175
                                Encrypted:false
                                SSDEEP:
                                MD5:0110A30F6E1FC61521FB25AA6E4F7A9C
                                SHA1:755C984736E2D55D9AB7CD147B8A375239401A9B
                                SHA-256:391DF66A0A1B64934D897422DAABB24A14F451527C4DBFE8CE46FCE112090602
                                SHA-512:ABC9B495A9BB0DCCBC2992E37033DA8316F7CE8EFCBA3F228A208A8919F5AFAD8FBC202D1C0DA85C797B64DABE1EC602D1A8CA9533EAC8156164C1C7BE4BBAA7
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):1090
                                Entropy (8bit):5.655686107445695
                                Encrypted:false
                                SSDEEP:
                                MD5:9AFA61C1A461A813A14FC8157659EBC4
                                SHA1:C43BC1C3E3CF4297AEEFB25846B74AB4965335BB
                                SHA-256:25E3B187F59E13E79D07943F6C1978D1144649187B2B66962611CD7C249C4BF4
                                SHA-512:81D336ECDD2964313E5A81E2460E59B6DA86F77DBD0FB0FF556BD22F350613C987DE5F2A37ABF8D36DC4B62A3AFB53FAE37BD89F4BFC1464839CDF9812B1D2BB
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):286
                                Entropy (8bit):5.2760508346817625
                                Encrypted:false
                                SSDEEP:
                                MD5:D49DE890FF249950BE7C10E8547E14A8
                                SHA1:9C98CEC34D81BDA59772E6B3DFE512193D7BD1FF
                                SHA-256:3FEBB9E93EE40CC9A0B2A402E26B9FDFA8556487CE5BE1465A0F2D2E7BC16349
                                SHA-512:649E502E84F55C875B87573F91AAA3688FA18E67F6CFDC6D1B096F196AE3FF52B1BDF34099056A962631484378D8E86456830665D061E076B6A4131E4C7FD52E
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):782
                                Entropy (8bit):5.365568465338804
                                Encrypted:false
                                SSDEEP:
                                MD5:6E094EDFF7382DFEE4F00AFA655028C9
                                SHA1:9A271F29DB51815848F78E726443AF13BDA8805F
                                SHA-256:836D14435268EC2CE39A915682092DFD13E44D89601AF302E9913D6A3071D3B1
                                SHA-512:000037BC34A25984166E67843E6A8FDB4DB030D098D317A6AAF060147A86B0C27E717C598A009A789A171DA7D881D33B9B98ECBD5BBE78141FA85C3FD0C85B71
                                Malicious:false
                                Reputation:unknown
                                Preview:{"analyticsData":{"responseGUID":"ecb1dadd-6d6f-4759-93e3-3e25d5bd7465","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731866085580,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1731690300612}}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4
                                Entropy (8bit):0.8112781244591328
                                Encrypted:false
                                SSDEEP:
                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                Malicious:false
                                Reputation:unknown
                                Preview:....

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2817
                                Entropy (8bit):5.118562935981187
                                Encrypted:false
                                SSDEEP:
                                MD5:DA0B6059B87A3B924BD5FD0F95580E33
                                SHA1:24DAF88E046DFEBAEFD9A5DC7AC9C2653F843EC2
                                SHA-256:E7522677EF2369DC5F88DB6B3331FBC487749E169B80ED459165C8E7DF19FEAF
                                SHA-512:E5D136409F2FD77771DA7C6DE173F2808F9CB3BC22B356574FA18BD5A7B57DDE78113F698E8574C273E02336437065767705114B0C7D07D5AE77413F81E8F66E
                                Malicious:false
                                Reputation:unknown
                                Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f33fbece16fca373d6b36761f8193450","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1731690300000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"a69758f3ee1084280906a72063aad103","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1731690299000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"f8e3f4c2df372af0d8891a218e374f13","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1731690299000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f302944109bc689b8855ef0f7d7ac93d","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1731690299000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"bdafe785b63eeab349704916c612ea1f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1731690299000},{"id":"Edit_InApp_Aug2020","info":{"dg":"f33657008d9c31fd9273ac79b5035a1e","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                Category:dropped
                                Size (bytes):12288
                                Entropy (8bit):0.9882901972622455
                                Encrypted:false
                                SSDEEP:
                                MD5:30B946CBED8F7E41FFC66CA289AF7350
                                SHA1:1E176057730BD85418C295B7F7FD02D7454489D5
                                SHA-256:22A7187AF855DABEA9366B9163A6E2358DC46010BD7D2719F8E43B4E5FEE500E
                                SHA-512:9E847213ED52810F833941BCCF0562037B2574C076344B12B5988BCC2F1BE57EB08AA04B7CA855680ECBD6EEEA9AFCD45200BB6B7F9AA32914A0A748B0636802
                                Malicious:false
                                Reputation:unknown
                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):8720
                                Entropy (8bit):1.3447887260338929
                                Encrypted:false
                                SSDEEP:
                                MD5:A574B855A01B52CA873B094AB7F19174
                                SHA1:BE89F136534736280AAC71F88C0101743883AF45
                                SHA-256:8B2D1E71D594A6CCC843C0D8F2158CB6798C359EE0ED6D1F473DE204E3B19AB2
                                SHA-512:3C34C12DFEC9C87DC3340CEC5E0E200EFDFF52D0544AEF2A012F0EB6F2489089327AA06C946B0F0DF613E65A99D89EB3697675A3594BEDE03EC80FB6FFC01FBA
                                Malicious:false
                                Reputation:unknown
                                Preview:.... .c......F........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):66726
                                Entropy (8bit):5.392739213842091
                                Encrypted:false
                                SSDEEP:
                                MD5:164AEC01349F0FA8BFDD0EFCDCC03915
                                SHA1:8CA4986FEDFD1CD4197CE758BC133BB1CA5A47EB
                                SHA-256:0BDCE438D67F23E7DDFAD5C5242531B0F66BFCF92E83B4FEE5728D5A4F408C47
                                SHA-512:9E591FC4626BCCCC671B78B1A1547546ABF9840AA6AF714A5E88E92D59ECB14E248AC2D078D6734D88F9CE9D16C347AA062B58554CFC24C01948C917FA9CD053
                                Malicious:false
                                Reputation:unknown
                                Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:modified
                                Size (bytes):231348
                                Entropy (8bit):4.389348038153069
                                Encrypted:false
                                SSDEEP:
                                MD5:93A4D2E13D05440DF19633ED26FAA47F
                                SHA1:C78663F00818947087B51C5D691B291F9CC2E7DF
                                SHA-256:ECBC83BBF042AC381B4A4A3C147010633C5B5C1AC291EB40679CC0FCF1165668
                                SHA-512:816E62E7A5A7C4F34C4CEA64302CBD3A63097FA65FF2C0F79F57530AA55E662BE44E127030040F99E5A303E937B65FEBBCBD0E3D1005CCF83DC34203B20B2FE4
                                Malicious:false
                                Reputation:unknown
                                Preview:TH02...... .P..c.7......SM01X...,.....c.7..........IPM.Activity...........h...............h............H..h<..............h............H..h\cal ...pDat...hP...0..........h..............h........_`Uk...h....@...I.lw...h....H...8.Zk...0....T...............d.........2h...............k4.3.....4.1...!h.............. h..............#h....8.........$h........8....."h.......@.....'h..............1h...<.........0h....4....Zk../h....h.....ZkH..h...p...<.....-h ............+hM.......0................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                Category:dropped
                                Size (bytes):322260
                                Entropy (8bit):4.000299760592446
                                Encrypted:false
                                SSDEEP:
                                MD5:CC90D669144261B198DEAD45AA266572
                                SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                Malicious:false
                                Reputation:unknown
                                Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:ASCII text, with no line terminators
                                Category:modified
                                Size (bytes):10
                                Entropy (8bit):2.9219280948873623
                                Encrypted:false
                                SSDEEP:
                                MD5:D744E0E40DBFC1D1C6B1F8F25313EFC4
                                SHA1:DE22598AB8FB154AEBCEACFE7E000EAF8049F16B
                                SHA-256:D7BEC90738C4F604E5EA26FCA30523ED007E6231FF7B1D367B1E2F377845050D
                                SHA-512:A53BBAFE0C3710391572B64D7C8B9D3E2BC5542409B35251E63C1F980527B3DD460452BDF0607FFE23071C609009E825DC505E13466CDBC7D6FAF45924A4277F
                                Malicious:false
                                Reputation:unknown
                                Preview:1731690280

                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4087DD95-8333-405A-9FF3-72016724BE08

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):180288
                                Entropy (8bit):5.291008730181623
                                Encrypted:false
                                SSDEEP:
                                MD5:5C59BBE67AED5B70D0EA5F9A13EEB527
                                SHA1:5E15C5BF2366825556D05E892C686F4541B31FC6
                                SHA-256:B3E48FF40102C507EC07B205ECF6A40887732D3F62970223EFD5E209A2F747E4
                                SHA-512:C48E0E6833B20A5A90554B4285508AE1F8BC05EE73F23A4C9D42118CCBD38BCD751C183706732E69A65CE44B881A31B4A0067E2A0865533131261FE64D53C002
                                Malicious:false
                                Reputation:unknown
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-15T17:04:36">.. Build: 16.0.18223.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                Category:dropped
                                Size (bytes):4096
                                Entropy (8bit):0.09216609452072291
                                Encrypted:false
                                SSDEEP:
                                MD5:F138A66469C10D5761C6CBB36F2163C3
                                SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                Malicious:false
                                Reputation:unknown
                                Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):4616
                                Entropy (8bit):0.13700485453793962
                                Encrypted:false
                                SSDEEP:
                                MD5:71843458EC82260F126FD922A123969C
                                SHA1:C28088794BE35A573B36E962739ADD37E0AD9439
                                SHA-256:719190A01B79AE0CF44ED3B710F5D72522A8154502636C798FBA7892EDAA0C53
                                SHA-512:850C9CB5A97E380F7DFD44C2C12DD4F602221CB1926028383ECBD1EA427483E7D3CB9144090081F2F9492D85A8F38ACDB5D4D761D887C7A2B4B80655A4CC9EC4
                                Malicious:false
                                Reputation:unknown
                                Preview:.... .c......$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):32768
                                Entropy (8bit):0.04470641479249482
                                Encrypted:false
                                SSDEEP:
                                MD5:DA7A32BB53467ED1A4B002A95D6CFC31
                                SHA1:0BF797BD1961E0BAF9F3B4A760B67CA6844657D2
                                SHA-256:641FB3FAB1BDEC9710627D394F0CC3E16490AE6E75A6BF1377BF0B1ACCFE05C1
                                SHA-512:8705EF6200D6D5E03823FA87392E9A697F320C1240009888F25474EE8B663B974DD8B9F8C9C0342297BBEBA27DC9A90F017B2B27D115AA5BFD5CF65BF08835AA
                                Malicious:false
                                Reputation:unknown
                                Preview:..-.....................Q_..{.).w^ATQS.vI4.....K..-.....................Q_..{.).w^ATQS.vI4.....K........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:SQLite Write-Ahead Log, version 3007000
                                Category:dropped
                                Size (bytes):45352
                                Entropy (8bit):0.3922014035221513
                                Encrypted:false
                                SSDEEP:
                                MD5:1B10826886152F8FC161CD779ADE5B75
                                SHA1:C9D4D386F690B41110F050873B6711C4513B5B62
                                SHA-256:207CD9D4F35F8C0A3647DF6BBA5AF2D6A65B9E3AA72ED875087A185C5F26A13F
                                SHA-512:4CAC7A00F8B5F9584E60C588E2AD1095D100AD6BCA426BF1FF51ECBD90C9B9FA3EAC0888398AC42CFC6A803F576DABAD7B2CFF377A336B9B9048B900DF35945E
                                Malicious:false
                                Reputation:unknown
                                Preview:7....-..........w^ATQS.v)(a.X...........w^ATQS.v.1..[Yo^SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1BB1CE2.dat

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:PNG image data, 2426 x 776, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):167003
                                Entropy (8bit):7.7485056715695295
                                Encrypted:false
                                SSDEEP:
                                MD5:E8022EE46FC2CEDE54DDE63305F9A0A5
                                SHA1:E8182B39B4EF66BE3C73B00D075AE6B537320AD1
                                SHA-256:069F5BD537D2ED44DD7F61E6074C8E6C0FE8610C85BB78A198C7A52CC311C39F
                                SHA-512:DD6ED848482D95801551C1D46B5C8A7E6FCC5BC745A4118672B43A16851B91E16236AD4AAD0EEA71AA6A7FB7DAE1EAFA65F77D22DD3EE705B3DD6FA5069FE204
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...z.........|..6...?iCCPICC Profile..H..W.XS...[..@h..........B. ..6B. ...A.,*..TD....(v@.E.a_,((.b...I.]........s.?g.....j'9"Q...@.0_...@...B'.....2.N.n......`.j.^......f/..g..-.<~...$..4^.7.....\.8....7../.bX......")..j)N..2..X...(.p8...T.@.^......;.y.!.jt.}ss.. N.... ..3.~....f.&..1..s...@A.(.3..L....9.!....d.Cc.s.y..=%\.U ...EFA.....Of.1J..&..Q.n.....@.....Cl.q.0'2B..........N...!.x.?/(Na.I<%V..mH.....<G,.+..@...T......jaf|...........B......S.....Kb..C.........tqp..47oh..L.;R...g...r9...\.+|!3aH..7.bh.<~`.|.X._..... ......)..h.=n..........)...pA...tQ~t.<N.0...-.._."....:......, h.k.w.`..b....^...H....5...?!..q..^>(...aV~......l...\..r.D6J8.-.<.....9.ra.9.J..=?.~g...P0.!.t.!Kb.1..J.&..../.G..?..8.....w{.SB.......p{..H.S.cA...V."..\..P....}.:T.up}`..B?L..zv.,K..4+....6......HF.#..d.G.....Hs.c~...5........6.gKl.v.;....`G.F@.N`MX.vL..W.......+.'.....o..J3..X....E...}G...... #3.._.>.-.:..;;:.. ...__obd..D..;....|N........`.

                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0E5176B2-6302-41F2-B2D6-DE06F3829FCF}.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):13124
                                Entropy (8bit):3.6179252871544594
                                Encrypted:false
                                SSDEEP:
                                MD5:6B3526D1558CEEDDC3FAD5AAAB4B5E7F
                                SHA1:EA49A95C29D6A7C9BD344E19C296D7BBAB6F611E
                                SHA-256:6F589C1B007F2C98615899F7B34D953B78DE42253E48C7DCDA2FB7A598F0DA2A
                                SHA-512:FFF3E7A3406EA8C53A7899E9C4B11E2FF0F02092665304CDE4BFEBD5223B1D50207C81F151D21448FC2EC484824081DB10B275468BA6A989EA9EC98F57847F26
                                Malicious:false
                                Reputation:unknown
                                Preview:......Y.o.u. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .r.e.l.i.a.b.l.e.c.o.n.t.r.o.l.s._.r.e.l.i.a.b.l.e.c.o.n.t.r.o.l.s._.t.j.a.h.@.a.l.m.a.j.a.p.h.a.r.m.a...c.o.m... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".............................................................................................................................................................................................................................................................$.......2...6...:...>...B...F...J...N....................................................................................................................................................................................................................................................................$.a$.,..$d....%d....&d....'d....-D..M.......e....N..........O..........P..........Q..........*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1731690274080765200_DCA3EF46-2D50-4F26-9BF9-7EB553B13757.log

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:ASCII text, with very long lines (859), with CRLF line terminators
                                Category:dropped
                                Size (bytes):20971520
                                Entropy (8bit):0.007169070529174946
                                Encrypted:false
                                SSDEEP:
                                MD5:0425655C587D80100BFFB76E71D4FD18
                                SHA1:9CDB2B9B635EE19E36C299EE9F22B097C820786E
                                SHA-256:9B8D6E5A9999F485068DDF0BB9CA788ABDE0DFBC4E8072839ABE02C61CF4B09D
                                SHA-512:C970C1B136D418DB82E425486030056261348B6E7F34E2C0A86D688361CA1F0D01C3709DD25C1491629BF14E8024E61288A4B7746E68B5EE1271B3DA3716DB47
                                Malicious:false
                                Reputation:unknown
                                Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/15/2024 17:04:34.101.OUTLOOK (0x1B50).0x1B54.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-11-15T17:04:34.101Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"F64BF2AA-4C76-4F39-BD4C-50C936F2C6F5","Data.PreviousSessionInitTime":"2024-11-15T17:04:09.474Z","Data.PreviousSessionUninitTime":"2024-11-15T17:04:12.739Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...11/15/2024 17:04:34.133.OUTLOOK (0x1B50).0x1A9C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22

                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1731690274081511300_DCA3EF46-2D50-4F26-9BF9-7EB553B13757.log

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):20971520
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:
                                MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                Malicious:false
                                Reputation:unknown
                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\MSI16a1c.LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):246
                                Entropy (8bit):3.51161293806784
                                Encrypted:false
                                SSDEEP:
                                MD5:B5A602DC7A78A7FAC01A4F7BE8DFEE8E
                                SHA1:39D199F91D44C1F03A3BDE36AFE285487A0A20AC
                                SHA-256:88A16C89CD98134E4A62C831B9C0CD80A221312D3A18BC2D0887864417A97FB2
                                SHA-512:2768B9313FA6B3CE538037AC4EBAEA925058961AF6F75BE6B4910FFC258E46DE9267705A8D06A64317F96D60D48D37E0032D71174FF04EC79242F9EC25743980
                                Malicious:false
                                Reputation:unknown
                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.5./.1.1./.2.0.2.4. . .1.2.:.0.4.:.5.8. .=.=.=.....

                                C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241115T1204330925-6992.etl

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:modified
                                Size (bytes):135168
                                Entropy (8bit):4.68229309748509
                                Encrypted:false
                                SSDEEP:
                                MD5:9EEF85212C871B2142E09A0424229BE1
                                SHA1:36D54BCC3DB54C09263DB29DD674950DFC9730EC
                                SHA-256:462F292F10B8F18F48DEEB1CC7416590EB97276B829C0FC795EFE294DE4C92FF
                                SHA-512:0CE90D6F4AF92E8AE5132C2AB5E0426F30856A75E88B8173BD3A090132E59A3E44DC9317DE43E45BBFF516817587319A3D993E56B2138D44158D118A42C98694
                                Malicious:false
                                Reputation:unknown
                                Preview:............................................................................`...T...P......q.7..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1........................................................... ..7.Y.............q.7..........v.2._.O.U.T.L.O.O.K.:.1.b.5.0.:.a.a.6.e.5.6.b.1.f.3.d.e.4.e.4.1.8.2.0.f.d.6.4.8.9.2.b.4.3.3.5.7...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.1.5.T.1.2.0.4.3.3.0.9.2.5.-.6.9.9.2...e.t.l.......P.P.T...P......q.7..........................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-15 12-04-53-957.log

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with very long lines (393)
                                Category:dropped
                                Size (bytes):16525
                                Entropy (8bit):5.353642815103214
                                Encrypted:false
                                SSDEEP:
                                MD5:91F06491552FC977E9E8AF47786EE7C1
                                SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                                SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                                SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                                Malicious:false
                                Reputation:unknown
                                Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                Category:dropped
                                Size (bytes):16603
                                Entropy (8bit):5.355943421947724
                                Encrypted:false
                                SSDEEP:
                                MD5:7D2ADFBE26BEAD6C94BD77CB9A0C700A
                                SHA1:23860C1CE59110F0900FB2ED1144DD561C18497B
                                SHA-256:16294326CD77C8AE527039C09CA75007813279BFC3BF2ED05ABE025F62910B38
                                SHA-512:ACFA73CB1B665AF50D3FAFB8B206B6351F650A840E8F8F4DA5CD059F38883CF1F3556A4E0075D8532C5CEB8471FF09F9128607708D6066343045F7FC788DD53F
                                Malicious:false
                                Reputation:unknown
                                Preview:SessionID=95d05b62-fc08-49ad-a3b1-9ee82c701758.1731690293972 Timestamp=2024-11-15T12:04:53:972-0500 ThreadID=7988 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=95d05b62-fc08-49ad-a3b1-9ee82c701758.1731690293972 Timestamp=2024-11-15T12:04:53:974-0500 ThreadID=7988 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=95d05b62-fc08-49ad-a3b1-9ee82c701758.1731690293972 Timestamp=2024-11-15T12:04:53:974-0500 ThreadID=7988 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=95d05b62-fc08-49ad-a3b1-9ee82c701758.1731690293972 Timestamp=2024-11-15T12:04:53:974-0500 ThreadID=7988 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=95d05b62-fc08-49ad-a3b1-9ee82c701758.1731690293972 Timestamp=2024-11-15T12:04:53:975-0500 ThreadID=7988 Component=ngl-lib_NglAppLib Description="SetConf

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):29845
                                Entropy (8bit):5.418551577714875
                                Encrypted:false
                                SSDEEP:
                                MD5:C5524F15F7C4EBE84A03EA38C47A4131
                                SHA1:70FB242E2BB0822BE1B392F356EC6CA788E6C70A
                                SHA-256:98432444A6A858C4732D322DF3CFC3AD35C1F206BDBAD1B219CE9071EF65D82D
                                SHA-512:3B6487607C27D3094C97EBF2E631D7067FE82369BE3480D47FD8FA567E1753B5E3A5693C5966116126D4C3487EF7A9239A8F27B632AE1DAEDC0CB25627591536
                                Malicious:false
                                Reputation:unknown
                                Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                                C:\Users\user\AppData\Local\Temp\acrocef_low\12b2dd33-3823-4358-a8f9-20d61f525370.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                Category:dropped
                                Size (bytes):1419751
                                Entropy (8bit):7.976496077007677
                                Encrypted:false
                                SSDEEP:
                                MD5:0A347312E361322436D1AF1D5145D2AB
                                SHA1:1D6C06A274705F8A295F62AD90CF8CA27555C226
                                SHA-256:094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
                                SHA-512:9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE
                                Malicious:false
                                Reputation:unknown
                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                C:\Users\user\AppData\Local\Temp\acrocef_low\5afc3673-159b-470b-8f8a-fe002fc49470.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                Category:dropped
                                Size (bytes):386528
                                Entropy (8bit):7.9736851559892425
                                Encrypted:false
                                SSDEEP:
                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                Malicious:false
                                Reputation:unknown
                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                C:\Users\user\AppData\Local\Temp\acrocef_low\b86ed90f-c0a4-4ca7-9635-191fe01f360b.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                Category:dropped
                                Size (bytes):1407294
                                Entropy (8bit):7.97605879016224
                                Encrypted:false
                                SSDEEP:
                                MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                                SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                                SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                                SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                                Malicious:false
                                Reputation:unknown
                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                C:\Users\user\AppData\Local\Temp\acrocef_low\e522bf0a-4cf5-40e2-b54f-5c52a1a31aac.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 416226
                                Category:dropped
                                Size (bytes):758601
                                Entropy (8bit):7.98639316555857
                                Encrypted:false
                                SSDEEP:
                                MD5:12DDE6151F5E778520B3C8434B61AD0C
                                SHA1:2D3EA4300ED7D77866B96F7BE2BD8FA4F03D2081
                                SHA-256:4EDFCFF1CCA3192ECCBA77FFB1572D1C544566CFC73749F0FAC5DD0BF0C73C76
                                SHA-512:3DE45A91E3D8A7EF05C37CC274ECD8BD8BCB99A1AAD7A4252AC6714B57AFC281D3BB6926CE2910F7BC366F1595B27EC89D96158D94E2ABEE7B7567ACEA861F93
                                Malicious:false
                                Reputation:unknown
                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                C:\Users\user\AppData\Local\Temp\olkEE62.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):35931
                                Entropy (8bit):7.582617282439254
                                Encrypted:false
                                SSDEEP:
                                MD5:EFBEBEDB61CF74F4E853CEFCEDBC2A5D
                                SHA1:53C3863700CF0F55055BFB21CA224980909E4DD0
                                SHA-256:CF3BFDFD9D5AF477144CE00A5FE0F0483D3FB70392D03DBE76B508F4E12AB7DD
                                SHA-512:3510E04BB3425F67DCF46DB673A308544843D1178A7EC5947BAF0FF717F968F80BF2313DFA519382BF2BAA3EB19864C02EC72391CC0251104C01D865031CDC19
                                Malicious:false
                                Reputation:unknown
                                Preview:$ ..H@.....$ ..H@.....$ ..H@.....$.9...6G..% ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$ ...#...<^...$ ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$.9...6G..% ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$ ...#...<^...$ ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$.9...6G..% ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$ ...#...<^...$ ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$.9...6G..% ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$ ...#...<^...$ ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$.9...6G..% ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$ ...#...<^...$ ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$.9...6G..% ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$ ...#...<^...$ ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$.9...6G..% ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$ ...#...<^...$ ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$.9...6G..% ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$ ...#...<^...$ ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$.9...6G..% ..H@.....$ ..H@.....$ ..H@.....$ ..H@.....$ ...#...

                                C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):30
                                Entropy (8bit):1.2389205950315936
                                Encrypted:false
                                SSDEEP:
                                MD5:27CF7CD43860B4801AB80E85271AB85D
                                SHA1:62C99C0C683848AFA273E0E9736FE99114B3A60B
                                SHA-256:4DCC2C867074CBCD0B95A30B2A94754F23D585DF13E88F2D1FD4F7BC24F5EB2C
                                SHA-512:7EE375DC583AF0C9503CA5B9950768E846C8A52E82EC9721AC85AE76029532129BC3E9CE9129EF37EDA07A8EAB42F3ACF7BF10103B2A6D1FDB49D06BCD96D77C
                                Malicious:false
                                Reputation:unknown
                                Preview:....O.........................

                                C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:Composite Document File V2 Document, Cannot read section info
                                Category:dropped
                                Size (bytes):16384
                                Entropy (8bit):0.6698508818706738
                                Encrypted:false
                                SSDEEP:
                                MD5:C7925C84D5C87BB3B7B7F5166AB9498A
                                SHA1:D2B174179582D6F5A0E74C05E01601417BCA9829
                                SHA-256:1E19172B78FF0E90F19D2AE2194B6CD66D09AD65AAE49791BD6268412180EED3
                                SHA-512:2D5268AB7314D70D2E53A3D4DCBC3975E7BDB8EA9DEE006146FCB734C15566403CE06443DA9837F1B29F64FAB8681240459FB68088A80291EC0C69D489AE5CE6
                                Malicious:true
                                Reputation:unknown
                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 16:04:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2673
                                Entropy (8bit):3.9803124450918306
                                Encrypted:false
                                SSDEEP:
                                MD5:BEAF3A327E0FE15DD2B46B32B3B994BA
                                SHA1:686672C9A837D09CA0E5D40352518BF9924525DB
                                SHA-256:F49B9066E4084FA87485A43C885DE339675C02FA358C7D99B82AE32CC16A43FD
                                SHA-512:697791D877DD26B88943A2C0D84863C2F54023D43FFF634908F1156456E0253E20C2C48E82CAF0B3DD8BB724D522E974E6230DD33725F625DA491E8F2CC52EDE
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.......y.7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.k`.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 16:04:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2675
                                Entropy (8bit):3.997691570729788
                                Encrypted:false
                                SSDEEP:
                                MD5:62D1B360A481F746D7EA2CDEEBBEA7C4
                                SHA1:1038B7928DEBD6E47E16E5B9DDA5E63D6C836AD5
                                SHA-256:8EB78FB3FEB43A788F04169908DA121B7AE04EDDCC308501D9D872ADBD5D60FB
                                SHA-512:5B9B646CC386E5F65C64315079E622AF4B8001CF31E63CB5AA870073ADD055C7C4E300FA4223FE770D613DD28504134D7DE6DF4D22776548C15E0A04A7E29435
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....;..y.7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.k`.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2689
                                Entropy (8bit):4.006710232221369
                                Encrypted:false
                                SSDEEP:
                                MD5:D2DE956623EA384531361AA1B38CD3B5
                                SHA1:5F4A632D6665B9A354319F13ABC60EA36CB25DCA
                                SHA-256:B1AAD7F512BA85DD5EE1A22C0B4965A06626C4C65113A428E506E53A3723539C
                                SHA-512:A1958A316FA50E7903D17839BDD01925304AEAD94BF4491695B2DDAB813C756193F0DF82DB48EB50D7CC07093EE7951CCF1ACBED538C5C601DB1E9427B65BA80
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.k`.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 16:04:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):3.9982194142504004
                                Encrypted:false
                                SSDEEP:
                                MD5:A0832692E17913EDAC4C71CDEB0C8C85
                                SHA1:1D2D5B11A89820ABF4D0EB92772EC521324F381C
                                SHA-256:ED44695416BA9A06C34FEF75FB7322FAB47DFB1734723960F2B687F83020B73B
                                SHA-512:00487A29CE1392AC91819651DEE0C43DBC16DBD8E408318D964F2C1139B779BD44E46E2682F6B30E2A1F62A6DFA091BD57F89B694842828E6B51EE3273999F1F
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....[.y.7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.k`.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 16:04:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):3.9856869807724666
                                Encrypted:false
                                SSDEEP:
                                MD5:9DE774D2AAAEEDEB98E61AEAE8CDFF72
                                SHA1:DA90967090B450039C3939C420A131111D07F8D7
                                SHA-256:34F1DD7A78A8044AC3B8077D815C881140901F1EF82BAFF551E63EC84220CAB1
                                SHA-512:00092FA86EA220884C82F5BF09E037DF2F7EB011D878C89C4A24C0654DD2E9435B306EBE0894E44E764CBFA3F4BEA7EBE1AA0C88976DF62AA51FDD745CB1E426
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....y.y.7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.k`.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 16:04:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2679
                                Entropy (8bit):3.9921413015961895
                                Encrypted:false
                                SSDEEP:
                                MD5:C31B27F09820DB44E5F7C0E74C18AD91
                                SHA1:EB75600338161261B724AB4DD39EBF4E83EE649F
                                SHA-256:E17A4E606A13F92957F8EC358A874D1E359E7507E93040DFA17F63D3BF8BF4BF
                                SHA-512:C7A96BED099070CE6745450B39044F9575A5C5AEBCF0AA2AF0A32A8B6DF3579493CD5E31B902A4FC5C31452EBE5AD0C9041E29B8B6E9DF37475C51D2592D01F7
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....."ry.7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........f.k`.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:Microsoft Outlook email folder (>=2003)
                                Category:dropped
                                Size (bytes):2302976
                                Entropy (8bit):1.417711359032643
                                Encrypted:false
                                SSDEEP:
                                MD5:7DA3354CC85AB027F98380F6FE9DEDFC
                                SHA1:CF9183C28CE97A2DD27CDCA3621121B497FADDF0
                                SHA-256:70E050FB766C6D19362DEF5037A932676C904E6C0830A44BFD540171F89DF29D
                                SHA-512:011C59A1FCD51CB31E978E9CC0B614D83F8257300C8EB6CC366451F3B9D05DD12B1CE4436E85A7B1E26DA7A40C0E06C4F8265893772D493A72B02065C9CCA6A4
                                Malicious:true
                                Reputation:unknown
                                Preview:!BDN..g'SM......\...$...........A.......e................@...........@...@...................................@...........................................................................$#......D......@...............=........0......@........ ...........................................................................................................................................................................................................................................................................................(..I.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):262144
                                Entropy (8bit):7.167170644643643
                                Encrypted:false
                                SSDEEP:
                                MD5:48712410F6254653FCDE89874C06436D
                                SHA1:AF7872B847A5891DC84CEE08613A6CAC7E51D767
                                SHA-256:C04BDD79F75D7597CA14D446319A743126ED5EADD33C4A478547C2DB65DB25A9
                                SHA-512:79DFA08E8F0E68330F71C3C7B8EE27A21B27E82E3ED0A3B85BDCF6B422EFF0319574BFFA5F97FFF7FF8A40E3A262331D7EC9C27D57B40540F8E74FD34C910B6D
                                Malicious:true
                                Reputation:unknown
                                Preview:.sm:0...........P.....q.7.......$............#..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................$........Z.0...........P.....q.7.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                Chrome Cache Entry: 195

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):520
                                Entropy (8bit):7.531681241432905
                                Encrypted:false
                                SSDEEP:
                                MD5:2DDC51931AF199B0D5F66AB77BFE7E70
                                SHA1:FF95E55BC02596C67075CAA838406B7ED2C71042
                                SHA-256:B5FDACF1D5859146AF93BB1BA687BC66C103E8B1B9E6BB4DA8DFB0695DCC7B33
                                SHA-512:20BBBA1836FC70C30E4B9BBF97BC33F2010EEB31B53D7F3E72C8EB76A47731CBEA01BD7AE30A66A5E22110409354F71B3D2BD7698BC38D2392BCE62514C33D22
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/d/dd/Wikivoyage-Logo-v3-icon.svg/35px-Wikivoyage-Logo-v3-icon.svg.png
                                Preview:RIFF....WEBPVP8L..../".....6.d.j.O.....X.I.q.6.8.w...v..l.I.m#IRj....|.#....7...I/.;........~..]..(^.%.......C..D...TM.A.....s4..Z...VM.h.@<...1...A..+...K....h.........X......q~....s..V......\...7.i|u.c.%....."N...W...m..Y.!!.B...4..H..P....!F..@....V.o..m.ov....j....??./;O....n.6.ot.=..h....T.t...........or.K..X*......>..Eq.......x.wsyn...<.R.{..h.V..N.....J.P.....k_g+....e......".lx._.+G...Sc..Z.5...}=!...Y..zk.]cR.{3K...}."R....<Q....|.8.i..VO.\.Cn...M9......0,..V}F.Ak....N.....Y...

                                Chrome Cache Entry: 196

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:SVG Scalable Vector Graphics image
                                Category:dropped
                                Size (bytes):268
                                Entropy (8bit):4.814615653975803
                                Encrypted:false
                                SSDEEP:
                                MD5:20E2BF3F38E766E007DFD18D33E9FB41
                                SHA1:BC1D4BC3D10C2BFCCADBF7109F760550CE5FA1A6
                                SHA-256:65829329CB8D2D9C79A1C427ABB906E0841FCB1A833840598150559F87CC1902
                                SHA-512:EE2051285A05849F4BAAFBD4CBBDDE802DAA281C20D96CBF2D8C4E5B80D7C2A9123BB0D0DDCAB097DC45779C784537B998E6080DB4FEDDE34C23CDA34605352F
                                Malicious:false
                                Reputation:unknown
                                Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 20 20"><title>...ellipsis..</title><g fill="#000"><circle cx="10" cy="10" r="2"/><circle cx="3" cy="10" r="2"/><circle cx="17" cy="10" r="2"/></g></svg>.

                                Chrome Cache Entry: 198

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (1002)
                                Category:downloaded
                                Size (bytes):63004
                                Entropy (8bit):5.342518842662206
                                Encrypted:false
                                SSDEEP:
                                MD5:4A1C33CDA5C1735C675EC178A596456C
                                SHA1:89FFD3C708CEB2B62F76AB80012CD6DEE4DD2A03
                                SHA-256:E5D844EC3EDC9DC335B4ED63D437F86BFD05F6015032CAA89E39C1A4FDA58E06
                                SHA-512:1A6FC54FA37813FA4E0B12A4D11E1B6414B75D67BCBE47A2DABCE32F13F027A6BD7594DC35BEF3305F78447CDDD1A9CAEC5A75BD7FCC8D9D2ABA594D1B254CF7
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022
                                Preview:function isCompatible(){return!!('querySelector'in document&&'localStorage'in window&&typeof Promise==='function'&&Promise.prototype['finally']&&(function(){try{new Function('(a = 0) => a');return true;}catch(e){return false;}}())&&/./g.flags==='g');}if(!isCompatible()){document.documentElement.className=document.documentElement.className.replace(/(^|\s)client-js(\s|$)/,'$1client-nojs$2');while(window.NORLQ&&NORLQ[0]){NORLQ.shift()();}NORLQ={push:function(fn){fn();}};RLQ={push:function(){}};}else{if(window.performance&&performance.mark){performance.mark('mwStartup');}(function(){'use strict';var con=window.console;function Map(){this.values=Object.create(null);}Map.prototype={constructor:Map,get:function(selection,fallback){if(arguments.length<2){fallback=null;}if(typeof selection==='string'){return selection in this.values?this.values[selection]:fallback;}var results;if(Array.isArray(selection)){results={};for(var i=0;i<selection.length;i++){if(typeof selection[i]==='string'){results[

                                Chrome Cache Entry: 199

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 35 x 42, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):2026
                                Entropy (8bit):7.813979931362872
                                Encrypted:false
                                SSDEEP:
                                MD5:800D97E5BE3B7EC0DF1A9F81F1D0B06F
                                SHA1:67F1C465579FAF7051F6A4A1240BFEF069F97E67
                                SHA-256:EE1D10C1762CFAB4830E2E4EDB0F23610EA123880122590A361DD0B1F60B302B
                                SHA-512:2BFDA7614D3EAA5DAD5F65DA5C2FA8723FE7391CCB24EC2630FE8281FFB11DEE072023100FA603C79CBA9072D58F3F7D79E76F8E7302DB64412F17B1EDC27CF2
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...#...*.....9......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME......9.......IDATX....U...?..x..V.."&....+....o.b..&..v5...l.R....(...W..}.D..}..J...H...,...>...Zl.J..."...{O....7o%...o2.3sf.|...3.#.er.S.\~.'.k.4.E..vfr...o.......B...,-.+..o.p.%...m.=f.".-....X..~wT.............;.....R.......qiM..}.....8..]....S...e...u....Y...j.]K...2.V....ZF....I..=2V...Ik#....8...T....v..p...ko:..j 0=...(jt4..B.A...G/...K....q..?,.....Wt...].{..3.4/.:<....n.eT.qR.......g....F.-OE...9.<e.G.R.......u`".+R.oE......~#v.k.].IxY........Qm0"......j.....DYf..<6L:..n....S....e.rG...j..c.=.4...=c.`kdC{:.. .b..Y..-w....e{.....ZA..UT-:.?.o.....I...Ku.cL_0&...cM..e*...Z..i;.j}/...;..x.....A..I.C...U.>.Z.....m.c..v...c.7%+.#.\.r....s`c. .....I..d........]l.....%S.x%.....*...e...%.+L.+.`....H..d...........P....K....<..G.....?..Q.P\8.R,..x.x.d...1..._.gJ.K.7.X..-v.q..1i..-.7.L.{.xA...$.A.......ob..+b.....5Q.....R.K....

                                Chrome Cache Entry: 200

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, baseline, precision 8, 550x361, components 3
                                Category:dropped
                                Size (bytes):66997
                                Entropy (8bit):7.967106031730161
                                Encrypted:false
                                SSDEEP:
                                MD5:F2DC42ED801BD8514FE01B2EFC188C76
                                SHA1:7CE0987D20C8F2ABA64204BD38E27CCBFE362665
                                SHA-256:58B85B2067FCE3708B68718FE6E923349BE3212B15A86177D8A167DBE5CB5692
                                SHA-512:89BE1AD320088A0A6104D9F7593810873C1A62AF4E5273A7D5164B4C767AB90E7598A9C223C14C391751962A9281134A6F4658CBD1029AE391759F295E980061
                                Malicious:false
                                Reputation:unknown
                                Preview:.....C....................................................................C.......................................................................i.&..".........................................T.........................!.1."AQ..aq2..#B....3Rr....$b.....%4CSc....5su.&6...ETd.....................................................!1.AQ.q............?..03.*".W;..._..a.H.....3.'\.Ox....S*....o....w.:.He`p...I.R.y........E O8..........\.f.+..0<f...Z.5.........e`|.....9..s.-[T...p?..B.^[..X........k..7.<&.....?.......Ey......1....z~.CX......9j...=_..).z.......6.F.... .U.r...>..9&>...........E[...t.GV.lp....c|~....!v..E..@...$......J6..{}..$...V.#.V2..d..268F....?.... ._.l..b.N.......oW@[..........X.h.0...[l ~.....GT..G...6{.......YN....z./.??.....Z.....>V.....7}...I.!...(..o..8....I?U....xny..n>..S.^..>G.....\.....q.......y$v?.f......@"%:.....q..}|.|....l.....t..?.....z....;....7.-.z.....Ay.}?H....RqWe...6?..{.=.7................._.Zq.W^..GP^2.?.JS..m_.vg....l.t.a.....

                                Chrome Cache Entry: 202

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):1028
                                Entropy (8bit):7.723185857696483
                                Encrypted:false
                                SSDEEP:
                                MD5:C1F6D42CE1278F74A15FF9EE37336927
                                SHA1:CFFE5FA63A2BAD41DCE943CD98CC940D03827DBD
                                SHA-256:2569D473498988C803961D70ADF3855A273E793185A424BF1D568384ED99208B
                                SHA-512:684319E802F029F95445F70EBA0750E95B2AE13BDD98B16AB29E3124F58C7B26F25679791A4927FE7214A4536C12F189C8B773AE48CEC4F15A4F0C47706EA146
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/en/thumb/0/06/Wiktionary-logo-v2.svg/35px-Wiktionary-logo-v2.svg.png
                                Preview:RIFF....WEBPVP8L..../"....9.m....m...C..S..|.&.M<...O)Ep.. ..(...t.m.\!.B.m;m......Ql[R$;.....dV.m.m..l.m..O..t.)..Q...x.A`.`.2]~e....&<...(.v.z.2H*.=.R...U.4..:....q./f......`.q...E.s."..-....T......2....[.....&...\@..I.!4%p1..L....MJ....#..@;....d~........1.@........(|..y.w.0....c.n..Yl...._t.^....d"....D.....BG....wL..L.XP...:.......~...SAD...2..a5FA.....R....%wH.2J..1..O.....w.....}|.;.?]....._.C...t..`....F...X.v..{'..c....Ih"...&.#.....`i... ..$.....B3pl./.C.EDg.e6.......HU.0r.......fMBM..nq`.....).U.n...)>.....[V......p..n....I@s....T.q.r+.V.8\&..@.y..B..W...7.c...0v.....Z....B.V....g..j.M.,.w:....D...<.!.%..D..8A.s.7_...n.;...J...6.AR.1....A.)..qQ.G.U.=..C..q...H.S........D.78'..(j....%..28.@..!$w.&.Z.....PM.8..%.".)JQ....fI...i?..`<....d.Z....=8.*.dCK.....J....?".HY..6.....<`V.%.+p..p.......t...e.?...F...\}......-....BF3.>...|....<..n...U...;...-...4.4.Ia.?....2.Y.{..VU..B....).!*`...+.....H2I.9.;.IL3\.....L.&....a.

                                Chrome Cache Entry: 204

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):11382
                                Entropy (8bit):7.923140135132655
                                Encrypted:false
                                SSDEEP:
                                MD5:B0D190705E1188D3EBAE09793386DE6D
                                SHA1:223A8DD2E54B99B1E90310871100698E4A246D6F
                                SHA-256:B5237B54CCFC5BD4EF1EAEE245D78DC368EE3BED8920E8F4285197276134260E
                                SHA-512:E915E24CC94BEBC115DD2A948ACA67CCB895847A6A2EEA3E587DEDCCACB56FA6819533E9275EBA466D3F4598F78655BAC6A3FA111F810C17D4934176799960C2
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/1/1a/US-%241-SC-1896-Fr-224-%283923429%29_%28reverse%29.jpg/214px-US-%241-SC-1896-Fr-224-%283923429%29_%28reverse%29.jpg
                                Preview:RIFFn,..WEBPVP8X.... ......Z..ICCP........lcms....mntrRGB XYZ .........).9acspAPPL...................................-lcms................................................desc.......^cprt...\....wtpt...h....bkpt...|....rXYZ........gXYZ........bXYZ........rTRC.......@gTRC.......@bTRC.......@desc........c2..................................................................................text....FB..XYZ ...............-XYZ ...........3....XYZ ......o...8.....XYZ ......b.........XYZ ......$.........curv...............c...k...?.Q.4!.).2.;.F.Qw].kpz....|.i.}...0..VP8 <*...m...*..[.>=..C"!..}.. ...b./.....P....[..6..1.t.q>..5.|................_....O..^..%........}..[......~...g.....w.../.?.?..x..=..w..........s>.}q........w..?......?............C........?t............T.V...w._...?./........'.[.w........../......w..n.w.+.....?......C.E.......?...}................j.........Nr.vQ......1..:.....a+...../E...[......A.gU...ov./.!..8|Kj....A....;.|O.Z...b.'R3H..;X,..C.k..w. ...y...w%...z

                                Chrome Cache Entry: 206

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 31 x 42, 8-bit colormap, non-interlaced
                                Category:dropped
                                Size (bytes):1746
                                Entropy (8bit):6.714414818962478
                                Encrypted:false
                                SSDEEP:
                                MD5:803A14278683AEAA9FCA89D127568770
                                SHA1:F5424594FEC6CEC4BAA7F96DBBB4D7D81E968836
                                SHA-256:5B2C8F39078A139AAEDBBB595C5A980FB225C1DD50503D63E21FE283170A4C69
                                SHA-512:921CA219C22142B2B380BE774229DC8A76E36C440362F8097F58FA58456787A0DC4ACD42364B52C86E6A2121AAF2721C86F73483AD0A72BE64B65A91F7421B4C
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR.......*.....|.p.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...gPLTE....g..h..f..g..e..f.....f..d..f..f..j..e..f..f..f..j..g..f..f..g..f..f.....f..f..h..f..h..m..f..f..a..e..f..g..f..e..e.....i..f..f..g..f..f..g..f..]..g..f..g..f..d..e..f..f..i..f..q..g..U..e..f..`..e..g..f..g..f..e..f..g..f..f..i..f..f..f..f..`..e..e..f..k..f..g..f..e..g.......................f..g..U.J5J......L6L.e..d..f...........f..f..g..d........f..e..e..f..f........c..f..f..f..g..g..f........e..f..f........f..f..............e..e..g...........h..f..f..f..g..e..g...........f..e...........b..f..f.....e..e..e..f..h..e..g..f..f..f..g..g..f..f..f..f..g..f..d..g..f..e..f..e..f..h..f..f..f..g..g..h..e..f.........".....tRNS.h .4t..Z)........|........S_,....X.9.S.'..c-.\.....d.........]..y.mq..w..8.....~G(..J#oW.o..n..O.0../Q......z..B@x..U..............ca.k....j:/X.V1..H.RH.G.N*H).7......6.....*..2M.3.......s..r%BD........bKGD........tIME.......d..n....IDAT8.}.._.A..'..x.0..S..+.<..

                                Chrome Cache Entry: 207

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:SVG Scalable Vector Graphics image
                                Category:downloaded
                                Size (bytes):6170
                                Entropy (8bit):3.871426479574051
                                Encrypted:false
                                SSDEEP:
                                MD5:1C06C456C5B8075CDE3BF8A15ABE24C6
                                SHA1:95E91EBD466CB02FD47840742A97E636539C2943
                                SHA-256:8AF4F20833AAE458D9B370E7174ADDB8666812D8EF608348F7973BE65EED2B9B
                                SHA-512:84E67B07487026CD3EE2DF44BFA9EED07027E3D49868392A8E256E5C15F56D9325BF70A7C618709D4653EA241586797C302CA7B865EF72E7FDD69B1E0B42CA14
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/static/images/mobile/copyright/wikipedia-wordmark-en.svg
                                Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 18"><path fill="#000" fill-rule="nonzero" d="m18.339 0 .199.001h.375l.174.001h.315l.138.001.323.001H20.034l.058.053v.5c0 .139-.078.208-.231.208-.753.035-.908.11-1.184.507-.15.216-.447.68-.755 1.204L15.28 7.419l-.074.154 3.23 6.611.196.054 5.088-12.076c.177-.487.15-.832-.078-1.035-.228-.197-.389-.315-.978-.34l-.477-.023a.275.275 0 0 1-.168-.061.174.174 0 0 1-.08-.147V.054l.073-.052h5.749l.058.052v.502c0 .136-.078.205-.231.205-.753.034-1.31.197-1.673.489-.362.294-.645.698-.848 1.225 0 0-1.53 3.5-3.137 7.159l-.268.61c-1.12 2.55-2.24 5.09-2.876 6.501-.613 1.17-1.22 1.06-1.745-.033-.411-.847-1.1-2.33-1.8-3.86l-.469-1.024c-.273-.6-.54-1.19-.786-1.727-1.08 2.23-2.56 5.26-3.3 6.624-.715 1.24-1.3 1.08-1.771.032-1.63-3.84-4.97-10.6-6.539-14.35-.29-.697-.51-1.14-.716-1.32C1.45.914 1.019.808.36.774.121.747.001.688 0 .593V.067L.058.016.592.014H1.6l.969-.001h.253l1.734.001h.225l.95.001h.577l.058.052v.5c0 .139-.087.206-.26.206L5.454.8c-.56.023-

                                Chrome Cache Entry: 208

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):4728
                                Entropy (8bit):7.668451889213281
                                Encrypted:false
                                SSDEEP:
                                MD5:84580F5CE24E49CEB98203546F7FB60B
                                SHA1:740DF0C8DAF516DE80B5E29485646F306A3B411B
                                SHA-256:9FEE918521798886CD3225B79C8F0124874E596E7CA8FD5D9314E71D3D837CB1
                                SHA-512:800F05FD3E47EE45771646592D4E1E1FBF2F998A711A2A44B2C12FD087A33C02560FD4DB0E5D254F3FDAD609BDF60749A5B9F00A72E35D802D5CFD2C3C235205
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/b/b1/Official_portrait_of_The_Lord_Archbishop_of_Canterbury_crop_2.jpg/121px-Official_portrait_of_The_Lord_Archbishop_of_Canterbury_crop_2.jpg
                                Preview:RIFFp...WEBPVP8X....(...x.....ICCP0......0ADBE....mntrRGB XYZ ............acspAPPL....none...........................-ADBE................................................cprt.......2desc...0...kwtpt........bkpt........rTRC........gTRC........bTRC........rXYZ........gXYZ........bXYZ........text....Copyright 1999 Adobe Systems Incorporated...desc........Adobe RGB (1998)................................................................................XYZ .......Q........XYZ ................curv.........3..curv.........3..curv.........3..XYZ ..........O.....XYZ ......4....,....XYZ ......&1.../....VP8 ....PC...*y...>E..D..."..{.P..g/W.....v.~P..n%.T...~w....T.......2.;.).?..@.........z.{....?o....w..w......?2~ ...`.._.?......3..............s.k...o.........`.|M.o...].....U..b..Pm..y......a.v2..t.vq...w.:[..\.#bKZ]..2.S*.+1.1..x.@o...d.%s..u5f.._EgF;..A..qH..#%....v(g~.|...O. n .;.y>.."5..E.0qa..S#s..:...".1e.(.....|].k.BB.....35..."....V...XG.v..G......^^.....o..(.i....RT();

                                Chrome Cache Entry: 209

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 121x161, components 3
                                Category:dropped
                                Size (bytes):6170
                                Entropy (8bit):7.698072861532095
                                Encrypted:false
                                SSDEEP:
                                MD5:F1D41443EEBB273490F876E9DFA4D471
                                SHA1:21DAC7D4AA345B962BCDEF50CB3752AB544F4FA6
                                SHA-256:DCE7DB7CA6D4A07D883EEE8045D2AE01E62ED378F89DC1FF1814E3302F328B53
                                SHA-512:F5C0D802B20758E9201CB1FFAEC8ADC33BB9C5F2A7C0E53B4FEF6BE1D787C4ED407167C2672457779A5569D1A9B793D042BCCD9B66B8C54893328CE2E2EABEF5
                                Malicious:false
                                Reputation:unknown
                                Preview:......Exif..MM.*.................V...........^.(...........;.........f.......................t.......H.......H....ROGER HARRIS..ROGER HARRIS PHOTOGRAPHY.....@ICC_PROFILE......0ADBE....mntrRGB XYZ ............acspAPPL....none...........................-ADBE................................................cprt.......2desc...0...kwtpt........bkpt........rTRC........gTRC........bTRC........rXYZ........gXYZ........bXYZ........text....Copyright 1999 Adobe Systems Incorporated...desc........Adobe RGB (1998)................................................................................XYZ .......Q........XYZ ................curv.........3..curv.........3..curv.........3..XYZ ..........O.....XYZ ......4....,....XYZ ......&1.../.......C....................................................................C.........................................................................y..".........................................I.........................!.1..A."Qaq.2...#Br..3Rb....7u....$48CSUv..........

                                Chrome Cache Entry: 210

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 124x158, components 1
                                Category:dropped
                                Size (bytes):5691
                                Entropy (8bit):7.890678586949979
                                Encrypted:false
                                SSDEEP:
                                MD5:4DC8AFAEC80BCFA1389F610E3C5E5039
                                SHA1:21F20C1F1E134992E0E26330F694CBB8BC1157ED
                                SHA-256:7454CDFD94C9437D8DA62D0692F9B7F0177AF4CE5CB3A214CBF16FA1E9AD25E6
                                SHA-512:AB24C3B36FB3BD90EEE3D4E75FF2C8D667AF91EB1713279E8A9AEE23164E28C5A4ED15008B91556D106717FD1C2C481304BA8C097236159A1D13CD9CE6AF513E
                                Malicious:false
                                Reputation:unknown
                                Preview:.....vExif..MM.*.................J...........R.(...........;.........Z...................H.......H....Library of Congress....C.........................................................................|.."...................................;.........................!..1."AQa..q.#2...R...Bb..$3Ss.........?...4h.F..4h.F..4h..].4g..".Y....'P...Qm-..P.e.y_#,.%...0@.LA\.@...q.j....-W...Em...I...W..`6{r;|.....U.]M.....S..F...e.... y....F..4h.F...i...I.$Ha.K...UP2I'..T.......}..m.J....c...o...OP...aP@.........E..Ur..IP.....s.....s....;.........L.......U.7.^...=.qS2K.M.v..p.H.....<.Y..X,..[..........}......9..u?..;..Iu..*(......>.|.A.}F.th.F...w..5:.a}.w..).3.H.d.=<.=..=.'.N.ut..U%%...3#.<.2....7...~r.W.d....+\.ag....@^I$.....1$09...2.^K]J..^2...1.-.;5]UM#$...*.y"...X.....03......Z..h.?G(*.UKS]U-Pj..b...0...s..;.....F..4h....?...4.7.tY#u*..!......Fv.Y7-......@.G.."...!.8ErQN..d.C.5.Q/...w...u....S.U.c.A....H......7A.{.......x...;x.H9....S].zo..].o

                                Chrome Cache Entry: 211

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 35 x 35, 8-bit colormap, non-interlaced
                                Category:dropped
                                Size (bytes):1001
                                Entropy (8bit):6.576556367314906
                                Encrypted:false
                                SSDEEP:
                                MD5:67C8746F5066208328B15CB2795E652D
                                SHA1:6CADE8E2BFBFD3DC206C30258B62FF90482AEB3F
                                SHA-256:1C83435E24274C8662B2B92528B7B6C06952872A915DB47B68352142B69010B4
                                SHA-512:1430054599C03F4D088407540CBA78A12CD9227C0B99A6903EDF27F56A0E7752B533C3B3D86F1FCC130440A16CE19A8B25F25DE9CAD0642D7A0368BF372F1145
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...#...#.....).Ck....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...SPLTE..................................`..c..d..d...........b..e..f..f..f..f..f..f..f..f..f..f........f..f..f..i........]..e..f..f..e..f..f..m.....q..e..f..e.....g..f.....`..e..f..g..g..f..e..U..e..f..h.9.c6.k2.f2.d3.f2.f3.f2.d7.d3.g4.f3.e2.f4.f3.f1.c3.e7.m+.U3.f3.f4.h3.f3.f3.e3.f$.m3.f3.f3.f3.f4.f3.e9.q3.f2.f1.g3.e3.f3.f3.e4.h4.g....f.3.f...2.<....mtRNS...o...s.:....=....ev.........=A...$....l:.........9.;...w/.~.......=.p.....y.........1......7.....9...t@cc`A.....bKGDp..lt....tIME..... 0...U....IDAT8.c` .....`fa%..-....\.VB*r...U.....<.p.T.r1..q...q.............KHJI......D.<..1..y....3SE..5j..p5.....Q\...U....:=TO......!....y..l.)......-,...%.k.<[......0pDb.9.T...J@...G.'NY/o._?.....@.F..CA0n5!..%arx....V....Q`5.x.......y|.PM"..I..q!.&9%??.PL........ .j22..'...".....W.P\.......%tEXtdate:create.2024-07-04T13:32:48+00:00.EI'...%tEXtdate:modify.2024-07-04T13:32:48+00:00.......IEND.B`

                                Chrome Cache Entry: 212

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):894
                                Entropy (8bit):7.685425672705349
                                Encrypted:false
                                SSDEEP:
                                MD5:6D2296C627D0BFCA1B3CA8DA56963978
                                SHA1:BE165E61CC8E9994A9FA1FF04EFFFD0AEF866215
                                SHA-256:721670EE94A1A56E752C8A5E29EEDCDBEF6F9C01020226B86B8A964D18D367D2
                                SHA-512:E902CA105F2061A143FF65BE702BA7247D82C389CD4E024E2523DA5CC01929A3814417E7F2A2B8F4A2E9DE2351F044324AADFC053ECCD3DE3BFD37366C926A5F
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/31px-Commons-logo.svg.png
                                Preview:RIFFv...WEBPVP8Li.../.@.._.6.$'...... ....1.i$)...= ..Y.p."I.....".._._......E`..9.o.......r...MTH.#!K.1.......0.......)....x.8B..+.b.]..9o..]..{....... ?..y.+."..g;.A...................!.!A ~ .....!."#.y...x...!.C...oS.h.r.M./....= .B..... ..H..... A 2...B..<jh......%....C...........^x....w}.....]a..B..mg#..Y..wl.=k.m.m.8.....".?....y7....py...yc.....p......u..U`y.......{..W.h..q(F:..[(...Lw..a.:.9...&.[.......6.n.<iI.z.~.x..g.e.')..~...Z.>...]6.e.w.._lz....R.M).W..K......o.1.O......Hz.....B..n....TH.GJ.xz}.......Q....$...h...K.....c.,..N.=..X...;..z..)j5PT.....Ro?.#.9.u.h..<n..8o....-....8.....7.Z......O~.O......B..1L...I.....J..3.C.(II.].....2....+........R\...A~~~.}.n..I....z..O.Z....I..LX.`.pIJ3.s>...b.,.\;y.s.0.K...t.....y/...O.^HR...W..H.6.a..`.U..sL.l.T..w...<i.#.m.~n.8...O|h.=...y..scm``.~..I..hesS....\ck]U..;...J.........i7...m.

                                Chrome Cache Entry: 213

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 135 x 155, 8-bit colormap, non-interlaced
                                Category:dropped
                                Size (bytes):7951
                                Entropy (8bit):7.933776057154196
                                Encrypted:false
                                SSDEEP:
                                MD5:814092D761989C74620EB311F2C71B9D
                                SHA1:E6F58AAEC8F31EB222F9E10FA9E9F64B79AE888C
                                SHA-256:4A702E2EDA9F4D04325A90088FBE04003D335B09A2F62AB52A05BD6B4441208E
                                SHA-512:9E7869BC5C466D5EFBA51FB10B6C10443AA74D71EEEA671EDBBD1DB73E3D842B574A24AB48C267221D3BF20EAB77EF27CDDB0A4717AB5075942A7D02998AB138
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR..............-x.....PLTEGpL..............WWW......................SSS..........................<<?.......................................TRTXVW...............a`a.........................^^^.........oop......nnoxyz{{{.....TTTWWX.........rss...lll..........................................................................................................................................................................hgh...[Z[...................kkk.................._]^......3/1...=::..............................yxy.....||}...KII...ONO.....................EBC.................................nmn...ede845.........rqs.......................................................................................................................vuv......................|....tRNS.5..V....4G".......n........r..r\..i....F.............-_.....|....D....\.........6.>../f.n.a...N.........CV...[~s.w..*H$....{i.....u..r-...;IDATx^..N.@...Z+..)F......SX.q...~.$.w.

                                Chrome Cache Entry: 214

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):2358
                                Entropy (8bit):7.896724704667681
                                Encrypted:false
                                SSDEEP:
                                MD5:EE3DE48399823BC67A0726E5A701E3BB
                                SHA1:EBD746CE4FFA4FB6A7A5ADBE6E7D1911627EA8FA
                                SHA-256:5BC4754D031BDDBF5CF7E03960D2983CE8E579351ACB952F1AC63D3430725513
                                SHA-512:07910BE95403B20844DEBDAAF8DF7274EABA3DF0118AF54F73E223B140DDA29D0A6B7829EE9BBAC6AA4AF87EF601EC664EEF0D38A4304B75683C38C6B32BD13A
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/d/df/Wikispecies-logo.svg/35px-Wikispecies-logo.svg.png
                                Preview:RIFF....WEBPVP8L!.../"@...P..$..m....Q.......c....f....?..t...{m.m.m..dY......3s...2;`.;.28.D..v.Sb..233_.tm....h....Oi.....g..u.6s.1P.d.m..l.m.m..m.6.m.M..l.x... .[..U.k.......U..Zn.i..U.A~a..~...Q..c...^....|BDCBQ^.z\..<.{..1.~..<.xR.s....OK~5.!.Q............'.....v..."^....Dze..Y........I.VAA%.<+.E.....Jps*...,+..Tj.5j....*..B\uV.uX.Y..WS.ws*.6.Q.[..p.u..p.l.,..+wK...u..Bq..B......B.....pA..KWEu.gf>`....|...s..b..K.+.S...oK.%Kz5...`l.:....)X9.sj...21../...6..."W.U....].I....z.2..J.....z0r|..M..8.h.l.lu.db.@.B\.8..S....V.S......[........5.4...e.x.p..1I..J.XZ.y..o_..B,..h.3E..jz..M0...MP...*..me.66..k'...q^...6.V.....eM#.K.x.<.....%....x....tf...F.....N~l/..Sf...........K{y..7..O.#...D.D..2)........4d..5...x=..Y........CP&NoN.7.....9.....q.xu1.......T1.Ax..........;..n.....`.L.X.9=.c_....Jo*H....6:..f.........^.....o..8.f..N...T....eN u.h..E&t.1^..X.mfl..T.5...6.6...B.1#P.o....B....0D..U.w...I...e]....(i..d.d.).E.j{.4..~.......

                                Chrome Cache Entry: 215

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 41 x 34, 8-bit colormap, non-interlaced
                                Category:dropped
                                Size (bytes):1033
                                Entropy (8bit):6.591414112517292
                                Encrypted:false
                                SSDEEP:
                                MD5:2CC38D053AD1AFA31A2DFD36179CA098
                                SHA1:30C6F4AD4E9FC4AC6450FDD4CC6FE5AA9513FC24
                                SHA-256:2F3EF9CE080B442DBE7E5A47E33F6EB0AE8C2287122210959525DAE95550C232
                                SHA-512:9472C6EB693A1910B7947FFD72F953DDEC8AACC365CC29314503C7BB872E1C2D759A077909B74B78CE66C22F7FE5321EB8913151AC383209D822AEDAEC67E5AA
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...)..."......y......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...;PLTE....`..f..e.....e..b..e..d..c..d..d..d..d..c..b..b..a..d..c..c..d..d..d..d..e..c..j..d..c..e..d..d..d..c..d..e..]..f..c..b..e..e..b..g..d..e..d..e..d..c..d..d..c..d..[..d..d..e..e..c..e..d..d..d..d..d..d..e..d..d..e..d..c..f..b..d..d..d..d..d..c..d..e..d..d..d..d..d..c..e..e..c..d..d..c..d..e..e..i..d..f..d..d.......{...gtRNS...?.04L.l..p.KA9..U..a\....Pw.Y..^..(./m.'%...Q.q.T.......]&..Wf..j..+.6...R...;8X...i.V`$..Z..D..#3.I.....bKGDh.l."....tIME.......p}.....XIDAT8...R.@.EAALT\F.E.W&..jT..E.."........C...7....9.d..p..g_........J2...xG...'.$L.....i2..L.....SJ..).......S.........f1...._w#..../.............|.K.....Q*.AE;...)Vrv....$.%.K"P...b.].`.p....k^....,.x.....B.....A2... ..1.n&RX...l^]+)..\.T.X..V.p./v..4b.1......c*....#..j......tL9...V.O.....kfP..lq..L-.c.S...?... s..j...~.o-V..,8I...%tEXtdate:create.2024-07-20T08:03:08+00:00L..w...%tEXtdate:modify.2024-07-

                                Chrome Cache Entry: 216

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):1408
                                Entropy (8bit):7.827711568703508
                                Encrypted:false
                                SSDEEP:
                                MD5:085379858603CDC487AC568AFF4B5E88
                                SHA1:8F2D678DB34E56DB47823F24999D2AC69B9C196B
                                SHA-256:D02D73F9B3A9EE7757DCC31EA9D07B14027A676F6DBBECA4174396185B207926
                                SHA-512:15E3485FDB7A3115F74CA15F66A59ADCC308B58FEB94F13E1A0DAE25BB1F0CB5207122FA9EF9F7D54B89DAC527833F4D90938DAB78B2FD8EFED6AD56BD61C7FD
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/f/fa/Wikiquote-logo.svg/35px-Wikiquote-logo.svg.png
                                Preview:RIFFx...WEBPVP8Lk.../"@...P......}-D....Ap..m.....~m.........=.....y...`.P..c....3..@=(T...2](R5'S1..."..\...n$I....|{..N@...S....#Ir.._..a...$.O....|]`j ^T..$..-...g.m.m.5.kd.m..m.;.P.m[.03..../Cp...3<.D.l..U...d.Zf....W9Q.y...*...$.F..*.}....9.....X.v........6...k;.S..j....&.I........S.se.....3.~.;...).cc8...'D6..S....<.m.XN.b..../L...o...~..9b....PX..Y..q....m0...q..].)..{.'..p....C.N....N...*...........\..HR.....X....!= ..%.....l;%q.@..a....6....8!"^.t.B..Jy.SNn2C..c.......M.....R$.Z.+.....<I...]....f.........!.Im..rW.O).<...x.S........{...%..w....3..../.Q...{..p.....H.E.^..(..@.U.].B...E.= e.N..~.......}.v.....f\r....|..KdZU.........`.`.Rm..;....\.2...)....9..G.G.nC.UK..Cu........>i`....'L.&......Q.'....8B......5.j...H...l.'.....)oQR.?._1.%X.AC.U.....').8X}.Dlw3T....-Q...R\......}E.M...Y....p.F..1.8.^...$...G.D1.......=...m..(...+...t.@...}..m.d4w...TF=.nH..C....G.!b...F[.....0..vZ~`z.f...../g.5.'..mV5.....4.f0

                                Chrome Cache Entry: 217

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):1707
                                Entropy (8bit):7.791708629977296
                                Encrypted:false
                                SSDEEP:
                                MD5:7483DD2319D2EBFE063D5EB1C7CC930E
                                SHA1:43EE911266AB9DAA9C9802F10A05ECEFAF1020D6
                                SHA-256:9A52CBE349406CBF983276077D4BE8EECC8AC09834810F4F0BA0C25A7AED82B4
                                SHA-512:D5947439997BC3D2E85E82F548A107010612504AF23E281FEDC51C8389E1590A5505BF99C89C86B6C77D477313624F8CC7035E82B5805A645C9868870AFF25BF
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...#...#.......Y....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME......:.xK\....IDATX...{l.....Oo......2...rM. -B.e....L......m.....eq..q.831q.M....9.!.@D...&. ...k/.XJi..8.....S.........}...{..z....O.b.$.-..9....?l....S.].Dw...b\I...}L.s...Gn..}I.<b..T2..D1i....M.n...(..sn.Tf..td.C....Wi..._.I.....O.C.,.Q$.,.;6./....LGhn..................r~+.j...'zr).C.|......:..!k..*....<&T3.M..CsS.....oz*n.#q>.^c.~4p...R.|..V#.....h?...F^...hz.}g..pm=-O.8.{B.P.k.la..z...M`$..qr=o<F.\...;..%.(...\3..b..{'.....>.s.......Cw;g..Av.8.........xz).S{.....z.K.B.w..2...y.e@l.MJn..aT+Uw.AKd2-.i|.....l.Sd..XZ.h_O.|.Gs..^..0.......s...Y......L...C>..9......q...!/.9?..M.OG]..........%k.....?'..-&.D&.3.p.G$,.M.....6..4.QH.....G.X.+...e2...{w..k......n$....T.#....?.s\0..z>^.;.p..Y{.w.7.72..5.c"..4.m........+h..%.-..6.0l..l.E.T.X{.B ..fj..p.....C.<.........m...b..0..h...E(.M.G.]L....b$2S....l..o...{Y......c.nc...vc

                                Chrome Cache Entry: 218

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):1894
                                Entropy (8bit):7.85800048006325
                                Encrypted:false
                                SSDEEP:
                                MD5:EE6B1299D34CAE2D5DDA9C91B81E924F
                                SHA1:950B014A1CEF1B9B1DF23AEAB6BF0ED10006D430
                                SHA-256:1048497B2F299F8AA1ADD99D079ACA6B45F7C3455C143C1C8F1646B50C24F6D2
                                SHA-512:B90590387040C0F028599EED78BBDACF072111FFCFFAF474E8F78FB1E1186BEFA3F2F842B0A7C1465C851F2C5657B52D8F12AB6B8FCFB87F47EF16C07FA2A578
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/a/a6/MediaWiki-2020-icon.svg/35px-MediaWiki-2020-icon.svg.png
                                Preview:RIFF^...WEBPVP8LR.../".....m....3..AUAm`k... ........Q....'2.....m...*.HN.s,.cr,.......IV..[.W.k.s...7....Tn.Z.-s_.....Hrw..Krw..6...m.....*..].{......m;.l.$.m;..Ee&..|+.U........G..~;...NZc.m.m..d.*.........b.>...\..h./...p.4.....z...{.....v..S.k.2..#l.L.Z[../..W7MpY"...o.......qG...p..k...v.%.m.Dp...m.7Z..C.U..*|...\.*..j.m<.p..4.......P.<5......*hh).. .A*]=n..*.(......u..:19...l.r....G/..@.)p.....UA...su.ku.;u~...:.{.."9k.[.......+.H...........+.....G..v....&....C.2x...4Z*...P)7..P1{x...Z.VPAex..Ol....}:...?.\7I.... ..... .`.#.3.$..E+.@H*.o..........V..p.8B....jGu..H&$(.......................P.......i.@... CNl....#.?..c\....J6.R.......:Y.! .:......%F.....(..\L'.%g.......o".]t...?.4Y.B..I5..b(P .q/...[.xv..[t.W...y.Z).L-(.j..d.+.h..#.eX@..a....!.H.B...G.N..X.}.x.~wl..R..f.i4."..i..zk.;_..&.|....J..r2....B{e?.5.-.,U..0BC.M.*G.5....i6.....d{....I..X..b.x.|..`.....Nf;`.V+x..g..p.CX]....l.@A....D/.}!b..v..[q..N..F...%. mm...o^.:........L.

                                Chrome Cache Entry: 219

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):1568
                                Entropy (8bit):7.84912242208009
                                Encrypted:false
                                SSDEEP:
                                MD5:C6566459F0DB635554BE3F06C959144E
                                SHA1:33D87AF0CFE0EDC10DDDBEEB47D35EC2532338B0
                                SHA-256:72A03F03E6940CDF95827C7510F2A2943ECE5129E2548C029A83E95F9B4C359B
                                SHA-512:D9EC033C46D6BB666F0403525AD6B02619C25F9B820A97FC4AAFB5D3DD925EB11E31251F1BF1668B5E8A5813B82676F28703D73BBE15BFA4C110B771CDEF65E8
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/35px-Wikisource-logo.svg.png
                                Preview:RIFF....WEBPVP8L..../".....m[......p......~..........!.......g&...zx.3...rBb..Jh...R...j.\"..m+m..;.N!....$...1.%RX.$.n.3I..yw..K..........rm. ....M.`s...5u..F>..=....u.#Q....+...~....Lq..x~V.=W@.....3V.3...x..{....1:fbL..r......'. ..@~q.Z.[.qj.3.aM.cF-..l..S.N9.&..,...).b #...g.......,mj.4=....H..F..u..z.4.....||..:H.0vV%..SMY.M.J}f.{...........(h;P.>........>/.q.....q.H.Y...P@.....w..]o.be.p...6./.7h,9...f.&\7.:...,.kM..._.5v5;o.._..Sn..L.I........~.lx.U.k.`c..hs...8.dS.x-...e[":.].6..$I....^}J6.?0v....J.hz.........\i....Q~2T.q}..g.Z+.&A.%.....d.7.9...1.@H.h. ..!..$Q.{..*...........Z..w.v..".h.@..`O.?....;..[.6....oGn.[.K.jO*G.hFF]dy..K....N..:..,..-ks......ZiR..6.......N.. .h.......xs......B...!..Jx.H..N...Q..H.....S[K.9DNE.Rz.?*.T_N..7...y{...h....UA.3.;H..c...^.....Q.....F...Ve..ai.Y......T...V'.......... .....].ac..i.,.C.IC..=...T...Y}$9<.9........4.z. .5..~....,KU.7.Z..d.${.3. ..xi4;M.)4I..2....^..Q...._..H2v........

                                Chrome Cache Entry: 222

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (4983)
                                Category:downloaded
                                Size (bytes):118383
                                Entropy (8bit):5.279131142542902
                                Encrypted:false
                                SSDEEP:
                                MD5:602071A1C7008DAEA703E74047C64C86
                                SHA1:DB28863FFDC1F11D5AEB42D0DD79F5167F52F34D
                                SHA-256:413A498549074B70AA21CEC26FFFDA56D40F03F910EB4EA482440053A85E8956
                                SHA-512:F80F5891974FCD8353A7C2C3182559FD1EC3F8A75DCF591938C3050C6B8F175810508F30D4317DE2AFAB565208B566F95B0B8974CCFDD671CB2A45F6E3C6670A
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/wiki/Main_Page
                                Preview:<!DOCTYPE html>.<html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-disabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-not-available" lang="en" dir="ltr">.<head>.<meta charset="UTF-8">.<title>Wikipedia, the free encyclopedia</title>.<script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-

                                Chrome Cache Entry: 223

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):10048
                                Entropy (8bit):7.9730599618636635
                                Encrypted:false
                                SSDEEP:
                                MD5:32DE005390E9E193857ACAC45D281B26
                                SHA1:6A7C726B61A8B9FD3D8F2E8EB571EE43AF412513
                                SHA-256:8FB36E7FFF144143AF538A56FEA3001CD846035515C349783A12E69FD28EA050
                                SHA-512:0DE723BA35A6E4101D732B28D6A8A2A831B71A2EE9BDDC4483F05701A8334C3DE0BE700565E416DBA6F1331846A2EBBE802FCE884EB0B8DB0CF803FD690B256B
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/6/6c/Walden%E2%80%93Wallkill_Rail_Trail_-_Shawangunk_section.jpg/162px-Walden%E2%80%93Wallkill_Rail_Trail_-_Shawangunk_section.jpg
                                Preview:RIFF8'..WEBPVP8X...........x..VP8 .&...g...*..y.>=..C"!..<...P...^....z(y....po......;.P_P^f|.},.....a..._.....2...w....k..{S.....Z.A.I......t._.e.....?.F.}...S.......?4..|)|/....._...^.^.|..........zV.....................?#......c...........},.5.......h?......?.w.g.'...............'..p.?...?d.....-|1.L...Df.....2.Wd..... ..f.9.......E%..r..8.}..X..t%...2.[.!.y......k~fv9....c...;..JrI....!@.3....h.......c.Mc.5.6..1G...P...=q....h......7Lz.-W <.I....>..09.. ..SX$.c./.W{...&EMC....4.....f>.~.cD4B.`;.Ao..F.t.9/....`.J...=?..0|.....M..mX.sRa.+..A.y....F..IJ.....V...r.H.GW..S....7...`Ms.1......!.8T..e.......\.....7A...h.....i_YVB..........&.a..21.r....h.W*...z!..U..f..^..E]-..%.;.3..7.Ylo..............iU......1..m(z..f..W. .....X.>.`6T..._.=..k.}......`Q..F{B....+.G...%-..0d....$ y.OB.O...D.L..l...;....D.#.....n...U...2.&.......T..}....x?...i..&..e...W..}./..>.......J.o.K.ZJX.....k................Y.3.Z..h..c.7I..DR.6/P.o...}*....8y.F>....[.Q

                                Chrome Cache Entry: 224

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):3350
                                Entropy (8bit):7.93238018759983
                                Encrypted:false
                                SSDEEP:
                                MD5:1E74AF31C2D0AF1F90D569B200EE1E94
                                SHA1:F182B620FD3BA73D583CB8BC5C8CA968225B9EBC
                                SHA-256:59DC28418653F7378CC950DBBD4A2D7A37360492635268D30A98816CDC8D344E
                                SHA-512:60C5FF9A42422E95765931D835E54966BCBC6FCDA536F661C8DF5AD27B350A645F1E73F6C13B368CEF6C6B12099FC3B7948B08B20681A3CD3B2F7874BE7CF79A
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/e/ec/Wiktionary-logo.svg/41px-Wiktionary-logo.svg.png
                                Preview:RIFF....WEBPVP8L..../(....Q...q..........If...,p.,K.c.H.;...N...\.... yu..$y.52E..Cm...#.y.k.v"I.......A....<..6.;.|<.............p...b.,..N.)..@0..m.m[g..m.m.."..~..`kJ..jQ3.2d.&i..........B?...r.sQkU.Nt.>.=.&..Q.::........J.....r..HTl..$%.$.X*..t].?.K.......Mg.E.._...q...C..A...].E...{)..%.8|c...y.M/.....N...V..P..;|.Zy`.r..Jh.X0z...j.yh..P.,.<p..r...e...4...4L..j..qU..X..&u.......M...w...c+t[.....;.i........m....Q..T.n=.F.(C.Y.$.s.m.].I..`p.*.u.c!1J..;.A..,#-2....p.y.a.v.,VP..\.....-U..C\i.Z...}..P.M....8B..M.".\.(....\..G.4m.P^.d..zn..J...#u.....xu......v.Z.....(..o.M.T}..F...;.-Z=.F..X..VE...z5...c.K..........:...?..J^..f.......\.Lx.._...|z_..N lM..q....:..3...g....Q...E.%.c.F..no..Q....{[U..n.,....3..Fn.t.KW.D..#.....+.:.ux.i.......K......tmS.P.@{...k....%.r.Y.eFU...2.y.0...."7.A...]......e..E....H...a...... L...m.....\.Jb.!..+.9).lY.*(sr.%[.{.k&.A..Q..:L.....`p....G.S.-...e/NA.*.Z.Z..7/a.......X.x...K.s#..X..C...;>.Q.

                                Chrome Cache Entry: 225

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:SVG Scalable Vector Graphics image
                                Category:downloaded
                                Size (bytes):221
                                Entropy (8bit):5.140712389287767
                                Encrypted:false
                                SSDEEP:
                                MD5:F4C86D1899E1F6ECA69D3CE4DC961304
                                SHA1:36196FFCC258E966E2C9F4D06D80733C48BD40DE
                                SHA-256:4DE5F25341A457E9FBCF7C29C44158D94CE7F74E91F92AE30B03FE7606716D08
                                SHA-512:D55B1F67FE20CD134B3B4A409BE2C86DF24647647334B2F4566AB08C8C7E3D04EFB12AB606EF7AB88A128DA48D90013279562249F5085A085EBB39E72298EB3B
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/w/load.php?modules=skins.vector.icons&image=menu&format=original&lang=en&skin=vector-2022&version=ni2fg
                                Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 20 20"><title>...menu..</title><g fill="#000"><path d="M1 3v2h18V3zm0 8h18V9H1zm0 6h18v-2H1z"/></g></svg>.

                                Chrome Cache Entry: 226

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 550x361, Suserng: [none]x[none], YUV color, decoders should clamp
                                Category:downloaded
                                Size (bytes):63176
                                Entropy (8bit):7.997132796025104
                                Encrypted:true
                                SSDEEP:
                                MD5:9A3ECD92ED93536232DD46AE7934FAA5
                                SHA1:8E0CEBD51EA765124E0B8A18C1F293E9E8329D13
                                SHA-256:7FB3C31E708B934D2557BF630AD157C5C250120BBE98A6D6E420B9D5514F068C
                                SHA-512:C3B2F743344DFDB0754FF9379CDC214BD7328C23A30803E5E68132A4EDD722EFA48B69B823570FF5EAFCB64685F94592700AC1F323F4FAF419D832AB1BFAE28A
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/2/25/F.O.C._Darley_and_Alexander_Hay_Ritchie_-_Sherman%27s_March_to_the_Sea.jpg/550px-F.O.C._Darley_and_Alexander_Hay_Ritchie_-_Sherman%27s_March_to_the_Sea.jpg
                                Preview:RIFF....WEBPVP8 ....p....*&.i.>E..C"....=.(.D....L.0...Y.:.P.....G..z.N....."..eD>.|.{.......|.....u.a..........;.W...?............^%...K..../._....z...+.._...........K...?.....C.....7....].O...?........u...........}..k.....m.....w...O.O...........{t...g......p.....j...#.O.?.?...}.......K...?.........#_C....ME....U.....q.....#3...o..p'.2J.-S7....gy.... V..!.{.JN..p...v.{............,..F.....?....+.Y........B...q...4j@3M..0j.r. ...W....4..2..!'....;3...GD..o....l*..2...E....EY.b..XX...S.<.....{.*.&5..$....-?o.1<..2.,7.m.dY...c.G.{.h.$.........J..[.c...R...p.:o*2.@..R~..F...R.2kD.....`G.v.|.'(uM../.\q.C..a.k..gG.......k..W.~....K 8*.ZZ.......l>..tK.i'.....r.1..h...KL(..o..4.. .c..._..)L.........>9.s..qO.+(`?..V..B.k5f.2.Q.t..`.....2....l.....v........A.]u....r...y.K.I?._.....w...=..Oj..:p.H..o.....Y,YhY....".%.J0.[.W..<W@...t>......D.g.*.T.Q.=d?=..J..ITB._.j.O...w.#...D.{...~../.e.W..n..y..C/..!.}r...Eo...vV......}..[.t.A.....d(....'...{q...

                                Chrome Cache Entry: 227

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):4762
                                Entropy (8bit):7.9307888242392774
                                Encrypted:false
                                SSDEEP:
                                MD5:CF1A7CC33B8D6238BAB3C28D2CC41388
                                SHA1:77CB5E698ABC08CE178AD028B20E0045222C12A6
                                SHA-256:03D46D8F3ECFCBFF9DEFC1E791065098C86C70E68A8ABFD00EA60F8F5F028FAA
                                SHA-512:3290423BA3F4CB2FB4F088C048FE3512F221E0697A8DF60BEDE5AE617AD37BA6A0218DFB550E0C312DFFA13840591D43B61CD33CAE72F92B86C1BD6181096C16
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/2/26/Deodoro_da_Fonseca_%28gravura%29.jpg/124px-Deodoro_da_Fonseca_%28gravura%29.jpg
                                Preview:RIFF....WEBPVP8X........{.....VP8 .....?...*|...>E..C.......(.D...i.t......|....#.........`............|.~Y.......v1i?........_..>..w...........8.s.a.o...~..?..l.}.......'......l{>...?...o.........I.....7.........2z.z.."s..'.u..M.[_p.].........e.]....G.+..n..>.....B.9r..@...T@0............P...J.kd..Rv.t.......Xc..c....{*......8.CU.L.@...z(.....z.....>....).Qrj....5n...,....... A.q..........v............;b.q..0{.....G.:.q|.C.T.a.....\.J.kd..PY....uJ'S.iwL.m.?^..hwN.$...=.;.Y..b..#dq.N.&4....Ln.......(ND...H.f.c.mp.-:.9_q.[.sB.'`.. ....(4.....P...Q..d......i.._.I...E...l. [a..l..T..z..n..Yu..L7....~......8q..b.U.Q.....D...)...0...P.g`....h.....1,....SO.#9....!..].>o..R9.g.@..2.......r..+..b..L../..Q8e..TJw...|.lO..[.%>G..I...U..a..XNd..|...s7..G..k.#.@..WXo2",...:..S..P._.!.5..&..{O'w...!..s....].c.#uF.].._..?a.h..$.._..G..R....F.|X.rV.P....(.....5....+.+-Ka^Q.H...FG......g..C...e}....Hb.....&.`d2(Y..4..K.D?..[t.h..Z..N...E.O.n.a'.9.2.>OSI...EUOb.....{...

                                Chrome Cache Entry: 228

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                Category:downloaded
                                Size (bytes):2734
                                Entropy (8bit):3.3882982469056153
                                Encrypted:false
                                SSDEEP:
                                MD5:904CE6BD2EF5E1EAA6DE1EB02164436B
                                SHA1:B37AC89616B9E4C01A35991AF59FE6B63E41A48E
                                SHA-256:3638DE61226857E62CF5187D7D59CF902111AD4F792B5BDFF1BFED3F5ED5E608
                                SHA-512:05044E298742B1520585AE3C029938036EBED50337608A600C4924A29E3624CE704F3B13FBE348D9E1B1E93B1E0ABFF9F53BBC9FD31929199F9A374F154F74C2
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/static/favicon/wikipedia.ico
                                Preview:......00......h...6... ......................(.......(...0...`.......................................000.GGG.XXX.ggg.vvv...................................................................................................................................................................................................................................................[................n......................0....................................................O.-.................=....................o.x......"................2...-p..................@...>.....................................>..........................@..<..@....................n..^.........................................................@.^...........................O...............................................A...............>.......N.............?.....`.~......A............../........n.......................+.......-.......,...........@.N...`.n.......................~.........=... ...{.P.....0...P..|..2

                                Chrome Cache Entry: 229

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:SVG Scalable Vector Graphics image
                                Category:downloaded
                                Size (bytes):9444
                                Entropy (8bit):3.7340369219367555
                                Encrypted:false
                                SSDEEP:
                                MD5:73C41E7C71EED318AFF4D771E9651F95
                                SHA1:C9DEE94A4B7BD5AF094AEFB7E83325C81761A3DE
                                SHA-256:CE4C2501F6DFE8A3492931DA471DE530244D2EF262B5B9625E32A675526D5891
                                SHA-512:B1B61C3FB10FDDDD020097821BD243F6B2F4EFAEB49F370CBCA5C6F8C4BAE50186C7A1E313A6B14C50F88D0B9E36D9006AB3A3CE00FFFD933A9CAF40837CB37C
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/static/images/mobile/copyright/wikipedia-tagline-en.svg
                                Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 117 13"><path d="M89.777 3.326c.104 0 .17.039.17.092 0 0-.055.363-.055.832 0 .093.076.081.117.039.584-.594 1.3-.921 1.781-.921 1.33 0 2.3 1.27 2.301 2.651 0 1.05-.352 1.86-.963 2.457-.533.509-1.18.729-1.91.729-.41 0-.812-.072-1.131-.201-.133-.055-.182-.071-.182.098v1.403c0 1.08.143 1.13 1.064 1.185.078.077.078.352 0 .428-.558-.011-.96-.025-1.572-.025-.572 0-.91.014-1.455.025-.078-.078-.078-.353 0-.431.793-.038.936-.104.936-1.184V4.951c0-.74-.143-.818-.846-.885-.025-.078-.053-.285-.025-.363.896-.116 1.4-.233 1.77-.377zm-17.266.144c.078.078.078.353 0 .431-.479.039-.869.455-1.053.832-.688 1.46-1.26 2.8-2.301 5.305-.16.385-.33.757-.533 1.117-.467.834-.989.938-1.26.938-.352 0-.611-.209-.611-.48 0-.17.195-.561.572-.561.143 0 .193.039.377.039.324 0 .506-.116.648-.377.195-.402.354-.762.508-1.195.131-.363-.068-.961-.182-1.223l-1.473-3.419c-.354-.828-.459-.923-1.023-.976-.078-.078-.078-.353 0-.431.26.015.609.024 1.053.024.469 0 .988-.012 1.469

                                Chrome Cache Entry: 231

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with no line terminators
                                Category:downloaded
                                Size (bytes):16
                                Entropy (8bit):3.625
                                Encrypted:false
                                SSDEEP:
                                MD5:38A780A62EB546B092D3971D9726933B
                                SHA1:F15AACF2D1BA86B4DD0B5CC3E57BF495E164BE4A
                                SHA-256:7A6B42A6EC883D930C8A77A49297D5C082D056B5DAB7F9B83F259D3680525291
                                SHA-512:802152CD0E703EBE9E67CFDC9540A6C508BC253FFE62FC4AC68227F7A24CDC9AC6019CCB0EA0C7937FD63C7CB1154309C93F0B3E6AB4AAFD1FE995B08107E3F3
                                Malicious:false
                                Reputation:unknown
                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkdhT3pgHiGmBIFDULauvc=?alt=proto
                                Preview:CgkKBw1C2rr3GgA=

                                Chrome Cache Entry: 232

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (4565)
                                Category:downloaded
                                Size (bytes):59491
                                Entropy (8bit):5.198250908198625
                                Encrypted:false
                                SSDEEP:
                                MD5:A1D3E67F42DDE645C00CBD9BC2E8FCC1
                                SHA1:11FB312CD27FCC4E36C90FE596DB5CB572968551
                                SHA-256:6C30FC5204381D831CEF3008B86215EACC77CBB1D48D7955E980ACA6140C04C5
                                SHA-512:74C430C4AB5BE8084258C5B32027E7E53A4DF875138B44BA09132E0171CE924C830EBD72DD76B8060CB77DD70C68F16D4B9F89F2B94A35311E4FC86AF2EE49B9
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/w/load.php?lang=en&modules=ext.visualEditor.core.utils.parsing%7Cext.visualEditor.desktopArticleTarget.init%7Cext.visualEditor.progressBarWidget%2CsupportCheck%2CtargetLoader%2CtempWikitextEditorWidget%2Ctrack%2Cve&skin=vector-2022&version=goyk7
                                Preview:mw.loader.impl(function(){return["ext.visualEditor.core.utils.parsing@1rcro",function($,jQuery,require,module){ve.isBlockElement=function(element){const elementName=typeof element==='string'?element:element.nodeName;return ve.elementTypes.block.indexOf(elementName.toLowerCase())!==-1;};ve.isVoidElement=function(element){const elementName=typeof element==='string'?element:element.nodeName;return ve.elementTypes.void.indexOf(elementName.toLowerCase())!==-1;};ve.elementTypes={block:['div','p','table','tbody','thead','tfoot','caption','th','tr','td','ul','ol','li','dl','dt','dd','h1','h2','h3','h4','h5','h6','hgroup','article','aside','body','nav','section','footer','header','figure','figcaption','fieldset','details','blockquote','hr','button','canvas','center','col','colgroup','embed','map','object','pre','progress','video'],void:['area','base','br','col','embed','hr','img','input','link','meta','param','source','track','wbr']};ve.matchTag=function(html,tag){return html.match(new RegExp('

                                Chrome Cache Entry: 233

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 47 x 26, 8-bit colormap, non-interlaced
                                Category:dropped
                                Size (bytes):502
                                Entropy (8bit):6.11579344072003
                                Encrypted:false
                                SSDEEP:
                                MD5:AD5600E8CF9911C3B39DAC5C8C394775
                                SHA1:82D98CA860C3E0C259883F5B99970F5E81E2B0C3
                                SHA-256:2ABE106457191E272A3D108426EC1CB557B42FDEFB3C9EB5E0F126CE8E704541
                                SHA-512:B3F6E1375DB60804AA6F82AED51BC4305DFFAF0B048BF9FEB5CCB9C2F9271A4DEDA46FA907AB6E66347A1946B9D1993E5380CBB1734B8F6DE0C39D2A5CEBCAFC
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR.../..........N......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...lPLTE...............@.....U.U.U............................2.d0.g2.f3.f.f..d..f..f..f..d.2.g3.f4.f3.e...3.f.f......C.... tRNS.................u3%...3u..Bf.9.mY....bKGD#*bl:....tIME....../b..|...[IDAT8..... ... .(..........!Y...K.C.9.s."..H....V..D7...1y...i.Yk.a..v^Vl...{.K..O.....K-.m....%tEXtdate:create.2024-01-04T04:16:47+00:00.*.H...%tEXtdate:modify.2024-01-04T04:16:47+00:00owt.....IEND.B`.

                                Chrome Cache Entry: 236

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):1512
                                Entropy (8bit):7.8321047108951145
                                Encrypted:false
                                SSDEEP:
                                MD5:7277D505A2E2DBB47454086894F3B104
                                SHA1:4583891F19D4E9A9718EE520AC84A01125D83EDD
                                SHA-256:170044426FDA0D9FEF930A54B6946DCA77B734D48228A68B1C795634DF5FD156
                                SHA-512:3B9BA394B19679E096F2EAECA0F5C03995BD7B0F8423337271AEE6BBCE6115D86394EE3E9AC8366E7949CBB461C096A0EF327AB50A2F4A1582D289A13C5D37BA
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/f/fa/Wikibooks-logo.svg/35px-Wikibooks-logo.svg.png
                                Preview:RIFF....WEBPVP8L..../"....Q....]&K.b[;.=.m....m..............d..?.D.Y....1...Gy.....$..?....\.JvRfn..9...3N..|..1...s....K.U...Z...d....Yq..m+!;.m...nFn.F..Y}....I....#AO.J..[i..OD.$K......S!..?.U.nV.-.....f]v35......bh2).........j..w..l.....Y......U....$.}gJB.p..C...v1.J...........p.z..7f.:.i.r..)..s:y...e.'K..D..."Kj.......k..p.Ij..C....d.[.."....p.....F.....?j.............t.u4Lc....Un..be..9b....HN.4.C....&.......>.....k....4:.ea.[.'.2f.X..w...."..mVJN.K.7.. .|>...(:.]..}.?..`.G.m.. ....+X.........GlSY.x.wrLr.9..p.3..A......5]........v..h.g.T...h...C\...,."...../._..xS.&9...2x.!.6J......q..4....o.n...;...LO...15..j)..F......,.n.HNo.&lF.G7.eOc..@k....0......+T......'..;yX..R..w...]....2.h.a[..Ej...kW....... .H...l....vU..-5..{.&..2?.Bg.....Js..avt...qMo7.JG.......P#...<....e.......^O .Z....]......nV....T......N........`-.&Y..b..HN'<SZ.6.p.=............ '4.hM....M+.P.U.I.....'Z.@|G.m....0..w....T..O.i......c.w...?#g5..j.M.U[..

                                Chrome Cache Entry: 237

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):226
                                Entropy (8bit):6.869519228044486
                                Encrypted:false
                                SSDEEP:
                                MD5:67D375D504D686DAAFB1D13E8253CA9B
                                SHA1:4C7F41435020FE8F43E9CBC6E221CA4CB0F9ECEF
                                SHA-256:3424148238FA893C750FE0571DDDD0F48E0FAF55416AD450BF2E2AA78A4BBF13
                                SHA-512:4B0F9C2AE25E7B93B38A9312413490EAE9E9031DD1A4C12FE3A649A7A26FE056454D7D910F516BDE00AA41950E397C9C1EEC2860DE390D465AA2BFB3CDF53EBA
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/f/ff/Wikidata-logo.svg/47px-Wikidata-logo.svg.png
                                Preview:RIFF....WEBPVP8L..../.@.....m.y.."........F.2..............m...E..Z..."j..e"....q..}.....l...V....z...8.a].8..{....NBd..._...x.X`0.W....F.l'yH<?......a.&..B......Dk...,.Eh.9l.{......]w.6..1..c.I.2....:...._..y.k.....

                                Chrome Cache Entry: 238

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:XML 1.0 document, ASCII text, with very long lines (906), with no line terminators
                                Category:downloaded
                                Size (bytes):906
                                Entropy (8bit):4.976810059683273
                                Encrypted:false
                                SSDEEP:
                                MD5:0D00BF7ABB806ECE2AA7801B36845E20
                                SHA1:44D1892676AB9914E0F4FD3463E33919A662A53D
                                SHA-256:44D8D849806E21A8E32489ADE3E8191C4B4B23B416632BEB258DEA2484ED4EA3
                                SHA-512:038DAE6188B0CA1677B64F4421705E805D251A4F80AEF470122F744CE6FDB85B61D7484A0BA1EBBD692C7CF3F5C97ABCCE4BA223E8D16022F882D25B23BFE593
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/w/rest.php/v1/search
                                Preview:<?xml version="1.0"?><OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/"><ShortName>Wikipedia (en)</ShortName><Description>Wikipedia (en)</Description><Image height="16" width="16" type="image/x-icon">https://en.wikipedia.org/static/favicon/wikipedia.ico</Image><Url type="text/html" method="get" template="https://en.wikipedia.org/w/index.php?title=Special:Search&amp;search={searchTerms}" /><Url type="application/x-suggestions+json" method="get" template="https://en.wikipedia.org/w/api.php?action=opensearch&amp;search={searchTerms}&amp;namespace=0" /><Url type="application/x-suggestions+xml" method="get" template="https://en.wikipedia.org/w/api.php?action=opensearch&amp;format=xml&amp;search={searchTerms}&amp;namespace=0" /><moz:SearchForm>https://en.wikipedia.org/wiki/Special:Search</moz:SearchForm></OpenSearchDescription>

                                Chrome Cache Entry: 239

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, baseline, precision 8, 214x91, components 3
                                Category:dropped
                                Size (bytes):11763
                                Entropy (8bit):7.888701950448266
                                Encrypted:false
                                SSDEEP:
                                MD5:9B81E646DBB1C347EE8A1490DB7B28F9
                                SHA1:B8C440C1A334572D7A8F9FCD894B62CD98A39E49
                                SHA-256:1FD7EA844ABD33C0614504A464471C8BEC3BFE53380B87BBCDAFD0258DCE19D1
                                SHA-512:CBB1CAEF1A2C87AF2F790D2E1E3D793E0473266057F3A87C651ED5DB76C23CE00AED890A839CD66AC7A811DF0BA8C48B82FDA37AC8BF78E3A0CE3416AB8B6D69
                                Malicious:false
                                Reputation:unknown
                                Preview:......ICC_PROFILE.......lcms....mntrRGB XYZ .........).9acspAPPL...................................-lcms................................................desc.......^cprt...\....wtpt...h....bkpt...|....rXYZ........gXYZ........bXYZ........rTRC.......@gTRC.......@bTRC.......@desc........c2..................................................................................text....FB..XYZ ...............-XYZ ...........3....XYZ ......o...8.....XYZ ......b.........XYZ ......$.........curv...............c...k...?.Q.4!.).2.;.F.Qw].kpz....|.i.}...0.....C....................................................................C.......................................................................[...."........................................>..........................!..1"A..2Q#aq..BR...3r$%b....'Sc.................................,......................!1...AQa..."2q...#..............?.6s9...=..].T..M3A.H.G.O.TD.g.j...~q..ZR..H.^Z......|.....G../M{.Y.....>.......l.......-....w...=.X... .h...B..R.

                                Chrome Cache Entry: 240

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 35 x 37, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):2313
                                Entropy (8bit):7.857424314785526
                                Encrypted:false
                                SSDEEP:
                                MD5:648018E12859D7D1EF57EA461C5BD66E
                                SHA1:58E33227C75F027D6AC28D8A983D4300BC5659B9
                                SHA-256:6F0D65A74E94E81BAA67B63CF4CF55D363BD4AA0A6A644B4FE440BCC1B4432F8
                                SHA-512:E857B190F67351876EEDFA7985779E66721006E4B8EABF4D932F3CD2C255CE610C4A28668FE8012E168116488A8C8BFDD968088007B036B8DA73BD1A8C856748
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...#...%......PD....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....4'..J.....IDATX..ilT.......f.x.....6.......YP..JaI...*4mC.%..H....R.......H.-..!.CCIb.P.daI.P...066../........0..x.x..e.s......T.Rb...(.X). ..d..@....T.P|aC..^|....Fj^.D.'....>.......!.bal{.z.5..>|\)..DN*N....4...l...k...........F`~..|.#l.........U.......k......d..x..H!.q..s..../bF...2....G.F.f..............s.J.=o4.S.EM3...kV-..E.....k.oJz...4\.....p.s?.|K0O...cMC.....M....y..d.....e+^?...)...q%.....D.D.].....@P....._z..`]9..G].........t...1....&...................l..X...9XW..PZ..e.....P...}..C...o....S4.E.!.....0x..5!sph..c...6)L.5W.....V.&.D..m.'...h...u..qHA.G%.....YP4%.b.g....G......._....B.M...Nc$.^..w.....@..P.@(.p.7.)(...pS0s2M...?_....t5M...=)..ek...>{].3.f.}...Q..B...&....P....._....".(5`.R....t..,P...l.8{..?..!.....x=.J....v...Y..!.6....(-..$..z?'..../..sV..-..%C+d.J....--.d.\8...Cc.x.iv.I...Lv...W.;,.t......HL

                                Chrome Cache Entry: 242

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 152x128, Suserng: [none]x[none], YUV color, decoders should clamp
                                Category:downloaded
                                Size (bytes):6346
                                Entropy (8bit):7.967555415501508
                                Encrypted:false
                                SSDEEP:
                                MD5:528A05063F9560A3622FABC1276E3225
                                SHA1:6CAE7155F277C78ECB62BBC22CE7B149ACCE1C41
                                SHA-256:779CA9D3BB60D82D01774F69A55197070041353F12DC3E9F241DCA59E6975D84
                                SHA-512:AF4FFA155E0B53B910AFAD8384CDACAF901003974AE90C8337888623A259E79FD16A20A8EF6C7631DFD89AE372AB2EA58A65205CF6EDF85659708DE7DC84BACE
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/4/48/BTS_LG_G7_ThinQ_mobile_advertisement_%28cropped%29.jpg/152px-BTS_LG_G7_ThinQ_mobile_advertisement_%28cropped%29.jpg
                                Preview:RIFF....WEBPVP8 .....V...*....>E..C.......(.D..i.SvW.4nN;........t.9..+K.;~s........_......!.....x.?....................?-.0..v.Z..>....[.....?........g...._.9.................g..........#............_..`.........s.G.........{'....n,...Q .ds.."l...f..b..Qo...5. .n_UN.!-z....z......w6.v........^.%.!os.V..6...X4.sC.!.a...E.;....-............s..AH.%.....d...[....t..5.S....H].%.Yy$.v.7.2..C_3.! #..o..*.t..9..(8...E..a.bW.....b.....:..dr.F.wah#...y..C.z...i}.x..._D7...h..lB...`..hBL.....gi[.......A.....Y,\Rg...NW..Y....-i.TM.o#.[....5.L.(.Fj..?..I.......D......!.....Z...Q~...n....lv~..@.ZeG.$E.L.e..t.7N6.....+v.[....'.e.o.r9i.nN.c..I.b...@..B...M....Y..p..N.E.K..}.N..:h..y...+..IX.p...`.=...p....x.&....|.?.F.M..=. .c.. z.dy..$~'.......|.O......hU.EN.p.......+..%.6...^...7.w......p.1,s..H.... .S.e..n3{.-.[`9.%..v*..e..~.D.....#...q...Yl.!.~+w....}.....x25.E..?.*...6 ..o.z.F:p\.S\.B.5wSFV:hD....|..0..Q..1.#....%WQ.o.QK".....Cx~..n.......\oJ~.H-..._..o

                                Chrome Cache Entry: 243

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                Category:downloaded
                                Size (bytes):174560
                                Entropy (8bit):5.149215614245289
                                Encrypted:false
                                SSDEEP:
                                MD5:4BF95D8B58296C2EABE52F0791BCFDA8
                                SHA1:D8DB9D732A8F9C4A4B29183FA3435542866216FA
                                SHA-256:E5EA7FAF8965D365195A4B049D0DCFCDE47690C61BB0CF1BD32873184C6392AE
                                SHA-512:7632795916BFFFD04997B6A86D600C84B0E79E592946C340961C6AB1B6D6DBBAFA5099E398DFB308DDD45499C990F67DFE211246ED72ADE0968C8D0C7B8A3D40
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/w/load.php?lang=en&modules=ext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles&only=styles&skin=vector-2022
                                Preview:#p-lang .uls-settings-trigger{background:transparent url(/w/extensions/UniversalLanguageSelector/resources/images/cog-sprite.svg?39d1e) no-repeat center top;border:0;min-height:16px;min-width:16px;float:right;cursor:pointer}#p-lang .uls-settings-trigger::-moz-focus-inner{border:0}#p-lang .uls-settings-trigger:focus{outline:1px solid #36c}.skin-vector #p-lang .uls-settings-trigger{margin-top:8px}#p-lang .uls-settings-trigger:hover{background-position:center -16px}.client-nojs #ca-ve-edit,.ve-not-available #ca-ve-edit,.client-nojs .mw-editsection-divider,.ve-not-available .mw-editsection-divider,.client-nojs .mw-editsection-visualeditor,.ve-not-available .mw-editsection-visualeditor{display:none}.client-js .mw-editsection-bracket:first-of-type{margin-right:0.25em;margin-inline:0 0.25em}.client-js .mw-editsection-bracket:not(:first-of-type){margin-left:0.25em;margin-inline:0.25em 0}.badge-goodarticle,.badge-goodlist,.badge-recommendedarticle{list-style-image:url(/w/extensions/WikimediaBad

                                Chrome Cache Entry: 244

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):490
                                Entropy (8bit):7.398913063182884
                                Encrypted:false
                                SSDEEP:
                                MD5:AB27EB0DB50CE0DDA541EA048EDCAD9E
                                SHA1:A6A57E5F50240E50EF703D252DEDFCCB29FC76D7
                                SHA-256:30089CB5E6A9AD1ADA1E0047C22E949E3AD0F2842AE5536CE2D5E1C636EB8C32
                                SHA-512:29064CC535E184178221D8790FF1B678E0D573127A1C0A2C7DAADBB4D710820BACD9B9E037FA0301907EB386EA4BF583FD7EB698EF4D9B464EA7A6D8B27CDB45
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/0/0b/Wikiversity_logo_2017.svg/41px-Wikiversity_logo_2017.svg.png
                                Preview:RIFF....WEBPVP8L..../(@..?...$AY.,.u.......m$E../..8.q.I."...=...............C.P.Jl...0.@..t9.tj..B8A........T..n...8...G1........P.... J...M......m.8..U...c.:.......z.......I.m..y.mc?|.mc.c..?.~o...O..fc..k._9.~...zx%.J......#!O..........*Nw..... .`.Q.:{.........Q....G....F..<._..........r/...l...8...i....O6J...9.@-.{n.. ...wT.F..[..B.}.c...I...BG7.2...Y[....L@....ij.S..&..fC......!.Yo(....`B!..L* 6NrM.....R.)..(.k.$c....|.....dI.$$....Kq../..8../.E.......J../2./@.>.P...

                                Chrome Cache Entry: 245

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, baseline, precision 8, 152x128, components 3
                                Category:dropped
                                Size (bytes):7686
                                Entropy (8bit):7.928857853380782
                                Encrypted:false
                                SSDEEP:
                                MD5:B459F41312B56EA544E3C034EE9B66BC
                                SHA1:8EBFCBAE6EAFCF5FDC8D2AA01765012E889F9B7C
                                SHA-256:774DEE842726123B49BB47DE87F1F101A548BC7F622623F53392B8A156BA7298
                                SHA-512:7A53F656D8D86D0E95B0180C9E2140BB923B4352C31442D18725D41BFBCE3AB7341DBB32C6D8EE92AD49AE66926A00F76723ED225728ED3502ECDDE876A02BFA
                                Malicious:false
                                Reputation:unknown
                                Preview:.....C....................................................................C............................................................................".........................................<...........................!."1A..Qa2q...B...#R..$r...b.................................*.......................!1A"..2Qa.3.q................?.....Y.4.....J.<8@$..N....{=L....h.e.g<Fq....?.M..D.....IIM.N.Z.L....u@=O.......=*..=.jn5.)....T.i...c.... .!Be.{{.R..oq..8.@.5..9...."...v8U..:.1.zk({...g\.e.!.#..d.6s........I.oc.mP...]eS$..m.$.r..UE.N..4.w.UV...e'..q*........K.2..N..a.'..a|..t.eJ....jEA....F../`P.l.......7.....'..q.v.....WMCA..TL..h.X.N.a. ~..E....i*q...=.....u6t.N.wN..nQ.[:..a....{.$6}....-..6..i...Zj...)HWWRU...$...M.....D..9...g.GG\vN.....v9-.....n..^.L..Y.El.]...a...h..c],.SFq..\..{...v.C$r+H.LO....6U-:/.On=....kfS.1..#P...#..c....;..&[.........$...8....m9#....RT=4..q...s....K[....I$y..pp..........b..I......{....=5.j.j..^U.KC$Da..2.2.....pt]|Cm..f.=Ct

                                Chrome Cache Entry: 246

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):2329
                                Entropy (8bit):7.85921155429958
                                Encrypted:false
                                SSDEEP:
                                MD5:8D8ECE2641554E7ED69AF9F6D6862D4C
                                SHA1:24C974268DAEE65F029920AA2937E0B3A45F46A2
                                SHA-256:3D51D34C4F0585FD118A27F59A304DCB46588414A7B83C3CF01308E2C5261EA4
                                SHA-512:87E62D1369C71376234B7F98DD6F22537D2E2A7B96B2B565F8A722343688F430AA11875FD9E322B56D616A76687C454C34C69337296B357F4B4F44DE6898736A
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...#...#.......Y....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME......!8.F....IDATX..k.].Y..g...{....2I]_.I...qI'I#HC..jhAB."Bc..R@..iQ...T...R..Aj...$...D.r......,.I..q......m<./...=..._...}.^{.....}....t.{.\..E..[>..P,.v.e.>..>;...6..i.....d.t.=....l...R7}...-...5N..mJ.-.7nw...P..x..2..j....q.N|...Qk/.V. .I7.q........0b....Z&3b...."S.|^...U...w...o.....+.J|H.A....bD.....q.<...>".o_{.BK.*..{eV......r..D....j..U.=.h.`5...s....)..9.~......m..y...E+$6.....2..6..W..<Z%Z..zX...q.....E3..P.(..y.a3.C...UC..AW@......+.&[..Y..a~u0.m...qs..|^.[.....W.......G....QL.f[6f..}.S.M...1.hm...V..z6..K.).u;..C.Q....%..fZ...H*..,.........Et.. ...'q......c1..O........k..u-...p.-.d^6....N<):(.Us...v..1.`JP.fE.m~nD...){.].yU....>..b ..v.ahR...).I.X.S.N=.~~)N.Z..x.`\...V...w..._....p[.Ru[..5.l.5ks..BO....DW........k..<q.d.67.O..F,.teV(.9....)<'.u.o..........Z...B...".Q..$.".Sh...:....x.q..`.A....P..kD].o&.9i.j.

                                Chrome Cache Entry: 247

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:RIFF (little-endian) data, Web/P image
                                Category:downloaded
                                Size (bytes):2466
                                Entropy (8bit):7.921508850611925
                                Encrypted:false
                                SSDEEP:
                                MD5:B26489A81FAB6D84490280E002D1B904
                                SHA1:79D8E20713C4076BFD579EEE3728290FD47871E8
                                SHA-256:6CACF2D6B87BAC7A7C015D39AB23947BE1AA666423677AED463FE8C8643AE12D
                                SHA-512:5058148C6623115B321E73C0F93DC80BCDAD19EF043F57097139B63BC9EE0C3FCF15A3509397F322D64C9EC5265886047A78E040F5CB9765B91EC57AEB5DC133
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/2/24/Wikinews-logo.svg/51px-Wikinews-logo.svg.png
                                Preview:RIFF....WEBPVP8L..../2...5.....\}i`...gz...{[;...W.Fjn.t/_..w{N...".o.v.L}.3.2....].....\.;53...G.....;..'4...G`.C..S...@v.G0.C.V...H.MM....$p..&.[..a.w.-.|..$....`[{.ZL.A.4.$.-V. I...`.yS.....9..Ii...m.m.m....m.F..q..p....L..,..S... ..X...(.....@Z........^...m....I.V.I.A.d..j@0..xH..n.t.....1`.M0..^.A.H....g.`...sI.8n.....7hJ$Y..T.A...i.X...#...............t......8y.).N.1...$_`.r. ..H.=..B.?......j.c...M....4.....I.-/.<g..&> ..$j.q.k.........4?c.7....:$....0Tq.@......x!L.....|...I-..`..QE..#...||H....q[..l.....W...z....B]9^..MP.....j.<el...H..g.D.&.z.M.:Dq.6.$..6y./Q...)J..........i....U+. ...RJ!.t.L...S..EIV....~..3ay.%>3..+..E[..`P..q.@.r!.. .c.....e.E.R........V...a.s.n8...#..1......b...R..M...,....7 ............Y`.w...1f.3.y.F....V&\..D%..J.2.3g9=..h(.;.........f....U.K=y...q..h...f...i.q./X..k..m3..R.,_/J...9yf1...8@@.}S..!..@...N.W.[....;.......6.....8..E...F.C.hd...\.0'J.o.3..),..d}.\.".W..b.q.p.i..dY.C....Z1X{...,...=Xj..%.....[.....c..

                                Chrome Cache Entry: 250

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 35 x 42, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):3071
                                Entropy (8bit):7.868322804608997
                                Encrypted:false
                                SSDEEP:
                                MD5:685D1E7536019B4DB299B911A7E331E8
                                SHA1:9C780F24C1D3CC8A6FB6CC1128E6F8779CD690E5
                                SHA-256:766B66B98DE7B56C516BAC2970434D141D2BDD5346B09D9E3901EE97CB2A8B66
                                SHA-512:0630A6CBB12AE221BA1B4A6A55EFC3064AF235196ABAC656F5193594AC280150AF099DF65681A182733472E70EC9E96225C4BB0347FF5C84A0DFBBDB25192EDC
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...#...*.....9......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....8.@!......IDATX..X{.V....~...'00P.;...j.... .C:......Z....1Q..Gjo.......m..0.......h...0........}v....W.........}..........-.y.......Y~..(............n..WLyXMW..3..(..l&.........9.....=6..fE..V.$..Y..*..c .&.).l.'t....v..^..$.aP.!.G...8^.!..!...@....}J.:.Ym...a..u...(........G.:.~..eUg.[8S......z."tlx.......`.l.~1....%..Zu`.*....4!i.xI.c.4..:...l.../..d2.5.......<z..........D.....A...U]w..JV..f}..b.R...y\0'1......?..n...<...J.<J.<-.......~..3..X..7._..1s....h.jo.."....x...O.j.ME)^.r.F.H7..?<.QO.`..F...n.<..0...1Sn...X9Q.f..f.......K(...7.>Q..w6U;E.2+...<...$J..../..r.k..3Cf...p.....,......."....nb....}.....N.....s...G...@..\.d...G...{wl...<}.. .>.~.575....E...B./".,........2....8..1q|.9%..u H.4D....o.4._.s.}..J^..!,............y3..ZS.T&.....+.7....?(q...g*.. ....Td9p.qr.D..A.{..w...j7}......TC.ZR..2...`l.._;..n"...d.P..

                                Chrome Cache Entry: 251

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
                                Category:downloaded
                                Size (bytes):2353
                                Entropy (8bit):7.826577243154458
                                Encrypted:false
                                SSDEEP:
                                MD5:D7001913BFC8BF452066C293ED3934DE
                                SHA1:919F6FE6E2EA5CFD7875535FF93B80880752AC44
                                SHA-256:468682567C08CBF79A13E226455CB78B509CCF5E29300F98594AED68F5883535
                                SHA-512:135672CEBA9015FD0B34472D7B398775C37FE52A5EB45AE1E2F06280D7F267C101EC760D8B8B14AF37F631E7EF773E15E3226719722277BDED2FB8C86349C17F
                                Malicious:false
                                Reputation:unknown
                                URL:https://upload.wikimedia.org/wikipedia/commons/thumb/7/75/Wikimedia_Community_Logo.svg/35px-Wikimedia_Community_Logo.svg.png
                                Preview:.PNG........IHDR...#...#.......Y....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.....24.......5IDATX..{pU.....>'!`Q"R..N}Q.D+.)....PKE.Pd...B...*....-.b..0.S........E.VpbfP.FP.Cs...)!.g..q..kb.]...8.;..o.q....&(.........^.n..h...7.V..._G.h...0.(.....O.............?...z..g..`n...5..pz.+..]...h...c.X...P...1..0...q..ZC.i.t.6.L...18.;.1.cP.....f....j.`b /t..-..*`..2...M..nW.w..{75..F..p.`.`.pv..........C.f.G..l...h.....0?.Fc.o..`zK..@.`..g..e.f.o..<....;..!`Xv.......YC.....#..po.....v~......0...5.L.Q.7]...f.7.:..]..%.Q.\c....z...pS.!.)I.f..$...*a..Ko._r.3..._!YR.R..s..o.i..n..4.Mr~.....}...rxF0.t...7%aZ....z.Aq%...ZSv.Q.......@y7.`..'.l.....".w..N...0uI}...j....R.wT<sAuy..$.&.n.d.....9_,.6.A..y.x';D:,...-...o)..gB...d.....,*_.3.'0Y..Jv.}^a.e.#.......)....:..oz!f....o..lwBY.hdw.?9F........pz.7.}s.(.....9?Z.....np...}l.U...."S../:.3&[......A.T-.H....k.].p~T.....Q......+.....'.N.<%.83m0..fs..J.}.3.>o*...|L|.....8?*.4...

                                Chrome Cache Entry: 252

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 51 x 28, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):3035
                                Entropy (8bit):7.886438487422646
                                Encrypted:false
                                SSDEEP:
                                MD5:C6143C09F76CA4EF187FCD4F6A347912
                                SHA1:3433B1C688344EFBB5DD9FF3AA9E17DB000DFF60
                                SHA-256:F0126A1A6F4A8B965690823F5673CDFA99B927D01C8EE1E3231FA8681AF47E8B
                                SHA-512:44632F01B90F836FD070342B4C91C6D626B799DD1F7353D083DC469F7B4056414A1567D8F945A5A420208C724175FE367AA9164BFF97E3B53DE9797A41414470
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...3..........[......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME......2.g.....IDATX..y._.u.?...o..'.....,.A..;..@.....D!J...4.Rh.J@SZ...A."...4@BB....m....n.q.....x............R.RB..}..9.|.=.{.9...Z....s."A..PH.-..?..*:..._..i].+o...f)....Z...{.RT0.............;..th%.u.. .t..._.m.<.k....`...~.HW.....Fz.....*.6c.Y.A..f.}"....l..iM>Q..S..UDX.G...a..z0.}.......7.{B.....QAU5.|ID.@....{.YQ....[......0x....=Zx.W..?.D.-"Bj..j.]@...4.m...C.f......J......6..f........k.......|..V.@=..U_<..a1....N.!.R.k=.4..#.U......9...@.:.L..S..Re..DD..+8...YT....L...R.~x.'.......;yI..D..S..;../F...-7...............Yt.f..l...>..<....u..z0...I2.g...J.u....qpf............*..z.w?..'W?..##R..-..7.x.9}Y...B..(......B.P.....9sM.P..<s..mJo.L../...........t.r1".-"...[|..#..r*.RyZfn...o.....?....>.....[.....b~&...S|..U./.."r....a.i..x..N....Hm`u.....;..}....[.r*a....!E_..m0.[].t....V.1Uo....2.....m...

                                Chrome Cache Entry: 253

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 41 x 39, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):4502
                                Entropy (8bit):7.91461237229471
                                Encrypted:false
                                SSDEEP:
                                MD5:F89368D1D431203B22092A1F4EE0A051
                                SHA1:F855A63C5A292D928BE2CD057D3D66ED75D57479
                                SHA-256:54CD2DE4235740239BDE67D6460CC1D57A70257F7512E18ED78C7EE36C9AFDF5
                                SHA-512:720006A72BF8C31125D0DBF5136A13597D0057D3D10A71529F3EBBB2C563CDF1588714D975EAD4E779E88437F5F38C3E0DA15A327643904AFA1A7D11996C0B1C
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...)...'......ja.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME......!..b'....IDATX..ytS..{.....$.....Z..A@.....,.W.AP....(..e.AEDFy\....P.....Rh..tH.&m.1m.f...........o....Zge.}.........A.'_......?R.6.N[.m5.....d...1!.6.._........+..@...g&...=<".7L"..>............7..6n.{/?.h......../.....\U...O..?..].......|..d..#....`w.\.._.*.|7g....?...w....7.R.BY....x..j..].!...B..L~:Y...)7O.o..^d..........<.f..7V....;?........S..1..,......a...Vj........o....e....RJ.a.ml.U..V.2 ..f....B,.....)....8.k.._....x.8.;....k.....=|....t.G7I.._H(..W....=..e..~z.N7..c...)I.V.>....M...z<^B..>=Ca2{..h.!..e.c..KW_......3.`...-f.r#..E`....A.Q.v....R........].t....B..Z`.y.?#.Q....@(.j..j];BC..CC.........vY...ZZmxq|7$..A....c.ux~L..a....c.{........*...a...(..8y...7?.....b.b.c..a...<.9..l..\.B<7:..>..........HI.Fzj$......,...eh.[q.W......f.@....D....'........p.O$`.%|.W......;R....E....0..H.)............P......i1o

                                Chrome Cache Entry: 254

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=5, description= , xresolution=90, yresolution=98, resolutionunit=2], baseline, precision 8, 162x121, components 3
                                Category:dropped
                                Size (bytes):10585
                                Entropy (8bit):7.936349009618462
                                Encrypted:false
                                SSDEEP:
                                MD5:2BE37CC7D21A473654CDF0E8068BDE94
                                SHA1:8F449E16674B4D794925502C5E104B2F64F7C7D8
                                SHA-256:9985F3F8CF9D336F81519D3E44E4F6696821E878217A26DB8452B10E0B625BB9
                                SHA-512:F69F71507CDCC7B58DEB59100C3BF64FE3A950A7AC744FDD067EDF4235B46F75F3F48DB9CCC35450B23F5865A9E8971D4469D63014CA143DFD093785E31E0CAE
                                Malicious:false
                                Reputation:unknown
                                Preview:.....rExif..MM.*.................J...........Z...........b.(.......................... ....H.......H.......C....................................................................C.......................................................................y....".........................................C.........................!..."1A.Qa.#2q..3Br...4..Rb...st..$5...................................3......................!..1AQa.."q...R......#2...S............?...m.....S....cV..TpN=.a...x.7s.+..R-U..0..&.x........hl)..y.}q.e..G%.jgSo.R .X..B!H.w..%.9....BG.c..}.5..."..xm.......o#.~C..^p.....*..cZi..-.J.n......4..GB....;T....{..U%..|T..P.../.*..k.Z.g...IQ...G.....b.:~.r....J..{...2..p...#j..X..#.\.].%4^"xgx..N>...C...[.......).....eX......{.i..]q..D.QG..)..3..CCh.....TA).....wa.. .v..`.'4g.Z......uG..i1..'x....N.H@>.v`...~.v.u...rVA[D...H......hV...U...@....OAQEF....jLM.DeA..Rs....P...&{MIDI]...............V.j#OY.K m.....k..v. .:..x...u.v...)...5..n...

                                Chrome Cache Entry: 255

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 35 x 35, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):2264
                                Entropy (8bit):7.839845763320461
                                Encrypted:false
                                SSDEEP:
                                MD5:8DE4E9E42367A5CE608F52F738535ABD
                                SHA1:A91863911463F0FA221D74CBA3FE39A8F17F90B4
                                SHA-256:C725BC0EE141A13A9B209065ECCB393A9F0A41DC75542D61FCE5E62F097BA00F
                                SHA-512:A92651B747739A2C5BE8C6279338FD64D348750ABD11EB9836885A1D5B1CE3675FA69D57976F997F7C92CCE0B7A58D74E3CA6517B9CADECA1BFAB64B49AB62F9
                                Malicious:false
                                Reputation:unknown
                                Preview:.PNG........IHDR...#...#.......Y....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............tIME.......4.".....IDATX..{TT....s.0.........(..#.I#&FQl....hL.]i.J....JTDk...m"$.M.M\>AM...B..TH.... .0sO.....8B......g.}.xy..gZ.......$......i.:d...r/.......a)eI.9.w.3V..I,x}.....?...._|n...av..o...<'...@0.@H..W..l.t8-{....0..2dd......D.....>....I..R{..dHF..@.V..} r...*.{....&Q...3..l.......;...1.I..... .K._...h.(........t..\P......l)...L. .fr/$...&"5'.<.".....e.c.....R`n.,......q.zv......<....l!).|.&.....{.a.K.^Vt6.0..9.4E..b.fM..u....11=Jg.2......lq.\...G.......5......(..9..h?...`.5i.P.X........Q .`Av...N...o<?;..Wt^k$6.W..L.:x...........r..gQy~V.."...T...A..........Y....t.h^x.A..J....=X...}!w..V...{....#..p.5[~4;..p.^.d%..(B.~&..oe..X9/....C.....(.f.....M...7..7A...M.h.}.`..../.mb.=a......sK3.Y..'x.U..S...P|}t....}...Nb~.}.<=?....@tD.c."...X.7o...........{.5...e<Z"|..j...R>.'L..1..t.n!;.N.~...;>...N'.'.....<.G.y..\c7jF.U.`...

                                Chrome Cache Entry: 256

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                Category:downloaded
                                Size (bytes):13444
                                Entropy (8bit):7.976143367474683
                                Encrypted:false
                                SSDEEP:
                                MD5:C2BC34648C583E6B9959C60BF51A4EFF
                                SHA1:7FE85A21E9246C62CDB3845DBF06642EA5540E59
                                SHA-256:94F7729893505B73B9360F51C67074CF44D31A096F25088699CA290FA39CCED0
                                SHA-512:1E587252C34AE2BB377631D23436F018649063A03557E7A09D3AC1FF200084AC1D46B8F6E994C065CAD4ABD5B3DD9D0BC3D733DDC43ECBF93F856202A2CCB6B1
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/static/images/icons/wikipedia.png
                                Preview:.PNG........IHDR...d...d.....p.T....gAMA......a...4;IDATx...T[]..._.......SwW...{.;E#D J....C.......}n.M...q.Z.&......s/..1~.....1~....m....x...r..>....._.../.......gg./..W...*.U../...b......N[[.9..C.m.g|~..j+'U........q.<)3..999...xyNnA 7...z..kKp..A.Z.........Woo..uu....Q_..jhl...BRku.....BQ..}...hi1[l/Z..d......]Je....('7.2.s.(.....I..rr....X2f?....%......3g..>...F3e......I@.+.n..WW..mmm.57.<........2.L....0......mvGZY.#.py.......*w.....R..V[.g.J3..@.DFf..).htQQ.jM .P..TA.O.4.<.......l0x.......t!DSs....Q...b.F...i,q.\..B...NL....l6....F.....\.v{...g0q......k.[YC..Jr..E.@v..l...RRjz.X.{.B.t%....R.."e1....@.R....H..C}y` 0...?......')...&k(.6.:.K.9.H.*~.n...Hc.Z].US{..,J[[.y<.*..l...X.J.........B.4TW.H..l.N|.E.85... .r.K..n..E.f...q.l.r.sF..E../2.......<.....f.Z........C==~.Y.. ......4>..@.k....a0.............-....jk..6...".(.UpIe%.#...-^r.!v...2[T..q+i.]4u.......w4.O.h...0..5...,...@_....B....Gi..md/.S8...o.....d&..V........;;..p(.........

                                Chrome Cache Entry: 257

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (4499)
                                Category:downloaded
                                Size (bytes):22854
                                Entropy (8bit):5.371346641132087
                                Encrypted:false
                                SSDEEP:
                                MD5:B66F77C59FDF6F35CEF8617041C9C0F3
                                SHA1:2CBD80D680048EFCAC6AD14E53C192CD1BE52D38
                                SHA-256:726E302E3D459F58A5D5612EA6348326D18C3ED7F63D757CF5A1B482A5B36FF5
                                SHA-512:64BEA68D6CB0BE5245124DCF77ECD4E262FA4F04C8897F893F3C461E3990049066C9146B1B9DC6E2AA249FF1C4E8C4BC6864D6A8104EB457A840C3022DC071BD
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/w/load.php?lang=en&modules=ext.gadget.ReferenceTooltips%2Cswitcher&skin=vector-2022&version=rqy9n
                                Preview:mw.loader.impl(function(){return["ext.gadget.ReferenceTooltips@dl4y1",function($,jQuery,require,module){(function(){var REF_LINK_SELECTOR=window.rt_REF_LINK_SELECTOR||'.reference, a[href^="#CITEREF"]',COMMENTED_TEXT_CLASS=window.rt_COMMENTED_TEXT_CLASS||'rt-commentedText',COMMENTED_TEXT_SELECTOR=(window.rt_COMMENTED_TEXT_SELECTOR||(COMMENTED_TEXT_CLASS?'.'+COMMENTED_TEXT_CLASS+', ':'')+'abbr[title]');if(mw.messages.get('rt-settings')===null){mw.messages.set({'rt-settings':'Reference Tooltips settings','rt-enable-footer':'Enable Reference Tooltips','rt-settings-title':'Reference Tooltips','rt-save':'Save','rt-enable':'Enable Reference Tooltips','rt-activationMethod':'Show a tooltip when I\'m','rt-hovering':'hovering a reference','rt-clicking':'clicking a reference','rt-delay':'Delay before the tooltip appears (in milliseconds)','rt-tooltipsForComments':'Show the tooltip over <span title="Tooltip example" class="'+(COMMENTED_TEXT_CLASS||'rt-commentedText')+.'" style="border-bottom: 1px d

                                Chrome Cache Entry: 258

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:SVG Scalable Vector Graphics image
                                Category:dropped
                                Size (bytes):704
                                Entropy (8bit):4.690707101256654
                                Encrypted:false
                                SSDEEP:
                                MD5:BC8FC77B826EC97DF462E51C63A003A9
                                SHA1:D5574779AF087BEDD38D985E0C5FC9FC35EA49E8
                                SHA-256:11FF898D3A99CE9B2FE1E0C746ABDB89B50F8DA5A5597023ABE54AC1278A428E
                                SHA-512:5602B266BAD8E7AF502EDB2E4EBB5284AF0CD8355E46ECB1130F3FACF0C4528F1A1FBF227F47C05131D7C93A054BA2D8440C47FE888D07F492E76E28FA71EDB5
                                Malicious:false
                                Reputation:unknown
                                Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 20 20"><title>...language..</title><g fill="#36c"><path d="M20 18h-1.44a.6.6 0 0 1-.4-.12.8.8 0 0 1-.23-.31L17 15h-5l-1 2.54a.8.8 0 0 1-.22.3.6.6 0 0 1-.4.14H9l4.55-11.47h1.89zm-3.53-4.31L14.89 9.5a12 12 0 0 1-.39-1.24q-.09.37-.19.69l-.19.56-1.58 4.19zm-6.3-1.58a13.4 13.4 0 0 1-2.91-1.41 11.46 11.46 0 0 0 2.81-5.37H12V4H7.31a4 4 0 0 0-.2-.56C6.87 2.79 6.6 2 6.6 2l-1.47.5s.4.89.6 1.5H0v1.33h2.15A11.23 11.23 0 0 0 5 10.7a17.2 17.2 0 0 1-5 2.1q.56.82.87 1.38a23.3 23.3 0 0 0 5.22-2.51 15.6 15.6 0 0 0 3.56 1.77zM3.63 5.33h4.91a8.1 8.1 0 0 1-2.45 4.45 9.1 9.1 0 0 1-2.46-4.45"/></g></svg>.

                                Chrome Cache Entry: 259

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text
                                Category:downloaded
                                Size (bytes):315
                                Entropy (8bit):5.0572271090563765
                                Encrypted:false
                                SSDEEP:
                                MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                                SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                                SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                                SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                                Malicious:false
                                Reputation:unknown
                                URL:http://safrareal.com.br/favicon.ico
                                Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                                Chrome Cache Entry: 260

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (7407), with no line terminators
                                Category:downloaded
                                Size (bytes):7407
                                Entropy (8bit):5.105650984588021
                                Encrypted:false
                                SSDEEP:
                                MD5:7A850FCB8C66471BF3209410027C46FA
                                SHA1:C0629A4F4977FB2CDFEDCF4FEB2D68CB929332F8
                                SHA-256:502DC6C5BE8ACDCE1554D427354E7ABEB3435D06BDE37B530407332748466778
                                SHA-512:BBC46828B09EB27CD00DF95F51D2B12A0FDA79D69C0A4302D7732AD32B94BC867F7E7BF15E8EBA981CC482C8617DDEED9A47B68E1F2A59E656A042908D77C59D
                                Malicious:false
                                Reputation:unknown
                                URL:https://en.wikipedia.org/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022
                                Preview:cite,dfn{font-style:inherit}q{quotes:'"' '"' "'" "'"}blockquote{overflow:hidden;margin:1em 0;padding:0 40px}small{font-size:85%}.mw-body-content sub,.mw-body-content sup{font-size:80%}.ns-talk .mw-body-content dd{margin-top:0.4em;margin-bottom:0.4em}.client-js .collapsible:not(.mw-made-collapsible).collapsed > tbody > tr:not(:first-child),.client-js .outercollapse .innercollapse.mw-collapsible:not(.mw-made-collapsible) > p,.client-js .outercollapse .innercollapse.mw-collapsible:not(.mw-made-collapsible) > table,.client-js .outercollapse .innercollapse.mw-collapsible:not(.mw-made-collapsible) > thead + tbody,.client-js .outercollapse .innercollapse.mw-collapsible:not(.mw-made-collapsible) tr:not(:first-child),.client-js .outercollapse .innercollapse.mw-collapsible:not(.mw-made-collapsible) .mw-collapsible-content,#editpage-specialchars{display:none}.references{margin-bottom:0.5em}span[rel="mw:referencedBy"]{counter-reset:mw-ref-linkback 0}span[rel='mw:referencedBy'] > a::before{content:

                                Static File Info

                                General

                                File type:RFC 822 mail, ASCII text, with very long lines (2201), with CRLF line terminators
                                Entropy (8bit):6.048422989857357
                                TrID:
                                • E-Mail message (Var. 5) (54515/1) 100.00%
                                File name:phish_alert_sp2_2.0.0.0-1.eml
                                File size:262'133 bytes
                                MD5:b2c0128d57b114daf67e5e941605d137
                                SHA1:6acea49f734190959654c568f4922e9b3ed753c6
                                SHA256:3bc06394fd08ca389eeaba5f4254061801ad0a47cfa3cbd4ed37d25fc013c80d
                                SHA512:14e683d9010c3d2c102902291fe9af44f11b2cd159cb7a8d3026940b7ed5a960983441354f057e043d0bac77300dc8dc947d4e72c2b798d162b3fcb590421a2f
                                SSDEEP:3072:LDJklJJRG1YnkO/0mvy7ZsV2MIG/4liFjfaxilfyBV4mvTCEpYjgQVcmFcSNh7PQ:LD2wOPIGgUfa2aBVLCSYcQtmky
                                TLSH:0E444B91D19977F49E3698ECAC0A2D271CA854C5A601CDEEA85FA7B857AFCF44D0CC30
                                File Content Preview:Received: from YT3P288MB0822.CANP288.PROD.OUTLOOK.COM.. (2603:10b6:b01:140::22) by YQXP288MB0012.CANP288.PROD.OUTLOOK.COM with.. HTTPS; Fri, 15 Nov 2024 15:24:23 +0000..Received: from YQBPR0101CA0037.CANPRD01.PROD.OUTLOOK.COM.. (2603:10b6:c00:1::14) by YT

                                Static Mail

                                General

                                Subject:RELIABLECONTROLS: Our Vacation 2024 (fq)
                                From:HRmanager <Reliablecontrols_Reliablecontrols_tjah@almajapharma.com>
                                To:Lindsay Smith <lsmith@reliablecontrols.com>
                                Cc:
                                BCC:
                                Date:Fri, 15 Nov 2024 15:22:37 +0000
                                Communications:
                                • You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. 352352 Yes Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. 352352 Yes Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important You don't often get email from reliablecontrols_reliablecontrols_tjah@almajapharma.com. Learn why this is important Learn why this is important https://aka.ms/LearnAboutSenderIdentification [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. 352352 Yes Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. [CAUTION] [CAUTION] This email originated from outside of Reliable Controls. Do not click links or open attachments unless you recognize the sender and know the content is safe. 352352 Yes Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.es%2Furl%3Fq%3Dqueryz0mi(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253Dquery(spellCorrectionEnabled%253Atrue%252CrecentSearchParam%253A(id%253A3891228890%252CdoLogHistory%253Atrue)%252Cfilters%253AList((type%253AREGION%252Cvalues%253AList((id%253A103644278%252Ctext%253AUnited%252520States%252CselectionType%253AINCLUDED))))%252Ckeywords%253Aremote)%26sessionId%3D5NTcRf4wT3OOZdAOuNu6%252FQ%253D%253D%26sa%3Dt%26url%3Damp%252fsafrareal.com.br%252fyoya%252f5jo3txpcfyzbajysuzq86dl0a7xrer8uwmv60%2FbHNtaXRoQHJlbGlhYmxlY29udHJvbHMuY29t%24%3F&data=05%7C02%7Clsmith%40reliablecontrols.com%7Cdf8cad438dae44616a0208dd058956e0%7C70dc28cdaa9f493cabf35c1ff69c0ddc%7C1%7C0%7C638672810637105669%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=up6lPNcwGdbVJvD8diFCDQaetYjXN0Cn53CcecyWjy4%3D&reserved=0 352352 Yes Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; font-size:11.0pt; font-family:"Calibri",sans-serif; mso-ligatures:standardcontextual;} a:link, span.MsoHyperlink {mso-style-priority:99; color:#0563C1; text-decoration:underline;} span.EmailStyle22 {mso-style-type:personal-reply; font-family:"Calibri",sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt; mso-ligatures:none;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --> Yes Have not received estimate. Thanks Cyndi. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC740-633-3011 (Office)724-531-1195 (Cell)740-633-2140 (Fax)------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span Yes Have not received estimate. Thanks Cyndi. Thank you, Thank you, John M Herrmann John M Herrmann John M Herrmann SERVICE MANAGER SERVICE MANAGER Hill Idealease, LLC Hill Idealease, LLC 740-633-3011 (Office) 740-633-3011 740-633-3011 (Office) 724-531-1195 (Cell) 724-531-1195 724-531-1195 (Cell) 740-633-2140 (Fax) 740-633-2140 740-633-2140 (Fax) ------------------ ------------------ From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 From: From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AMTo: John Herrmann <jherrmann@hillidealease.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: RE: IDEALEASE 322913 / 321806 Sent: To: Cc: Subject: Unit 321806 is in the shop. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi MatvyaService Administrator & Accounts ReceivableShamrock Utility Trailers, Inc500 North Center Avenue, New Stanton, PA 15672724-925-9200 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 Good morning Cyndi I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you,John M HerrmannSERVICE MANAGERHill Idealease, LLC<span Unit 321806 is in the shop. Unit 321806 is in the shop. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Thank you ~ and make it a great day. Cyndi Matvya Cyndi Matvya Service Administrator & Accounts Receivable Service Administrator & Accounts Receivable Shamrock Utility Trailers, Inc Shamrock Utility Trailers, Inc Shamrock Utility Trailers, Inc 500 North Center Avenue, New Stanton, PA 15672 500 North Center Avenue, New Stanton, PA 15672 500 North Center Avenue, New Stanton, PA 15672 500 North Center Avenue, New Stanton, PA 15672 500%20North%20Center%20Avenue,%20New%20Stanton,%20PA%20%2015672 724-925-9200 724-925-9200 724-925-6999 FAX 724-925-6999 FAX From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 From: From: John Herrmann <jherrmann@hillidealease.com> Sent: Wednesday, May 3, 2023 10:53 AMTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>Subject: IDEALEASE 322913 / 321806 jherrmann@hillidealease.com mailto:jherrmann@hillidealease.com Sent: To: cmatvya@shamrockutilitytrailer.com mailto:cmatvya@shamrockutilitytrailer.com Cc: rreuille@hillidealease.com mailto:rreuille@hillidealease.com lzwiesler@hillidealease.com mailto:lzwiesler@hillidealease.com Subject: Good morning Cyndi I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you, Thank you, John M Herrmann John M Herrmann John M Herrmann SERVICE MANAGER SERVICE MANAGER Hill Idealease, LLC Hill Idealease, LLC <span <span
                                Attachments:
                                • b77vbvbvn.png
                                • ilil.pdf

                                Headers

                                Key Value
                                Receivedfrom a48-118.smtp-out.amazonses.com (54.240.48.118) by QB1PEPF00004E0F.mail.protection.outlook.com (10.167.240.7) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8158.14 via Frontend Transport; Fri, 15 Nov 2024 15:22:38 +0000
                                Authentication-Resultsspf=pass (sender IP is 54.240.48.118) smtp.mailfrom=amazonses.com; dkim=pass (signature was verified) header.d=almajapharma.com;dmarc=bestguesspass action=none header.from=almajapharma.com;compauth=pass reason=109
                                Received-SpfPass (protection.outlook.com: domain of amazonses.com designates 54.240.48.118 as permitted sender) receiver=protection.outlook.com; client-ip=54.240.48.118; helo=a48-118.smtp-out.amazonses.com; pr=C
                                Dkim-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1731684157; h=From:Subject:To:Content-Type:MIME-Version:Date:Message-Id:Feedback-ID; bh=dveaMIxSYZXaa90tZ43D6urIww4NPDSP+EFzKhsW0sQ=; b=VtVSmpxXM6xMUezxfuxUizSbKnjcp5PrThhtF8vlGUtVDr1w1tikSCSE69OlojYV XIVbd+XqVq/ktlQt3rHvi9UWB5+3vgwS2KfA5ERU6AJXT3RDS0VFsZ1VF9z4ynEwzUG WFYJHGrfffgcgXg3RoeOIQznf1Elp3KEl/oEEJeY=
                                FromHRmanager <Reliablecontrols_Reliablecontrols_tjah@almajapharma.com>
                                SubjectRELIABLECONTROLS: Our Vacation 2024 (fq)
                                ToLindsay Smith <lsmith@reliablecontrols.com>
                                Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17316843102770.44831326823246176"
                                MIME-Version1.0
                                DateFri, 15 Nov 2024 15:22:37 +0000
                                Message-Id <01000193306b4871-6d9be918-ca66-428f-9695-6c8bb655ac50-000000@email.amazonses.com>
                                Feedback-Id ::1.us-east-1.7VPQIlS+jlreGsS/mMBT3pwMVSHSg5lJaxtokMRvAEQ=:AmazonSES
                                X-Ses-Outgoing2024.11.15-54.240.48.118
                                Return-Path 01000193306b4871-6d9be918-ca66-428f-9695-6c8bb655ac50-000000@amazonses.com
                                X-Ms-Exchange-Organization-Expirationstarttime15 Nov 2024 15:22:38.2684 (UTC)
                                X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                                X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                                X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                                X-Ms-Exchange-Organization-Network-Message-Id df8cad43-8dae-4461-6a02-08dd058956e0
                                X-Eopattributedmessage0
                                X-Eoptenantattributedmessage70dc28cd-aa9f-493c-abf3-5c1ff69c0ddc:0
                                X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                                X-Ms-PublictraffictypeEmail
                                X-Ms-Traffictypediagnostic QB1PEPF00004E0F:EE_|YT3P288MB0822:EE_|YQXP288MB0012:EE_
                                X-Ms-Exchange-Organization-Authsource QB1PEPF00004E0F.CANPRD01.PROD.OUTLOOK.COM
                                X-Ms-Exchange-Organization-AuthasAnonymous
                                X-Ms-Office365-Filtering-Correlation-Id df8cad43-8dae-4461-6a02-08dd058956e0
                                X-Ms-Exchange-AtpmessagepropertiesSA|SL
                                X-Ms-Exchange-Organization-Scl1
                                X-Microsoft-Antispam BCL:0;ARA:13230040|231020011799012|22003199012|5073199012|5063199012|32142699015|4073199012|4076899003|8096899003|13201799024;
                                X-Forefront-Antispam-Report CIP:54.240.48.118;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:a48-118.smtp-out.amazonses.com;PTR:a48-118.smtp-out.amazonses.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(231020011799012)(22003199012)(5073199012)(5063199012)(32142699015)(4073199012)(4076899003)(8096899003)(13201799024);DIR:INB;SFTY:9.25;
                                X-Ms-Exchange-Crosstenant-Originalarrivaltime15 Nov 2024 15:22:38.1903 (UTC)
                                X-Ms-Exchange-Crosstenant-Network-Message-Id df8cad43-8dae-4461-6a02-08dd058956e0
                                X-Ms-Exchange-Crosstenant-Id70dc28cd-aa9f-493c-abf3-5c1ff69c0ddc
                                X-Ms-Exchange-Crosstenant-Authsource QB1PEPF00004E0F.CANPRD01.PROD.OUTLOOK.COM
                                X-Ms-Exchange-Crosstenant-AuthasAnonymous
                                X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                                X-Ms-Exchange-Transport-CrosstenantheadersstampedYT3P288MB0822
                                X-Ms-Exchange-Transport-Endtoendlatency00:01:45.3005376
                                X-Ms-Exchange-Processed-By-Bccfoldering15.20.8158.013
                                X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                X-Microsoft-Antispam-Message-Info AAQXrIZI39XfsCWuJN1AV4XM67uLVBhfxQ0DBK9Yf+g7C207h/Gy7YrnfSkJoKbMtO/FwytM2kzB4wQ81/EADbfGKpZktkR6n17lzcdSRip1y0rXFKzJQfFME3a/dWO9/+BcPxLynB3a3MXNtBsgv1Am5GpcLOm6QAd8ObZ5VvbdxuMc0Ozq/mZFSmCV+ULfuiL3nYM1H3gsvZq0F8NKxQ+VGPi93rpsDC1QQwzEp4vUtPzPreOFl7krGacBxtBSwLo6ZBxJsBSE2zL/stuD/7PjqhxstvSEt9cE8tnEBShkDVApQag8g7iaadPw1QoADq7FM1qpzmBhVsZNf1WMMeJQKNvlTeBnD6VooB7ISbKZsrSDcwaNyvD08U7aIBn1TlUDV1ddBuDvrv8birEW++WeJaWIszeHk4JSC1gbI4cA0FknosgnIH0AoiSOtgRZjAmbXNiX0lU1d31n31U77oc8PXLWJaV/68JS6TZh1nMvaEiRqLxdQ6/hwFL9r4eARNT4qSxEIVt8Ij/ZrOMxIDaE21YGzduS6KzJn2/JuYc9X6aObI6q/eCjMJbh72x/Os2dmxdWk1X/RIaNtTEZoWSk7LZGYYc2LUA5woWDHspeOmeLrhozmAttMDygfU4k7hmoLyAmBTWwhUFojZKIEkfneyHtKHKusiRXJM2WB/OWfCTZyY+C56e25RjS5mHqcJ1G0bEK7ktdLhF8iJD6A5FH4cStmpv/RwBb2rIScb6QoFRoxN5QBVT74gMVwZ5HU2pNROCURJHap2y9UX3y+cY18xC5HQb4APEGzza9tpJj0VthtCtqlll52DnY3oYi9YfAExZag/1bn3kGepm5ZxZsyz7Sm6hNkfrNGH0JCEW1lZvHpVEZobjSmvEHbS4BvySNVl8+ZKvVJaY5w1bTxnK0kxYrpxvOxOmiccikXC3hEhgWhhmp8Cnz812U5lhkkEUBdO8mSoVS1L6bEbXWgs+kYrPTweaysR9gcqOSpwT7ZdTq/RjIOK9AIhpmbtibkK1KDmFXS0o+YWN3ZrSxQ5G6fb9UDz6GCkcs6leWiMaOjYeiKop7XzHKIVgJ3DYOCemO+3ZqmUthDwrhoYphj3N/6MwGM5Y4WnhWkDrm/S951jH8PMjoeza+Tz8N9xJ5g1q0UDHUUl5mPMIpeM10UbO7VkWks6bxSGrom9VF6r+d4o27uc3s7xL9M6IPeGd8hUobszSrzy+3joaZvIO293OkfTNv58WRzTiCsKL+tsOvNBZ5iG1x5vKW/ON8ix3QRMNFB+AGn4+ZLNiENo+JwsnkAjVdvxadpxHg0OhoVcyDXRRpGgASLC4uSMWKlFHsYsmvVUwZ5HrbBxlNjeYy6QcS8MLSyGYv1+A8rYCh3I+A1bdtS4W8A6nmKY2BxtSYgVuMrZHZJ2ip/8iQJh2TKpZMLG5jIXtBEQ0aAbqXXShBUq8nO2EotSohoi+jNWc9peRQ7b/JfPy2AnrmNJ5qcqiPPYWAWnnerqOPE0dxib19Tfbik0J85kO54q/qOP3l34tmV+HGArQaIqdjfsgrUtw/71Qt1gde5zlw/BkS1UgE/F6sIEUbM+kYp6WIWzDBykryO+SV8zBOoPGRv2cGMHuB9KvzINkVEvqKHbxImHMxs9RY+orWyapNMAw2B01WWVBAb+des3xhLRc1eajBcXwfoPbG+56bGBIPpF1sNLtIQp+7FdlYyWgs/VuBJ8wjXhs5p7KZ2hqXFPV8TxB35P7PhoCt5HwPU1Dtaaqp9sBxAIkyd0Px7Q1wbwHCqrBm3xVexQWZnN/pKfjT69GDx8UsGSKoj9YE4avCNZo8ly1hKKlq8PAV1xK9UIyhK2UGiYNTGffvNTL0p94l3k3Z3w/WCfHbgscRDDVXn/naY125QiAS2HNif7Fs2/a5TsNMtCmH11ZjVnYUIa8dXGSa97nuTObYTxrpduGZ1/IQEXzxOcNgNqDn2vMM5KOolmVxBSwDOjWyD+dGappyJ00ows+v/wFuOwski8JD9yYZRilwfa8x9sqMdwkGEBwi14j74B8Hk+G9WXD4gSqrnrLkwjmq1JLTnM/3POs+O/ef+PIKtIfcCHY1hxDhyIuTsTFqLnEbAMXn1IvMiJt8hiJSbnYeQZD9WwOzpMkqCxPTuRuNkAAR2joRm75TX0LXFWArwjVWywsDYj/ogL/YPU1E4w==
                                Content-Transfer-Encoding7bit

                                File Icon

                                Icon Hash:46070c0a8e0c67d6