Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
f5dc5302-022c-8bef-7a8e-e20ea821f59b.eml

Overview

General Information

Sample name:f5dc5302-022c-8bef-7a8e-e20ea821f59b.eml
Analysis ID:1558554
MD5:c2b541afcb4f9f4be3bb26630ddc8dc2
SHA1:a0d34d5d3d03c9cb53a2e3d8232e3a4c356e6fae
SHA256:8f0a41b378d125071a59a6e32d7a9820d0e2d0b44fab744d5aed0bdf24d21c84
Infos:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
AI detected potential phishing Email
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Invalid T&C link found
None HTTPS page querying sensitive user data (password, username or email)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6980 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\f5dc5302-022c-8bef-7a8e-e20ea821f59b.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 2696 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8EE527F6-0E7E-49F4-8582-D7DFDECBFEEA" "5D859DD2-D3FE-4498-B141-9120C5A60495" "6980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 1608 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4O5D2J0P\Jergens Piping-protected.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6204 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 1468 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1560,i,12667595704125337153,3606123564150493226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • chrome.exe (PID: 7880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docsend.com/view/fyuf3b2jafhgi6i9 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 8068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1952,i,344770409400045957,13924411703783800086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.4.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Signatures

    Sigma detected: Office Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6980, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
    Sigma detected: Outlook Security Settings Updated - Registry
    Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4O5D2J0P\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6980, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
    Sigma detected: Suspicious Office Outbound Connections
    Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 1.1.1.1, DestinationIsIpv6: false, DestinationPort: 53, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 6980, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49702

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    AI detected phishing page
    Source: http://tues365scrds.appforconstruction.com/szpJD/Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'tues365scrds.appforconstruction.com' does not match the legitimate domain for Microsoft., The domain 'appforconstruction.com' is unrelated to Microsoft and suggests a third-party service., The subdomain 'tues365scrds' could be attempting to mimic Microsoft services like Office 365, which is suspicious., The presence of input fields for 'Email, phone, or Skype' aligns with common phishing tactics targeting Microsoft accounts. DOM: 1.3.pages.csv
    Yara detected HtmlPhish10
    Source: Yara matchFile source: 1.4.pages.csv, type: HTML
    AI detected potential phishing Email
    Source: EmailJoe Sandbox AI: Detected potential phishing email: Password-protected PDF attachment is a common phishing tactic to bypass email security. Generic urgent request to open an attachment with provided password is suspicious. Email contains corporate branding and disclaimer to appear legitimate, but the urgency and password-protected attachment are red flags
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: Number of links: 0
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: <input type="password" .../> found but no <form action="...
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: Title: Sign in to your account does not match URL
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: Invalid link: Privacy statement
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: Invalid link: Privacy statement
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: Has password / email / username input fields
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: <input type="password" .../> found
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: No favicon
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: No favicon
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: No favicon
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: No favicon
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: No <meta name="author".. found
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: No <meta name="author".. found
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: No <meta name="copyright".. found
    Source: http://tues365scrds.appforconstruction.com/szpJD/HTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
    Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:55194 version: TLS 1.2
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
    Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownTCP traffic detected without corresponding DNS query: 18.173.205.79
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
    Source: global trafficHTTP traffic detected: GET /szpJD/ HTTP/1.1Host: tues365scrds.appforconstruction.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tues365scrds.appforconstruction.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://tues365scrds.appforconstruction.com/szpJD/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=76vt1lcccd5vq2iq9uc4dce8gm
    Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
    Source: global trafficDNS traffic detected: DNS query: tues365scrds.appforconstruction.com
    Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: code.jquery.com
    Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
    Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
    Source: global trafficDNS traffic detected: DNS query: stackpath.bootstrapcdn.com
    Source: global trafficDNS traffic detected: DNS query: 1381488073-1323985617.cos.na-siliconvalley.myqcloud.com
    Source: global trafficDNS traffic detected: DNS query: 1381488073.constructionfederal.com
    Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
    Source: unknownHTTP traffic detected: POST /szpJD/ HTTP/1.1Host: tues365scrds.appforconstruction.comConnection: keep-aliveContent-Length: 902Cache-Control: max-age=0Upgrade-Insecure-Requests: 1Origin: http://tues365scrds.appforconstruction.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://tues365scrds.appforconstruction.com/szpJD/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=76vt1lcccd5vq2iq9uc4dce8gm
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2024 14:25:08 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: keep-aliveCache-Control: max-age=14400CF-Cache-Status: EXPIREDReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KS%2FsCXWUukS5k3dEbfJMTXkGxfx1Avd%2Fnyc8vvIZtxy89WCMKhmxewtliuCOnNogAoJAK3H11g7Qx%2FRqL5yJWX4%2Ba50K8Anl4ka9m%2F6yq9O%2BYlaK%2BLK%2FZz8YaCZGIhxGZLIVyR13LykzFBqiGeC4o0ozkJnUsA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer: cloudflareCF-RAY: 8e50de275bad43dc-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1370&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2020&recv_bytes=922&delivery_rate=3969842&cwnd=253&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8e 3d 0f 82 40 10 44 fb fb 15 2b bd 2c 18 ca cd 15 f2 11 49 10 89 39 0a 4b 0c 6b 8e 04 39 e4 0e 8d ff de 00 8d ed cc 9b 97 a1 5d 72 89 d5 ad 4a e1 a4 ce 05 54 f5 b1 c8 63 f0 f6 88 79 aa 32 c4 44 25 5b 73 f0 03 c4 b4 f4 a4 20 ed 9e bd 24 cd 4d 2b 05 b9 ce f5 2c a3 20 82 d2 38 c8 cc 3c b4 84 5b 28 08 57 88 ee a6 fd 2e bb 50 fe 31 3a 94 82 46 a9 34 c3 c4 af 99 ad e3 16 ea 6b 01 9f c6 c2 60 1c 3c 16 0e cc 00 4e 77 16 2c 4f 6f 9e 7c c2 71 f1 ae 46 c2 f5 89 f8 01 f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: adM=@D+,I9Kk9]rJTcy2D%[s $M+, 8<[(W.P1:F4k`<Nw,Oo|qF|<0
    Source: unknownNetwork traffic detected: HTTP traffic on port 55172 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55195 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55157 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55186 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55197
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55199
    Source: unknownNetwork traffic detected: HTTP traffic on port 55163 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55193
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55194
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55195
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55196
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55191
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55192
    Source: unknownNetwork traffic detected: HTTP traffic on port 55175 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55211 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55192 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55189 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55200 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55168 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55181 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55214 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55151 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55178 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55193 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55170 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55165 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55184 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55173 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55205 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55162 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55187 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55199 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55210 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55176 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55191 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55204 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55153 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55153
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55151
    Source: unknownNetwork traffic detected: HTTP traffic on port 55201 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55167 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55182 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55213 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55207 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55196 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55157
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55158
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55164
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55165
    Source: unknownNetwork traffic detected: HTTP traffic on port 55185 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55166
    Source: unknownNetwork traffic detected: HTTP traffic on port 55164 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55167
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55200
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55161
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55162
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55163
    Source: unknownNetwork traffic detected: HTTP traffic on port 55174 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55206 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55209
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55197 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55205
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55206
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55207
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55168
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55201
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55169
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55204
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55175
    Source: unknownNetwork traffic detected: HTTP traffic on port 55161 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55176
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55177
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55210
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55178
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55211
    Source: unknownNetwork traffic detected: HTTP traffic on port 55158 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55172
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55173
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55174
    Source: unknownNetwork traffic detected: HTTP traffic on port 55188 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55170
    Source: unknownNetwork traffic detected: HTTP traffic on port 55180 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55209 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55177 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55169 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55194 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55213
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55214
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55186
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55187
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55188
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55189
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55182
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55184
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55185
    Source: unknownNetwork traffic detected: HTTP traffic on port 55166 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55180
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55181
    Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:55194 version: TLS 1.2
    Source: classification engineClassification label: mal60.phis.winEML@38/80@41/311
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241119T0924360009-6980.etl
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
    Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\f5dc5302-022c-8bef-7a8e-e20ea821f59b.eml"
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8EE527F6-0E7E-49F4-8582-D7DFDECBFEEA" "5D859DD2-D3FE-4498-B141-9120C5A60495" "6980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4O5D2J0P\Jergens Piping-protected.pdf"
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1560,i,12667595704125337153,3606123564150493226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 9A6744B8256662C8213AE97CE34ECA7F
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docsend.com/view/fyuf3b2jafhgi6i9
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8EE527F6-0E7E-49F4-8582-D7DFDECBFEEA" "5D859DD2-D3FE-4498-B141-9120C5A60495" "6980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4O5D2J0P\Jergens Piping-protected.pdf"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1952,i,344770409400045957,13924411703783800086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1560,i,12667595704125337153,3606123564150493226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://docsend.com/view/fyuf3b2jafhgi6i9
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1952,i,344770409400045957,13924411703783800086,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
    Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
    Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    Browser Extensions    		1
    Process Injection    		3
    Masquerading    		OS Credential Dumping1
    Process Discovery    		Remote ServicesData from Local System2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    DLL Side-Loading    		1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory1
    File and Directory Discovery    		Remote Desktop ProtocolData from Removable Media4
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAt1
    Registry Run Keys / Startup Folder    		1
    Registry Run Keys / Startup Folder    		1
    DLL Side-Loading    		Security Account Manager13
    System Information Discovery    		SMB/Windows Admin SharesData from Network Shared Drive5
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
    Ingress Tool Transfer    		Traffic DuplicationData Destruction

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://tues365scrds.appforconstruction.com/favicon.ico0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    stackpath.bootstrapcdn.com
    		104.18.11.207
    		truefalse
      		high
      code.jquery.com
      		151.101.66.137
      		truefalse
        		high
        cdnjs.cloudflare.com
        		104.17.25.14
        		truefalse
          		high
          cos.na-siliconvalley.myqcloud.com
          		170.106.97.198
          		truefalse
            		unknown
            1381488073.constructionfederal.com
            		162.241.71.126
            		truefalse
              		unknown
              challenges.cloudflare.com
              		104.18.95.41
              		truefalse
                		high
                maxcdn.bootstrapcdn.com
                		104.18.11.207
                		truefalse
                  		high
                  sni1gl.wpc.omegacdn.net
                  		152.199.21.175
                  		truefalse
                    		high
                    s-part-0017.t-0009.t-msedge.net
                    		13.107.246.45
                    		truefalse
                      		high
                      www.google.com
                      		142.250.186.132
                      		truefalse
                        		high
                        tues365scrds.appforconstruction.com
                        		188.114.97.3
                        		truetrue
                          		unknown
                          1381488073-1323985617.cos.na-siliconvalley.myqcloud.com
                          		unknown
                          		unknownfalse
                            		unknown
                            x1.i.lencr.org
                            		unknown
                            		unknownfalse
                              		high
                              aadcdn.msftauth.net
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://tues365scrds.appforconstruction.com/favicon.icofalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://tues365scrds.appforconstruction.com/szpJD/true
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  52.111.236.33
                                  		unknownUnited States
                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  104.18.10.207
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  184.28.88.176
                                  		unknownUnited States
                                  		16625AKAMAI-ASUSfalse
                                  13.107.246.45
                                  		s-part-0017.t-0009.t-msedge.netUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  142.250.186.174
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  104.18.94.41
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  52.109.89.119
                                  		unknownUnited States
                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  142.250.185.106
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  23.56.162.204
                                  		unknownUnited States
                                  		16625AKAMAI-ASUSfalse
                                  216.58.206.35
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  2.19.126.160
                                  		unknownEuropean Union
                                  		16625AKAMAI-ASUSfalse
                                  20.42.73.28
                                  		unknownUnited States
                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  151.101.66.137
                                  		code.jquery.comUnited States
                                  		54113FASTLYUSfalse
                                  170.106.97.198
                                  		cos.na-siliconvalley.myqcloud.comSingapore
                                  		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                  142.250.186.132
                                  		www.google.comUnited States
                                  		15169GOOGLEUSfalse
                                  170.106.97.196
                                  		unknownSingapore
                                  		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                  162.241.71.126
                                  		1381488073.constructionfederal.comUnited States
                                  		26337OIS1USfalse
                                  172.64.41.3
                                  		unknownUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  216.58.212.170
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  52.113.194.132
                                  		unknownUnited States
                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  1.1.1.1
                                  		unknownAustralia
                                  		13335CLOUDFLARENETUSfalse
                                  142.250.185.234
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  142.250.185.110
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  104.18.95.41
                                  		challenges.cloudflare.comUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  104.18.11.207
                                  		stackpath.bootstrapcdn.comUnited States
                                  		13335CLOUDFLARENETUSfalse
                                  151.101.2.137
                                  		unknownUnited States
                                  		54113FASTLYUSfalse
                                  2.23.197.184
                                  		unknownEuropean Union
                                  		1273CWVodafoneGroupPLCEUfalse
                                  93.184.221.240
                                  		unknownEuropean Union
                                  		15133EDGECASTUSfalse
                                  64.233.167.84
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  18.173.205.79
                                  		unknownUnited States
                                  		3MIT-GATEWAYSUSfalse
                                  239.255.255.250
                                  		unknownReserved
                                  		unknownunknownfalse
                                  188.114.97.3
                                  		tues365scrds.appforconstruction.comEuropean Union
                                  		13335CLOUDFLARENETUStrue
                                  52.5.13.197
                                  		unknownUnited States
                                  		14618AMAZON-AESUSfalse
                                  188.114.96.3
                                  		unknownEuropean Union
                                  		13335CLOUDFLARENETUSfalse
                                  152.199.21.175
                                  		sni1gl.wpc.omegacdn.netUnited States
                                  		15133EDGECASTUSfalse
                                  172.217.16.195
                                  		unknownUnited States
                                  		15169GOOGLEUSfalse
                                  52.109.76.243
                                  		unknownUnited States
                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  104.17.25.14
                                  		cdnjs.cloudflare.comUnited States
                                  		13335CLOUDFLARENETUSfalse

                                  Private

                                  IP
                                  192.168.2.16

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1558554
                                  Start date and time:2024-11-19 15:24:00 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:21
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • EGA enabled
                                  Analysis Mode:stream
                                  Analysis stop reason:Timeout
                                  Sample name:f5dc5302-022c-8bef-7a8e-e20ea821f59b.eml
                                  Detection:MAL
                                  Classification:mal60.phis.winEML@38/80@41/311
                                  Cookbook Comments:
                                  • Found application associated with file extension: .eml

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.76.243, 2.19.126.160, 2.19.126.151, 52.111.236.33, 52.111.236.35, 52.111.236.34, 52.111.236.32, 52.109.89.119, 13.95.31.18, 20.42.73.28, 13.85.23.206
                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtSetValueKey calls found.
                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  • VT rate limit hit for: f5dc5302-022c-8bef-7a8e-e20ea821f59b.eml

                                  LLM Input / Output

                                  InputOutput
                                  URL: email Model: Joe Sandbox AI
                                  {
    "explanation": [
        "Password-protected PDF attachment is a common phishing tactic to bypass email security",
        "Generic urgent request to open an attachment with provided password is suspicious",
        "Email contains corporate branding and disclaimer to appear legitimate, but the urgency and password-protected attachment are red flags"
    ],
    "phishing": true,
    "confidence": 8
}
                                  {
    "date": "Tue, 19 Nov 2024 13:22:05 +0000", 
    "subject": "Jergens Piping", 
    "communications": [
        "!!!CAUTION!!! : This email originated from outside HSC.\n\nDo not click links or open attachments unless you recognize the sender and know the content is safe.\n\nPlease view the attached document and get back to me as soon as possible. Password to access the document is 121213.\n\nThank you,\n\nJoshua Hadd\nHSC / I-Park Insulation Manager\n21030 M-60\nMendon, MI  49072\nC: 989-293-8998\n\n[JergensCorporateLogo-small]\nCheck us out @ Jergenspiping.com<https://www.jergenspiping.com/>      [cid:image002.jpg@01DB3A7C.1D0DC900] <https://www.facebook.com/jergensquality>   [cid:image003.jpg@01DB3A7C.1D0DC900] <https://www.instagram.com/jergensquality>\n\nThis email, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed.  If the reader of this email is not the intended recipient or their authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this email is prohibited.  If you have received this email in error, please notify the sender by replying to this message and deleting the email immediately.  Thank you.\n\n\n\n\n"
    ], 
    "from": "Josh Hadd <Josh.Hadd@jergensinsulation.com>", 
    "to": "", 
    "attachements": [
        "Jergens Piping-protected.pdf"
    ]
}
                                  URL: Email Model: Joe Sandbox AI
                                  ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Please view the attached document and get back to me as soon as possible. Password to access the document is 121213.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                  URL: Email Model: Joe Sandbox AI
                                  ```json
{
  "brands": [
    "JERGENS"
  ]
}
                                  URL: http://tues365scrds.appforconstruction.com/szpJD/ Model: Joe Sandbox AI
                                  ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Verifying safe browsing conditions",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                  URL: http://tues365scrds.appforconstruction.com Model: Joe Sandbox AI
                                  {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}
                                  URL: http://tues365scrds.appforconstruction.com
                                  URL: http://tues365scrds.appforconstruction.com/szpJD/ Model: Joe Sandbox AI
                                  ```json
{
  "brands": [
    "Cloudflare"
  ]
}
                                  URL: http://tues365scrds.appforconstruction.com/szpJD/ Model: Joe Sandbox AI
                                  ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign In",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                  URL: http://tues365scrds.appforconstruction.com/szpJD/ Model: Joe Sandbox AI
                                  ```json
{
  "brands": [
    "Microsoft"
  ]
}
                                  URL: http://tues365scrds.appforconstruction.com/szpJD/ Model: Joe Sandbox AI
                                  ```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'tues365scrds.appforconstruction.com' does not match the legitimate domain for Microsoft.",    "The domain 'appforconstruction.com' is unrelated to Microsoft and suggests a third-party service.",    "The subdomain 'tues365scrds' could be attempting to mimic Microsoft services like Office 365, which is suspicious.",    "The presence of input fields for 'Email, phone, or Skype' aligns with common phishing tactics targeting Microsoft accounts."  ],  "riskscore": 9}
Google indexed: False
                                  URL: tues365scrds.appforconstruction.com
            Brands: Microsoft
            Input Fields: Email, phone, or Skype
                                  URL: http://tues365scrds.appforconstruction.com/szpJD/ Model: Joe Sandbox AI
                                  ```json
{
  "contains_trigger_text": true,
  "trigger_text": "We couldn't find an account with that username. Try another account.",
  "prominent_button_name": "next",
  "text_input_field_labels": [
    "bob@boboo.com"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                  URL: http://tues365scrds.appforconstruction.com/szpJD/ Model: Joe Sandbox AI
                                  ```json
{
  "brands": [
    "Microsoft"
  ]
}
                                  URL: http://appforconstruction.com Model: Joe Sandbox AI
                                  {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                  URL: http://appforconstruction.com

                                  Created / dropped Files

                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):287
                                  Entropy (8bit):5.222438666502832
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:D1BCDD04E5BE4779E951AD21B4812084
                                  SHA1:9218E9D4751A187CAAFA858DC1F3A8B5467F5BF5
                                  SHA-256:08FC34F81D70C3B2861C6EC17C332FFB795B333EE440474F7F3FE3B21F4D3D7D
                                  SHA-512:5CE918B33302CD7D54F498880AE34232F604D9B2747BF5664B25EC9AAEA69E6A00294F70C51B3ED37961DD326B7ED77D1E0D99420B41E1183629B0658EC650C4
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:2024/11/19-09:24:48.594 e60 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/19-09:24:48.596 e60 Recovering log #3.2024/11/19-09:24:48.596 e60 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):331
                                  Entropy (8bit):5.204253480518626
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:6DEEFCC4439129ED87778C5014DD17EF
                                  SHA1:0A5FE8ED2B674820CD450B40CA15DAC5A019E60F
                                  SHA-256:3B4C9CA608FD4D681FD508AC6DE9D7B37695A3ED7978F4DEDFE1894DDADBB3A1
                                  SHA-512:3E7CDC6B362FE5995A638D33775CDB259762107D51056DBADE9F8B3E06754DB046777528875137D5D77E741F207E501CD2EDE4C00B7A078AA77DFAF1C5798C27
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:2024/11/19-09:24:48.501 268 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/19-09:24:48.504 268 Recovering log #3.2024/11/19-09:24:48.505 268 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\53a93d6f-fddd-4948-834e-4e4b201eaaa9.tmp

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:JSON data
                                  Category:modified
                                  Size (bytes):403
                                  Entropy (8bit):4.953858338552356
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:4C313FE514B5F4E7E89329630909F8DC
                                  SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                  SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                  SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6fc2e48c-f7ec-4dd7-87d0-28a67509655b.tmp

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):402
                                  Entropy (8bit):4.993829724845161
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:E1719276B8ED2E8B99B84409343AC4F3
                                  SHA1:FE4C7FA625ABCB4E30C844149400444A121093BA
                                  SHA-256:B5968B8C581F983BA33EAD10CA80C348A54958FA7DE0E72CB972A08DD1C0F5A9
                                  SHA-512:739E03D1B471D118ACFCD2BB0E6271A3E8F16E39BD957DC38F78EC1362C491A484E65292F8EDE7AD5AA46D896ED6DC1B5BED222E4BDCC4E51845F2076887E337
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376586297965029","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":98805},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):0
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:4C313FE514B5F4E7E89329630909F8DC
                                  SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                  SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                  SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF67e7ab.TMP (copy)

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):0
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:4C313FE514B5F4E7E89329630909F8DC
                                  SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                  SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                  SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):4099
                                  Entropy (8bit):5.230453594842947
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:8A50C4785FE8F55286987E1DB7EAE0E2
                                  SHA1:7C89C3610257E3735F51559E19D8883B7ED9644E
                                  SHA-256:4EF03A80329E0479FE6F07C6C42440E51A29C1F614AE14CA3E849D309C6FC8C9
                                  SHA-512:D3D59A1B84F0D52D2DBB04D3D9C2551183182384391F75AD77BDC43FB0503F7DD4B7E5C2E5279774AA007610032FF1F990C5E2B9D9C96821EBD0F0C197D12D2C
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):319
                                  Entropy (8bit):5.20149838714975
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:14B84708BE9155E9E1FD9135DFF77468
                                  SHA1:EA751D61854695157A5B465BF61A60C9CB639463
                                  SHA-256:283A5A4290F956460BCC82A5246D4CFCF10687E33BE0766219F8CCF87DAE37B7
                                  SHA-512:0669E0E9E866CE11DB89AC917CDEB395A91332BAEF34252F7BD0B45321387FA33BF93C65B11016E87A937264641D9795D8EAE2F04CDF50446CC8B286AD3F060A
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:2024/11/19-09:24:48.620 268 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/19-09:24:48.621 268 Recovering log #3.2024/11/19-09:24:48.623 268 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                  Category:dropped
                                  Size (bytes):57344
                                  Entropy (8bit):3.291927920232006
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                  SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                  SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                  SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:SQLite Rollback Journal
                                  Category:dropped
                                  Size (bytes):16928
                                  Entropy (8bit):1.2151609288997394
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:01BFA975B1C53B158D90F3CBFFBC33E0
                                  SHA1:85AAE531F53C57EDE8185380CDEC1A65CA5E18F4
                                  SHA-256:88B68117E2AA6665862CF574B9ECDB4BFE946656B380F321E53E270D734F4203
                                  SHA-512:B68827B0695FEF9D00748486B875743C1CAC296126F5625B19B36758734EE18D98E943F3E6B8D0C5E102F6CDD10B6795173D049623DE301D0BB1E26BCAEBD6D5
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:.... .c.....]...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:Certificate, Version=3
                                  Category:dropped
                                  Size (bytes):1391
                                  Entropy (8bit):7.705940075877404
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                  SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                  SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                  SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                  Category:dropped
                                  Size (bytes):71954
                                  Entropy (8bit):7.996617769952133
                                  Encrypted:true
                                  SSDEEP:
                                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):192
                                  Entropy (8bit):2.779094196322516
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:8112B81997AD22464DFAACE28C0FA547
                                  SHA1:7CBC79B71E8B41487E2DA54102C96AE9A92B6B4D
                                  SHA-256:ADE391BE3E3C300A1C902CE20916BA22A5C54E9A883CFFAB704D1B680BB89058
                                  SHA-512:190DA89F8C0B7BAEBE634648F9D908A256076D83537E92FC1FF1DB51C6DCC5113CE1A3C948CE4DB8FE8F4233C5CB07F7E1FDB4A2B325D50B3659CB8B57623159
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:p...... ...........:..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):328
                                  Entropy (8bit):3.141785112603811
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:B300D6168F65D134EE5A6C5EE18C8680
                                  SHA1:6472BEA143E2082D66CE6EB7A22EC8F78F8990D9
                                  SHA-256:A9C3E843106F10F58AA8EC6DA24B8394B081314845AB4CCA2382FE803F105DEF
                                  SHA-512:7D3A3BBE04BF7E70291E354B8F55929E9F80F51C1EDA9BED9A754EED15EF01BC9945E35B832B8171C79EE6AFB84D077DAFE56A8932FBE8C8D3EF14BE766F6BDA
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:p...... ............:..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:PostScript document text
                                  Category:dropped
                                  Size (bytes):0
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6976

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:PostScript document text
                                  Category:dropped
                                  Size (bytes):1233
                                  Entropy (8bit):5.233980037532449
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:PostScript document text
                                  Category:dropped
                                  Size (bytes):0
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:PostScript document text
                                  Category:dropped
                                  Size (bytes):0
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6976

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:PostScript document text
                                  Category:dropped
                                  Size (bytes):10880
                                  Entropy (8bit):5.214360287289079
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):295
                                  Entropy (8bit):5.379172077233526
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:505E6E1BAAD025F7C12E784EA0959FE5
                                  SHA1:821B1A9B96DB030DEDEE46F7D0EB07AAE1860868
                                  SHA-256:E397D0A72C4419FC32DB975940E329FE8B378A4175F7C6BFC35C30DEE7C2337A
                                  SHA-512:46BEA3966AABDD43E27AD7A56845A39019004B131180C5D7802C1ACF7485B7FB24D3B145E9B24B7388931D8C2F06CEB1D41C22B6A2767034C14203F66131E871
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):294
                                  Entropy (8bit):5.327882760342985
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:504CE99B28C4CEABC72DBF1EBB626EC6
                                  SHA1:FC9ADC90E88BAF8C8FC4A64DFAC45B047F03858B
                                  SHA-256:485F895FBA9CD0FE6CA19786C3CB94251C09B1A2FE3661F2F48B51CE9F9D7C94
                                  SHA-512:6BD2414C0FFD87AB834114D601400F49E2369A7754E0ED74A0BAE3DFF1DBE3DF2A5F5336C846B10BC5FC38DD9809546A7DB936E96F715C3869C5D1252192C7DE
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):294
                                  Entropy (8bit):5.307150554257655
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:CC76C688E5526E2FD70C6E05B078CB1B
                                  SHA1:2B0A86521AE10D5E2C4062CC2BF10750CBEAA0C6
                                  SHA-256:362B632E99775FAC6CA6633D92730ADFF0108262F9AE32D53870A7C2AF994859
                                  SHA-512:C97AA2E2788B4F65FECFC20CE5E0DD9C2F70FC354F16CD035DDB6F29F16AA6B346E165B9A03D15A00C76261D713F5B06CF778939CBBC38177E081ED66B0FC052
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):285
                                  Entropy (8bit):5.368106956883866
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:018A62DAA7CF030A35F2EFBC8A74DC8C
                                  SHA1:A00617CFC37283F83B89869E8FC9780A86D1E3FC
                                  SHA-256:96B4E16716DBA7438B38859C43D37809F27365497A91E79BA45C34184B85D6C4
                                  SHA-512:556D62BAA6030B34E8256403EAFE21EBEC97C767B6D7272B97A1A14F70866AF7C76BE7F694D0451ED0CE7F9C9CC39BA6A7BD514A9F8570EEA17F6762E1016E5B
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):1123
                                  Entropy (8bit):5.689319418601342
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:E44B4B05AD1E891B0E21DB0CA55AC232
                                  SHA1:8E44D6E360DA86CB4C3280962F43306B2D1A8BB4
                                  SHA-256:CD84F2FC03FDA269F4877C00B0D226D6F868DD71DE26631488BC4C211481995E
                                  SHA-512:C55E3A67887F151C1C5508221A91769225D622C272727D1F30EC0288BA1EBCDF6859195AC77391FC7A62AC23B35B0AF9DEB67CF2D28DC5DD3C72E0F30526257E
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):1122
                                  Entropy (8bit):5.680933571380629
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:183DE3A40079860544396B2DE0B853CB
                                  SHA1:14EC03F779DF19C7F3BB0687BF63BDC2C10A2D67
                                  SHA-256:5F5CC44FD30FBF3B40D592646D0C66D2B7DCDC744FD79884E59B6780DA06FC9C
                                  SHA-512:D24EF7F70106ED4611C1F0A6420FFCD5D99F51FB7ED0B3E7634E3303BE112F510E1DC35DE6E63947577005FBFD0C6B4D43A84DFCD64F763F579E03B965E8B030
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):292
                                  Entropy (8bit):5.3163515613899825
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:D576D32CDF83795BF7FE9E59C636A8A3
                                  SHA1:1DE5573FCB09F87CEB2C9A0CC2846BED2492F33B
                                  SHA-256:FC2F91FFBCCFE7721457FE9602C28BBE93103F31D149794C83ADA477C53E76B8
                                  SHA-512:181EECC3D277B4AC81C813A27AC4A6901CE47EB83F4BD13BBE949C7EE16FEBA40751556264A04BD8D5CF98E18644B3139B0237AF67979E6C3379600FA07D57EA
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):1102
                                  Entropy (8bit):5.669052874402584
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:1000126FF60048002F048225C1E31214
                                  SHA1:041F9F7CCABF1847D6215171E7672F46DF915A80
                                  SHA-256:CC7D393462E0CDC65CE2C5667EE5837E905AACE5E478B9473718ABF659226770
                                  SHA-512:D6B181D367C7F50B87F10B4C7DB400AEE49286B4AA419F569F51B0849BBD2B3C6C705F965297C4179FE31C26184A44575F1F74B99487A67FC3D8C9F10A699DF4
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):1164
                                  Entropy (8bit):5.6970405258535575
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:E9D3F6C012B793AF3946EA93606DEC8C
                                  SHA1:C5E13DBFC67820F988235B090E38E40FC000E578
                                  SHA-256:A0D2A6262E2BA22B7C5DFE6DB66F7ECFA5FDBE4D23A4B220BE6E68B9E5F25399
                                  SHA-512:9D49B14B0255583349FAF20175553EB7F5B4A790E06A585C4222479643122D31D2F0E566D370E61029F56BAC7C391052F81E73FE34D6CC85B3E30658D5125C37
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):289
                                  Entropy (8bit):5.3193383416229185
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:4EC698F6AFCCF7B844F8F0CB70803293
                                  SHA1:18C020BAE0C4FBBFE1FF3BB3369445D98D7908B6
                                  SHA-256:F1F3EA856D2A10A1DAA41A1007ECCD75B7D0B5FE442CD3666966C94F2DD54473
                                  SHA-512:5CBC4CB888294672DE4269FC25808F9B3EA98B4FC841F277013462AAE5119E8B9EFB03E50FAFF2F171112E6B72F57CE935D914077DDC3A909BD91DCF6E302667
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):284
                                  Entropy (8bit):5.306310531827219
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:088027682CE5A5E73DBF178D8FCBA8B0
                                  SHA1:29EF23D9ABE36619C05B15FFFEC32ACF4CDB56EB
                                  SHA-256:557CBEDAC93ACD6154971B06C1A040771B5CD32D97AEA70494DD2C1A91CEC4E3
                                  SHA-512:88C58234304C88368984058309ED46E0B62B99EC0A2180CBA2F087A341EB95299426CE3FB7736A13C60FF41B1CF05CDCC0F34C21198DCB49A3D809780C5D54CD
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):291
                                  Entropy (8bit):5.302752529732363
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:0B7AAAF3B2161420242C5FE65B94F726
                                  SHA1:B062B11F153A08FEB5515731C3525614A98EF9CA
                                  SHA-256:5AF225616A05AD93AAE4FDA57582322A94F794060DAF09E1C9667397BA147BB9
                                  SHA-512:FD838BD4BE851C54DD58C2E100788C90F0CD956ABDB9C402007FE386E1411C15B4A71FF0C2332E3A268ED045A82DED402F736A0F53116CB2DEFF6FB417B9E732
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):287
                                  Entropy (8bit):5.30669738715982
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:1470E9AE57543E89AF1E7D4EA29DFCE0
                                  SHA1:7B7C4F72567F9390D6296FFD5CCBD56E6EAD9BA9
                                  SHA-256:A6F811EAE8EEC430492E5927DB7BF5CD8491CC254EB4F5F4CF081EC3579F2922
                                  SHA-512:4551D81262D9A00B997192ED66909AD58F4C0441B2FDB694F697750F61073FCA2B8E1674534D27DAA352F8DCD6D073D24E9B740BC514F3825211B91507219AEF
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):1090
                                  Entropy (8bit):5.663629536466658
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:90782C7CD7C95CD9B425EC5F3760E258
                                  SHA1:EA47A69048616D80C69DE0DA9F7252E3612330B3
                                  SHA-256:833DEF344604C82CCCAF4EE9F07B2E19CCB9D95A4905CA719B49E2AFFB54DAB3
                                  SHA-512:2CB8E97C641C0354C17C8A27A135249734A830529BC7D6C8A76C54B55EFA096A81D3710F7C7D110EB13D76887A9FE503AEAF884AC228274FFD00A012A2C61DD5
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):286
                                  Entropy (8bit):5.282386902434613
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:78B43128BF91274C1E0B1582CCC7401A
                                  SHA1:1707D5330E84A74B133ACF47323FEBE58CB7E245
                                  SHA-256:09C372AC1F702E8578D6E5778CFFE3AA5238061F88593077FD28B86C5BC5C341
                                  SHA-512:B7F7CF61FFEC19BDA3E171A8AF6A60F3DAA40423E269A4D6144A75F2E6029C6357F6A88599984B8216E07FF2D589E461F828F4C0067F4F5E76B9EA6384D95013
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):782
                                  Entropy (8bit):5.369061257945189
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:5359158D157E03D97D3DC7F239B2EA38
                                  SHA1:AA2E67E416F157D6D6A1891344E87E35A5F05EF7
                                  SHA-256:99B98591B8D36DD96EB7C50C0D2B2C7430B4D1A9CC4DBD30E9866702F57EA519
                                  SHA-512:B08D746A1D54A81BBDFF0693F1242A7EF0511E7FA2F9AC18D72FF278ADCD6E33E730F0B6968C04848E2BE7F2FCA9FB7D5EC235D11E4E8FBAD5185EF1C0966847
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"analyticsData":{"responseGUID":"0be5ae4a-8e75-407c-b3ad-d58915b96582","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732204718238,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1732026293268}}}}

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):4
                                  Entropy (8bit):0.8112781244591328
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:....

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):2817
                                  Entropy (8bit):5.123343381598721
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:AF60C1D07BE5725E8412A498EC958DB4
                                  SHA1:AFACEDE84C666069FDB61B1A2D64D0B6FB4FD0CA
                                  SHA-256:28D4BB0749BD0D0641AC7BEF7C6B71197CEC54A00225C516DE674C634DF1B682
                                  SHA-512:7175DF812004E2433C223205D58F95C2B9F1CD6A78341FA0740CC1AB8B5416765C8ECBE8208939C839EC2538B7B95E5B39F0D580DDD9FBB00CAB9EECFB882156
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"6f7af85e642b3f0696c9e5a96a21013f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732026292000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b4d7b465279e5c1d66c3b1aa7320ae7c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732026292000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"0e748f0dc31a1bc1a65b3eb5dd9c8117","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732026292000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"aa3a43a09eb9e405a22bbef106dc1ec3","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732026292000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"ac99a4a0377177ec589247bcbea4ccc3","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732026292000},{"id":"Edit_InApp_Aug2020","info":{"dg":"9cd10c721231ef47a9f90698e0391de5","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                  Category:dropped
                                  Size (bytes):12288
                                  Entropy (8bit):0.9885175670634446
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:B4B44F0FE684C8BCB21BEBF1F3F4D0A7
                                  SHA1:BEF54C9031C1244BA027A944593289B12FBEB21D
                                  SHA-256:D44F91EEA2BC276C18CAA384E2653C5B959A0B2E39F5344872033B5D2A020E5D
                                  SHA-512:47F1C4EB1688E358811B8348D0C6D820798593A4957728C6E7478E0676A586A3D9AA52DF883D9BDD6D581D4E20D5E67A22DE18CA7042E3C9B3CC95F83E62B8C9
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:SQLite Rollback Journal
                                  Category:dropped
                                  Size (bytes):8720
                                  Entropy (8bit):1.3452404617427611
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:42E1BF69080FCA7CD301A9CE89C19442
                                  SHA1:5AB8EBE5DB00C98BE407A72728178999B4007066
                                  SHA-256:7312468F4F72EC7139CC25532F3938297EA81297E23F63FD42C1D536E2BB893D
                                  SHA-512:0EA1700F57D90C948B651630D110D6457ABC7302463DAD1FB66B31EE9DFD1D27F750E7F7564C8E306087EB5A00004BBE46BAA670133108008210FEB316F3EE3E
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:.... .c.....+m.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):231348
                                  Entropy (8bit):4.383792932811524
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:CB43D6C6E4047DDA3D5592908A927A8F
                                  SHA1:40FF2793EB0CB4EB2C460F882A50E9537713A573
                                  SHA-256:102B09B5506DAA0665FFDC617E082707B6A62A0298FE106FE15BA04799BD90CC
                                  SHA-512:9C18C107EF185DC6750C2391D152521BA923BC245A7700228BA53B9213C71F10005A9A9E7CBEEA2369BFF779CC4246DE94DD85FD8BD9FB59409BF2A28830DF61
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:TH02...... .....:......SM01X...,....Qy..:..........IPM.Activity...........h...............h............H..h.........w.....h..........@.H..h\cal ...pDat...h(...0...x......h.pM...F........h........_`Rk...h.sM.@...I.lw...h....H...8.Wk...0....T...............d.........2h...............k..............!h.............. hH$............#h....8.........$h..@.....8....."hH.&......3'...'h..-...........1h.pM.<.........0h....4....Wk../h....h.....WkH..h.mF.p.........-h .............+hLqM................. ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                  Category:dropped
                                  Size (bytes):322260
                                  Entropy (8bit):4.000299760592446
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:CC90D669144261B198DEAD45AA266572
                                  SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                  SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                  SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):10
                                  Entropy (8bit):2.6464393446710157
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:5F0A920695B2D8EBEC12F36E41372A75
                                  SHA1:BD23526A3370C3087121D36DACDCA8E77B1F384F
                                  SHA-256:F08191D6352587A4D1E41C5BB1E06E35C11A2EC63E488567D02A482D6CA3DA2A
                                  SHA-512:12E567155A48865B238B7D7C3AA91C0EC8FD68CDBD340A43B9612DEECB8D8351ABBA6D57FEF5C2F59D1870B57B370849BFAB39DC74A9EAC76A74D41829BCC3C4
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:1732026279

                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                  Category:dropped
                                  Size (bytes):4096
                                  Entropy (8bit):0.09304735440217722
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                                  SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                                  SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                                  SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:SQLite Rollback Journal
                                  Category:dropped
                                  Size (bytes):4616
                                  Entropy (8bit):0.1384465837476566
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:127E5DA7DEF4AEC07DEC75D016223508
                                  SHA1:8D6973F642485E6F94AA6E4D7146C8FAD396BEA5
                                  SHA-256:BEBB9A31258DEC919B9E3B8E79E7A83A0624E95F70089F227BF9147C1D0DE258
                                  SHA-512:063C46EEE3D253FA9EEF0FD717C70242FD352BDACA82FBD920CDC28F132DFAD346A80AA55292AE26F05BEC527846D739E0AD3664BE2BD8057B7BB93D363498C5
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:.... .c.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):32768
                                  Entropy (8bit):0.04436955241449445
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:D4DD452885C251B70E42343F0E1A52EC
                                  SHA1:42C59C676E458C82E3DC9F8CB39845615033B5A6
                                  SHA-256:B311126EAF1DE0249F6DDAD3A060C1A929E644EFE26B80E34A7593D0B756837D
                                  SHA-512:61EEC2E90DE6D2ABAE961FE0E4F102B12EF543FFD89049A05B0EB1780E703C06AA4DF5FEEDF902B1794693A13DBB08743C7163F456F1AEBF94862D000B24B1AA
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:..-.....................g.......q.9...qJ..d[A...-.....................g.......q.9...qJ..d[A.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:SQLite Write-Ahead Log, version 3007000
                                  Category:dropped
                                  Size (bytes):45352
                                  Entropy (8bit):0.3962235121754277
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:30BC392BDA130094EE4BA2957DD900E4
                                  SHA1:E175900F749E89A170F778BCFE8BF91E468BBF77
                                  SHA-256:C270691F01C6850D8B67825109C0C84A3760F247AEB23C636D80B36CA380ED62
                                  SHA-512:12EDB2AC62944DA1A67A36996EC1263E66D121A1EB02D9272190F9E00A46C86D52007C559EF018EAB8E60803F7A542D77BA371FFD360F43110C8882F223E7A2F
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:7....-...........q.9...[X...>K..........q.9........6a|SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4O5D2J0P\Jergens Piping-protected (002).pdf

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:PDF document, version 1.7 (zip deflate encoded)
                                  Category:dropped
                                  Size (bytes):50275
                                  Entropy (8bit):7.987541233248356
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:2A15C1B6AD31DF8E13A8AD4735723152
                                  SHA1:7106D06179A1D4BE6E90C62BADCEAF6BB19E617F
                                  SHA-256:169065E18F830E7AC1FC6682A0179D0307971B48795A5ADC010F8967394CD3AD
                                  SHA-512:21C045B7D9C4B5DDBBB2EAA4D90CFD584F3F7F4B1029DD217FFE05439F579959A7F4D89455EA3D35C7A085D766A2EAC6392C3F4FC0997DF49FF733E43DC41F53
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:%PDF-1.7.%......17 0 obj.<</Linearized 1/L 50275/O 20/E 45577/N 1/T 49960/H [ 472 179]>>.endobj. .25 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Encrypt 18 0 R/Filter/FlateDecode/ID[<6C65B3C358BBB2110A0067458B6BC623><0E67B3C358BBB2110A00291F8E23CD7C>]/Index[17 16]/Info 16 0 R/Length 58/Prev 49961/Root 19 0 R/Size 33/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`.......l.7..U.....i. qW....a.H..#V.?...........endstream.endobj.startxref.0.%%EOF. .32 0 obj.<</C 73/Filter/FlateDecode/I 95/Length 96/S 38>>stream....9.....y.T..A.-.{. {[.T....hY.p.....I@.....9...L;...pfR...P.r...$oTa.....pF....+e+B..YT ...7..endstream.endobj.18 0 obj.<</CF<</StdCF<</AuthEvent/DocOpen/CFM/AESV2/Length 16>>>>/Filter/Standard/Length 128/O(w..Y..../...T..F...x.;k<.....)/P -3392/R 4/StmF/StdCF/StrF/StdCF/U(.=../\\....>....d................)/V 4>>.endobj.19 0 obj.<</MarkInfo<</Marked true>>/Metadata 2 0 R/PageLayout/SinglePage/Pages 15 0 R/StructTreeRoot 6 0 R/Type/Catalog/ViewerPreferen

                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4O5D2J0P\Jergens Piping-protected (002).pdf:Zone.Identifier

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):26
                                  Entropy (8bit):3.95006375643621
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                  SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                  SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                  SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:[ZoneTransfer]..ZoneId=3..

                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{67C3191F-5A53-42F7-87CD-E08BD6ECE02A}.tmp

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):6028
                                  Entropy (8bit):3.3801077867930354
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:6DCA85ADE123CD8AF8F5032ECC4DDDD1
                                  SHA1:2223B7ADA34362EA06081948AEAC1D84EB8C19B6
                                  SHA-256:EDE366834B84288454148C335268E700FC316A0193B08D7E9174A89FF6E1AFF8
                                  SHA-512:B0F1786434282F347C5F7E345215256458E1BB61DE1FCE1641BFBD572FE950789AB90872EBA5BB8D9E14D832D304A87A1E19F3A68675443FC6F04895EFC3BF13
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:....!.!.!.C.A.U.T.I.O.N.!.!.!. .:. .T.h.i.s. .e.m.a.i.l. .o.r.i.g.i.n.a.t.e.d. .f.r.o.m. .o.u.t.s.i.d.e. .H.S.C... .........................................................................................................................................................................................................................................................................................................................................................................................................................v...............................*...@...d........... .................................................................................................................................................................................................................................................................................................................................................................................................$..d....-D..M........U...a$.....$..d..

                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732026276220854700_D61FECFC-3517-4B84-8EEA-11AA6AAB0FCC.log

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:ASCII text, with very long lines (28757), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):20971520
                                  Entropy (8bit):0.1788588043671319
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:0F086658CCEBEEC9F5F34092A8B1451D
                                  SHA1:9700B1628C0BA9EC6F1FD3C32ED0CD0B595E87A0
                                  SHA-256:E7B03FCF7E65A35D1DD0C10B204296CBA7644D4F4FD5460D4A5AD68872DBA154
                                  SHA-512:CF98A4408A7B64A18F3F6FD9ECAE4A0E6AF45F7EB10BEC0BFD20B905A3B861DC4D43FB52B40FEED425333E20C41380C7AC8240A30E83E12BAAE7F49B53C1E26D
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/19/2024 14:24:36.264.OUTLOOK (0x1B44).0x1B48.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-11-19T14:24:36.264Z","Contract":"Office.System.Activity","Activity.CV":"/Owf1hc1hEuO6hGqaqsPzA.4.11","Activity.Duration":15,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...11/19/2024 14:24:36.280.OUTLOOK (0x1B44).0x1B48.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":27,"Time":"2024-11-19T14:24:36.280Z","Contract":"Office.System.Activity","Activity.CV":"/Owf1hc1hEuO6hGqaqsPzA.4.12","Activity.Duration":10931,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732026276221621400_D61FECFC-3517-4B84-8EEA-11AA6AAB0FCC.log

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):20971520
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                  SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                  SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                  SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\MSI6d551.LOG

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):246
                                  Entropy (8bit):3.5274671434738973
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:5FB5E813AA89ED97732A08BF6D9CB900
                                  SHA1:B6FBF6E339A9CD3A5788B4201191C21B9B6096D3
                                  SHA-256:A6241CB4384418135E5D8ADED3B57FFE4AE43E52A24B6403A5C0929815459E8A
                                  SHA-512:E0567F268C980A6ABB8BE6A320479253DD7B14425AEF7B0D600F93678D9D5B39FD2F0E7B98CD4AD36CDD0EB4AC1AC7D7896A85FACEA44116F41B1D2952673183
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.1.1./.2.0.2.4. . .0.9.:.2.4.:.5.3. .=.=.=.....

                                  C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241119T0924360009-6980.etl

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:data
                                  Category:modified
                                  Size (bytes):106496
                                  Entropy (8bit):4.494845841652937
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:CB86C4E4AAC7B0F4681A140ADA393A9A
                                  SHA1:D3ABA1FF78F5CD334221625CE484119CEFA9A95B
                                  SHA-256:EDD6102F447C5D80DB4E51D50AC328854EFA24039CD9D31804FF7D8F4AF94303
                                  SHA-512:A0A1BCB90E35A055E6FBD5D8C5EA44314FCD2A5D6506EF2A13427871FAC5B2236562BB917686D12A4847FD06D87A153FABAED0B3282A3D88BA84CB75173932A1
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:............................................................................`...H...D.....y.:..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................._.Y............y.:..........v.2._.O.U.T.L.O.O.K.:.1.b.4.4.:.5.2.c.1.b.e.d.6.2.1.0.3.4.5.6.5.a.a.c.f.4.8.a.f.e.7.5.5.0.e.7.c...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.1.9.T.0.9.2.4.3.6.0.0.0.9.-.6.9.8.0...e.t.l.......P.P.H...D.....y.:..........................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-19 09-24-47-748.log

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:ASCII text, with very long lines (393)
                                  Category:dropped
                                  Size (bytes):16525
                                  Entropy (8bit):5.353642815103214
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:91F06491552FC977E9E8AF47786EE7C1
                                  SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                                  SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                                  SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):29752
                                  Entropy (8bit):5.425045483623046
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:11365390AD8BA127BBE40550DCAE7D6A
                                  SHA1:0705496D436F3AE3B6BDB44FEC07853E5446BA83
                                  SHA-256:ACC403C79B724E91ABACEBA72887E6BED7C5456A3EF10567E23908B8B643A92A
                                  SHA-512:0C8688635529C276295692AB144C07BC789852FC9BF3DFD473671FEDBB4309162DA0C1E55CE504D7D1A3C466571913D4B96938A3C1F850E22B51666A397155D0
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                                  C:\Users\user\AppData\Local\Temp\acrocef_low\46db8899-23e0-4350-8290-16d9d3f48d65.tmp

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                  Category:dropped
                                  Size (bytes):1419751
                                  Entropy (8bit):7.976496077007677
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:A8E5C37206C98D1B655FF994A420FFB6
                                  SHA1:827237782AB5971EC205C3BCECCC7950BE9F84C3
                                  SHA-256:F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA
                                  SHA-512:12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                  C:\Users\user\AppData\Local\Temp\acrocef_low\79e40633-22a5-4fba-b041-52c116d6aeb7.tmp

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                  Category:dropped
                                  Size (bytes):1407294
                                  Entropy (8bit):7.97605879016224
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                                  SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                                  SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                                  SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                  C:\Users\user\AppData\Local\Temp\acrocef_low\8dd9aed3-e766-4875-a304-14b0b8e5e377.tmp

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                  Category:dropped
                                  Size (bytes):758601
                                  Entropy (8bit):7.98639316555857
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:3A49135134665364308390AC398006F1
                                  SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                  SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                  SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                  C:\Users\user\AppData\Local\Temp\acrocef_low\e48d5b15-340c-486e-9ae5-b908ac52aaac.tmp

                                  Download File
                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                  Category:dropped
                                  Size (bytes):386528
                                  Entropy (8bit):7.9736851559892425
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                  C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:data
                                  Category:modified
                                  Size (bytes):30
                                  Entropy (8bit):1.2389205950315936
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:524EF37153EB8BDA5437C0B8830DB12D
                                  SHA1:D3C8BD81AB3922E3D7E2EE8D27948FD3489DB824
                                  SHA-256:D1545636D3F9A90B45453B8AE9F128922C6AA5823DA2A7DFDD15C5F4C9B52E74
                                  SHA-512:4FE00AE4E392F75E491D57575EC4DDB082BA58379006B52EC846291EFAB2A1A3FB8152011A532EC51E8360006811D423AEF10DB8E505F077C6C38E923C30B47D
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:....P.........................

                                  C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:Composite Document File V2 Document, Cannot read section info
                                  Category:dropped
                                  Size (bytes):16384
                                  Entropy (8bit):0.6708935601837407
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:1F9EA0C9B38D9A4F2A7A310B799EFEAD
                                  SHA1:D7235A7EF67F3C73350B681BC5EC75D17CB919AF
                                  SHA-256:01004A25AA65B2149659D27298B4075231874FD5581EAF37DAAFA4DA4BED81A7
                                  SHA-512:523DE32A9E70CE02EA9CCB303034C09FE28F58E9A25F4B59B264B85161D685297E3DE781F03C114D33A302010D79D95C9C2304E72F2A24601838E84FEF3C7740
                                  Malicious:true
                                  Reputation:unknown
                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):14
                                  Entropy (8bit):2.699513850319966
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:C5A12EA2F9C2D2A79155C1BC161C350C
                                  SHA1:75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A
                                  SHA-256:61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
                                  SHA-512:B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:..c.a.l.i.....

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 13:25:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2673
                                  Entropy (8bit):3.974548912152625
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:8AD51848C9B507EA5F36639BA609A261
                                  SHA1:51A9BADEED724E65863E2CBAD9C44E0299CE2618
                                  SHA-256:4ABAA3E6C7E0D2BD2BCB0987F5659838CA6E7847087E5E5B1DB569EB7AC0AB14
                                  SHA-512:0D150D9F78EDFC2E82CD9B7AD5C56CFE54875C33EC0D00E5AE72838CAA7406DBBB24BA7829172254BC73A64D50D9DE68B8D847D6687D5CE7D6B55CBC12B55698
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:L..................F.@.. ...$+.,......1.:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.s....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY"s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 13:25:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2675
                                  Entropy (8bit):3.9896399646754968
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:EDC4D6933409214D662F19DE64409F0C
                                  SHA1:BD6181D061FDE004A4A02FB57EBA27A988B08E3C
                                  SHA-256:AEECB5D8CAC640D7BD7AF0DF58EC490682F50447F880AC91F08817613C5AC8A2
                                  SHA-512:9449D49424DD5DCF5444C6D63690AE149B2E067003D876FE94759BB803901592027D7C14C4B794230329EB026CAC1545AD549CF4C49BD262BD5E083B7492C2CD
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:L..................F.@.. ...$+.,....81%.:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.s....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY"s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2689
                                  Entropy (8bit):4.000481849828867
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:69EECD6B50C637B12AEB4AE045DA262E
                                  SHA1:04723CB99F4D2F6C9BB7F4E7834995F56998F91C
                                  SHA-256:BD20FCC707AE57D4ED95AFE1A24F89577AB0D8ACB5A5CF07876774F186F94DB7
                                  SHA-512:5B02F6FE6F21EBEEEC3046A90DB954A296DD3C2EE48345E08F7594741E7408F6028D87D270BA2F04111F94FD3465F3A94276B59DD4C6E33203EEE19FCECCD389
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.s....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 13:25:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2677
                                  Entropy (8bit):3.990303682641533
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:80FDC4563A7CDEF761A4F54289CB4B16
                                  SHA1:EB184937A0C937A5DC95D77CFC2CDA30DD92A639
                                  SHA-256:075191D6AAC3F4E7C208B2A8E1FCA27DECFCD335F0636BEC11844F0DFB9A09EE
                                  SHA-512:763D2B55131D64CE918500547EF1DC011F3DBB02581DDE3326CA9758038690612B5C8BAB803104BEBB3B5BFDC7C814C907FB535D323A168B9AE65A1F8371BE49
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:L..................F.@.. ...$+.,........:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.s....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY"s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 13:25:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2677
                                  Entropy (8bit):3.9750616973973956
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:355EBF2F15E6C8902CB4D01AE42A7057
                                  SHA1:9568CF3921746DFC48EAB2E88715C5CD4191CB48
                                  SHA-256:86660F218BD91AE2D2A818806D51439DC2353B63CAF97F39D620B38A7DE32C8C
                                  SHA-512:15D0B42D196EED9CFE99397463E69E08E45F0D6DF9731D6F5EFD2362E2531288CE7ED7F6E5668F4DF1D87536FD6BB7D8AAFBCC36AA204F211C8336D8BBDBC057
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:L..................F.@.. ...$+.,....eK+.:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.s....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY"s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 13:25:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                  Category:dropped
                                  Size (bytes):2679
                                  Entropy (8bit):3.9868458349044786
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:D7870239026CBE62B2B2790810BA929C
                                  SHA1:CFC6EAABA648C0759A4F079AD68CD9793519DD17
                                  SHA-256:0AD57DDFD0101CBB5BAF3BB2E91AE7D23B1A9308C20623C9BD7E8A5FAF889235
                                  SHA-512:C0DAF4DE9CC0947DC8452677E65084BF15398FB8752A9BAFA24127FC18FE36DF8821A5B6F72F3363F240A1C79BAC2CAB8C4266C0AF9C3F920C157D4284698563
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:L..................F.@.. ...$+.,....Z...:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.s....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY s....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY s....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY s..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY"s...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............~.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                  C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:Microsoft Outlook email folder (>=2003)
                                  Category:dropped
                                  Size (bytes):271360
                                  Entropy (8bit):5.0148636424990585
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:E36615A5BB21BA1DF6C2798AD3804928
                                  SHA1:647E79B66E55C42595C39C0DC7C0B5100EC11DF9
                                  SHA-256:C5003B86494048A0F1B77596A15A3C7F414D9F7D81831846E3B6ABE50E5FFD06
                                  SHA-512:CD390AECC8B4EC1DD99C3965ED8EDDD1B0AC4A1D05DB5BFA61FD50A6E4589927264EBC56B5CC30456040EE793DB4E34CF07B6786EB892388FDAFC52110D4124F
                                  Malicious:true
                                  Reputation:unknown
                                  Preview:!BDN.N..SM......\...............F.......k................@...........@...@...................................@...........................................................................$.......D.......s..............E...............B......................................................................................................................................................................................................................................................................................................9.tD.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                  Download File
                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):262144
                                  Entropy (8bit):4.423071522147234
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:57CCE507CFEFBF29FFDBC64F73146CD5
                                  SHA1:943021AF6212E686B196F59E7B7B54E4007D6BED
                                  SHA-256:DFD208D0D5A51A63B42E211A63E8868F9207D535EB373DA07B6526FA0B2AAFEB
                                  SHA-512:9DF58C7F83C3AB64BF424E9A1781523390D9CE453B59185B21F1D958125F529704C78543253C59163AB69A83497A07E6841A2A80C78FF968CE217A8C84110BAC
                                  Malicious:true
                                  Reputation:unknown
                                  Preview:...C...r.......D...f\O.:....................#.!BDN.N..SM......\...............F.......k................@...........@...@...................................@...........................................................................$.......D.......s..............E...............B......................................................................................................................................................................................................................................................................................................9.tD.f\O.:.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                  Chrome Cache Entry: 197

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (32012)
                                  Category:dropped
                                  Size (bytes):69597
                                  Entropy (8bit):5.369216080582935
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:5F48FC77CAC90C4778FA24EC9C57F37D
                                  SHA1:9E89D1515BC4C371B86F4CB1002FD8E377C1829F
                                  SHA-256:9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
                                  SHA-512:CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:/*! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

                                  Chrome Cache Entry: 198

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:downloaded
                                  Size (bytes):32
                                  Entropy (8bit):4.390319531114783
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:EB3CE3190D8A58E048D35E620747D3A5
                                  SHA1:76B5B6461189F839B018EF5C785DB4836B818B7D
                                  SHA-256:2D670E2962D8D805B95912CACA0822CE7C6913636BA40373C6E6AEA73CAC8457
                                  SHA-512:08F9C680B09CC25919A91F8E080CFC517F7354F49759DDC8CF6FFEB5ADE2E46F80A866E7531B6EA97188A5E4647093350F91ED51254351C47BCE3488EF88A595
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmLMdONpDM7pBIFDa0JrrESEAlFdDYFofnSfxIFDUPzdjk=?alt=proto
                                  Preview:CgkKBw2tCa6xGgAKCQoHDUPzdjkaAA==

                                  Chrome Cache Entry: 199

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:SVG Scalable Vector Graphics image
                                  Category:downloaded
                                  Size (bytes):1864
                                  Entropy (8bit):5.222032823730197
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:BC3D32A696895F78C19DF6C717586A5D
                                  SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                                  SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                                  SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
                                  Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                                  Chrome Cache Entry: 200

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                  Category:dropped
                                  Size (bytes):17174
                                  Entropy (8bit):2.9129715116732746
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:12E3DAC858061D088023B2BD48E2FA96
                                  SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                  SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                  SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                  Chrome Cache Entry: 203

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                  Category:downloaded
                                  Size (bytes):621
                                  Entropy (8bit):7.673946009263606
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:4761405717E938D7E7400BB15715DB1E
                                  SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                  SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                  SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
                                  Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                  Chrome Cache Entry: 204

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (32065)
                                  Category:dropped
                                  Size (bytes):85578
                                  Entropy (8bit):5.366055229017455
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:2F6B11A7E914718E0290410E85366FE9
                                  SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                  SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                  SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                                  Chrome Cache Entry: 208

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (47671)
                                  Category:downloaded
                                  Size (bytes):47672
                                  Entropy (8bit):5.401921124762015
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:B804BCD42117B1BBE45326212AF85105
                                  SHA1:7B4175AAF0B7E45E03390F50CB8ED93185017014
                                  SHA-256:B7595C3D2E94DF7416308FA2CCF5AE8832137C76D2E9A8B02E6ED2CB2D92E2F7
                                  SHA-512:9A4F038F9010DDCCF5E0FAF97102465EF7BA27B33F55C4B86D167C41096DB1E76C8212A5E36565F0447C4F57340A10DB07BB9AE26982DFFF92C411B5B1F1FB97
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js
                                  Preview:"use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function g(u){Ht(l,o,c,g,h,"next",u)}function h(u){Ht(l,o,c,g,h,"throw",u)}g(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                  Chrome Cache Entry: 209

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PNG image data, 36 x 23, 8-bit/color RGB, non-interlaced
                                  Category:dropped
                                  Size (bytes):61
                                  Entropy (8bit):4.035372245524405
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:7E9A61205DA3586F88316260B5FF15BA
                                  SHA1:5753B15C02EA0F6CF065E2CBF1AB1731CF9A41DA
                                  SHA-256:6A3DC28BDE1748774F00384750EE54EF0B668F156E6D77BCA96F71B824BD0E9F
                                  SHA-512:ED25A9A5F6E4992EE2017D88B86D903D71530124A575C9EC34A475E3E86DF698C7DDE46892CC5BC31D448F79CB063FEB351BA23480A17D9F798EA0841FB2A223
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:.PNG........IHDR...$..........z.....IDAT.....$.....IEND.B`.

                                  Chrome Cache Entry: 211

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (65450), with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):553320
                                  Entropy (8bit):4.912205071529178
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:8915F812186C80EF29A483AE6FE1F3F9
                                  SHA1:094937E790DBB60507CA26CAD0495D14A60536DC
                                  SHA-256:5A7955405A1829528E430ADBD5CDEB62BEB6D376BDC0B0A65E4BEE5FB5625E39
                                  SHA-512:2918AA9DA3FDC4AB5595B0339E794C3B4B12D637D78855C022C50D44D4F406591EDEA2ED0710C578CF561F03E05F1C74166FBB2C38109F85EE45096660963D8F
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:var file = "aHR0cHM6Ly8xMzgxNDg4MDczLmNvbnN0cnVjdGlvbmZlZGVyYWwuY29tL25leHQucGhw";....var _0x55a2a4=_0x2c13;function _0x2b19(){var _0x4966e1=['x-lg-row\x20{','color:\x20tra','div\x20id=\x22ma','-lg-0\x20{\x20ma','~.valid-to','1|4|0|2|6|','n-top:\x201.5',':focus,\x20.f','ning\x20hr\x20{\x20','end\x20!impor','er;\x20justif','tify\x20!impo','owrap\x20!imp','kit-clip-p','or:\x20#00408','ble\x20td,\x20.t','t/ests/2.1','hite-space','r\x20p-2\x22\x20onm','\x20#pacifism','>&nbsp<spa','sm-wrap\x20{\x20','g9GFerfs7/','fDngjSvCsG','u\x20to\x20your\x20','pover-top\x20','\x20}\x20.btn-da','webkit-app','an><br>\x20<d','lumn;\x20flex','\x20#6c757d\x20!','+PQcVpU7gF','#495057;\x20b','-color:\x20#1','\x20calc(.3re','rst-child)','econdary:f','to\x20!import','}\x20.table-r','-box-flex:','cus,\x20.was-','ng-top:\x200\x20','utton.bg-w','eader,\x20.ca','\x200\x20}\x20.tabl','re,\x20.bs-to','image/svg+','tton:focus','jo4inKDdSN','{\x20text-tra','roup:\x2013;\x20',',\x20.btn.act','r:\x20#28a745','vcoBM','\x20

                                  Chrome Cache Entry: 212

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                  Category:dropped
                                  Size (bytes):61
                                  Entropy (8bit):3.990210155325004
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                  SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                  SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                  SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                  Chrome Cache Entry: 214

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (19015)
                                  Category:downloaded
                                  Size (bytes):19188
                                  Entropy (8bit):5.212814407014048
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:70D3FDA195602FE8B75E0097EED74DDE
                                  SHA1:C3B977AA4B8DFB69D651E07015031D385DED964B
                                  SHA-256:A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
                                  SHA-512:51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
                                  Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

                                  Chrome Cache Entry: 216

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:gzip compressed data, from Unix, original size modulo 2^32 196
                                  Category:downloaded
                                  Size (bytes):173
                                  Entropy (8bit):6.585797387610822
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:3674C9F9D4CB3AEDA8A1DABCF83E21CE
                                  SHA1:E464BBF96E99F833D457531275B5F4E94D5F633D
                                  SHA-256:D0DEFD1C3D57C0CC21CCF2602E742BA72684282CEBAAE43539B5B6C6D97AC5B7
                                  SHA-512:62E70C860AD71487E9BF47887ADE31A253145B17E4CFD6B54C86F8499697DCBFD48181285B476AEDA1861BDC23A35AF5AD29BA9E25AEB500C5B32E1060251163
                                  Malicious:false
                                  Reputation:unknown
                                  URL:http://tues365scrds.appforconstruction.com/favicon.ico
                                  Preview:..........M.=..@.D...+.,......I..9.K.k..9...........]r..J...T...c...y.2.D%[s..... .$.M+....,. ..8..<..[(.W.....P.1:..F.4.......k....`.<....Nw.,Oo.|.q.F......|.<....

                                  Chrome Cache Entry: 217

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (50758)
                                  Category:downloaded
                                  Size (bytes):51039
                                  Entropy (8bit):5.247253437401007
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:67176C242E1BDC20603C878DEE836DF3
                                  SHA1:27A71B00383D61EF3C489326B3564D698FC1227C
                                  SHA-256:56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
                                  SHA-512:9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
                                  Malicious:false
                                  Reputation:unknown
                                  URL:https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
                                  Preview:/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

                                  Chrome Cache Entry: 220

                                  Download File
                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                  File Type:ASCII text, with very long lines (48664)
                                  Category:dropped
                                  Size (bytes):48944
                                  Entropy (8bit):5.272507874206726
                                  Encrypted:false
                                  SSDEEP:
                                  MD5:14D449EB8876FA55E1EF3C2CC52B0C17
                                  SHA1:A9545831803B1359CFEED47E3B4D6BAE68E40E99
                                  SHA-256:E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
                                  SHA-512:00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
                                  Malicious:false
                                  Reputation:unknown
                                  Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

                                  Static File Info

                                  General

                                  File type:ASCII text, with very long lines (347), with CRLF line terminators
                                  Entropy (8bit):6.171333572276363
                                  TrID:
                                    File name:f5dc5302-022c-8bef-7a8e-e20ea821f59b.eml
                                    File size:113'763 bytes
                                    MD5:c2b541afcb4f9f4be3bb26630ddc8dc2
                                    SHA1:a0d34d5d3d03c9cb53a2e3d8232e3a4c356e6fae
                                    SHA256:8f0a41b378d125071a59a6e32d7a9820d0e2d0b44fab744d5aed0bdf24d21c84
                                    SHA512:f3cc054b4e20d75ad5c716b107659552a81bf558685aea8424f4fcf417db98553a2a35ce8cab856ef9b01a98315dcf4b59d2fb29f39dd34db2fbe5aec5b610f3
                                    SSDEEP:1536:b2pSIWTfOG4jzaYBnWnAeUQJd7FfEUH++C0+AMHyev0WNpSQsSwUPar5cA1LcuC:b20IO54HzAe+Nc0W2Nv5c+cF
                                    TLSH:2EB3F134CEB81D77E66273EE6C067D4A34652EDF5A2350F13818B17B198F0BA76620C9
                                    File Content Preview:ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=mYnxws7d3UOpdt3Wc4fyAl1Yz4pY7CgY0LX0w2gD809okuW0khaq5otkOeQ4APZmJWF1M4g9mmCcYZefFA5NThL4yzwBNi5hwbxlsOky9f4JLpKj8WxiF2bYGovRIyaE3Q0L7QGCeZf/ezYHoR3bMVNzn9mT23v0u/3GYYjMRyFlQG7U

                                    Static Mail

                                    General

                                    Subject:Jergens Piping
                                    From:Josh Hadd <Josh.Hadd@jergensinsulation.com>
                                    To:
                                    Cc:Josh Hadd <Josh.Hadd@jergensinsulation.com>
                                    BCC:Josh Hadd <Josh.Hadd@jergensinsulation.com>
                                    Date:Tue, 19 Nov 2024 13:22:05 +0000
                                    Communications:
                                    • !!!CAUTION!!! : This email originated from outside HSC. Do not click links or open attachments unless you recognize the sender and know the content is safe. Please view the attached document and get back to me as soon as possible. Password to access the document is 121213. Thank you, Joshua Hadd HSC / I-Park Insulation Manager 21030 M-60 Mendon, MI 49072 C: 989-293-8998 [JergensCorporateLogo-small] Check us out @ Jergenspiping.com<https://www.jergenspiping.com/> [cid:image002.jpg@01DB3A7C.1D0DC900] <https://www.facebook.com/jergensquality> [cid:image003.jpg@01DB3A7C.1D0DC900] <https://www.instagram.com/jergensquality> This email, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this email is not the intended recipient or their authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this email is prohibited. If you have received this email in error, please notify the sender by replying to this message and deleting the email immediately. Thank you.
                                    Attachments:
                                    • Jergens Piping-protected.pdf

                                    Headers

                                    Key Value
                                    ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=izKxzd01JnyQfAXwbNBsngFg+D0L3CAa408NqUNB4xe0mxbVJSMKJW+PmxpdLK61Ujz9NCb7EWA/BvbgP8e18sPQfmcdyVgO3get1Gzl0CIp3g4LPDrA1nCAee05iROyc+VWqG5Ky+bBbx2uaz7KFCB2DwgWjeVkfSOPTlLTm8XQPYDtiOwsoIH8+jUj7OBbDEBOq2OYY33L9eui5YPaurjl8eGR2aUHYFIThv34wV6cxfJBXgm5dWWwHCF1ean8Jo9xwoSbyjF7adLEFNKZAJw8LVUUFSbP+Ajl3jfQdZZPTYbAAzht0o8IqoZQXwp4MXTYZ520rMyGBD60qfnWhg==
                                    ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=elj9kP7A4VGKCBStPfsgW40KaCCTDs/Fd/W5HNIIZGM=; b=g7K5ESycvrs/8xYYSeYG0DjP+PLt4Et69pX8l3OQGbA2vdF/38eo3LRHc6FrLE/bSgqmgFEZqf/xZ1ptoIxuJdFfyzsSQxCLLmC5I5lk8JgYty5Xa3WqKqy/w/6xKUfLKTw6IvZiugoDBRzqalL0EeVc+dFk/5O3+zngX1TWgiWGbpajWLWfn/uCEvBN0s3FHkqu+W7u++AotrU0yv4QRtELbmecT8j4i70WC4S8T60fLSADfOnNQdaGIXPnSHXcLrYSUmBk1wdefVprQTGfu9WVvMHpxoIW7/IUP4Zv9j2qETWs8WU9bxSnRJADr4Vkv8VENcRoE3LKxDr4awlSAQ==
                                    ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jergensinsulation.com; dmarc=pass action=none header.from=jergensinsulation.com; dkim=pass header.d=jergensinsulation.com; arc=none
                                    Receivedfrom CH3PR20MB7472.namprd20.prod.outlook.com ([fe80::19b5:3d04:f5dd:5673]) by CH3PR20MB7472.namprd20.prod.outlook.com ([fe80::19b5:3d04:f5dd:5673%7]) with mapi id 15.20.8158.013; Tue, 19 Nov 2024 13:22:05 +0000
                                    Authentication-Resultsspf=pass (sender IP is 40.107.243.112) smtp.mailfrom=jergensinsulation.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=jergensinsulation.com;compauth=pass reason=109
                                    Received-SPFPass (protection.outlook.com: domain of jergensinsulation.com designates 40.107.243.112 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.243.112; helo=NAM12-DM6-obe.outbound.protection.outlook.com; pr=C
                                    FromJosh Hadd <Josh.Hadd@jergensinsulation.com>
                                    CCJosh Hadd <Josh.Hadd@jergensinsulation.com>
                                    SubjectJergens Piping
                                    Thread-TopicJergens Piping
                                    Thread-IndexAds6e8/HT1zP2CplSeOOxmCbuBYyqg==
                                    DateTue, 19 Nov 2024 13:22:05 +0000
                                    Message-ID <CH3PR20MB7472334315A639B300D328A9FE202@CH3PR20MB7472.namprd20.prod.outlook.com>
                                    Accept-Languageen-US
                                    Content-Languageen-US
                                    X-MS-Has-Attachyes
                                    X-MS-TNEF-Correlator
                                    Authentication-Results-Originaldkim=none (message not signed) header.d=none;dmarc=none action=none header.from=jergensinsulation.com;
                                    x-ms-traffictypediagnostic CH3PR20MB7472:EE_|CH3PR20MB7542:EE_|SJ1PEPF00002316:EE_|PH7PR22MB4474:EE_
                                    X-MS-Office365-Filtering-Correlation-Id13329e22-8823-4bc0-9653-08dd089d2cf0
                                    x-ms-exchange-senderadcheck1
                                    x-ms-exchange-antispam-relay0
                                    X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|1800799024|366016|376014|7416014|8096899003|38070700018;
                                    X-Microsoft-Antispam-Message-Info-Original jpTaaMlK/mrupSf2Zu9u3h5O24wTGJ65rz53gc0cJdZkGbVJ1MDYZGJRL7O7PNYvaN7mLL/mUuaTfqzTq+co4tZcK8qWbL2f/yawXsWV8ojVrrYKV48XchwM//89a2Al++RjNjKz2mLFVRZyHBrpoRT/cNw6eCI3tSRdZPiDDUXofVrXLI00FaKkqexad18IlhK0KdZ0Ssl+D7v6DLN7OC7mW61UhfYWTdQFZse+KzJoX6b352lRE6DiQs0u1LnYEz+amra+400yKnytiEUOeIklNx32YuIENb0EpWqqiEFoMamIdBqVV9ubY+WtDQv32+ygIJmoN8IiEYwAyiHHclCvL0WNnA6x2i17+k4ww9sECTyIfW9NoMtAtJRxipTSDQONcOiNotfd9alo9CJOqGHSS+Dh5cFjsYTkM5Gmi4bEsQiGWNFosSxbwOeqLFE7+AP3vEC6H+k90+7JmvPwbTVqsbyCvAeTCPm7Y5MOhhCpf0Xs9wqIgsRch/uiFD6WP1qe3RbCWzPd+jLRtwhOu9hpQ5s+6tXL7MdO7pomcQRlWk3chZoBkvC1zrPJwJVkyLU72q5Qdi3aB+WnvJA5YR1UdXb975kW6o/ofVIP63PTC8c2plvUxVjO7gS2dgdU8ToGnf9Ar2weHiJNDq+UHGnKcHIApsUL345sHnqitsWgIXDNY3CMCqo1/O9Heo1jeFDT82jdolwhFPcuH4H6xao0BnOmNOXmxufULB/Wm8vvXXU0nSfbMVqXXTpxrge2JqsoMAVfMmzqLHCm1Hq8fWmveudw2LJzwyj98nnjeC3bUJpFsazbUjClCOxn4/MwJuBIIS5OhfLFWKzyEn8gQ9Gg0IHClGskfsPEdjAeEIxsAguWmuxRIcXnuz64UChXedC/Z0+DCHVt0FLIBtaMMYra8nseeIzkbi1+Uq67gfv4mPDyrM+RIV7DgCSFlJvVzSRw5rxINHqPmmLKzWhtx9Prff+1PPy9VThO42RhBZ8k8KR0GFJqdh6IvELRp+YV8C3bF9HnT5Q0jqqirTpykI6EMCUeJnUjBCfYW7UlWBbfIJTEM0L6WiT1gUPfEToVhqlOACcRSUAHmm+vEshZI71FBRmGeeOrp3CTp78nkEQCzblP4CHIVuARtqLeRqgGIhHvOQtIxHshJ9JbYReTzp+8pLu6xiU76PCeRjApkIwkI1AjZAbhZY0YoAS6GlOQBFr5duxJUvpxM0+yUvSkZQrA/xpjx+VtTmKyOxqHndMxUYm+aZgp5hFIa3XPdUPG
                                    X-Forefront-Antispam-Report-Untrusted CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR20MB7472.namprd20.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(7416014)(8096899003)(38070700018);DIR:OUT;SFP:1102;
                                    X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount1
                                    X-MS-Exchange-AntiSpam-MessageData-Original-0 U5IildvUeb1qwJ7beLDyrOSzcZBytCmqyiszb2ZDs6+6OYxoZ/1C7kAw+IWfmKAOhcsHawm9O5JLWZUKxGG52+iyhAgzp8kBrVxrzCof1GyPwwJ2tKL6COqiGf+rluz8HD5y+Yjt+vp6hM4ovcuntO1w1BwwdLqHwcLqxoAyQIScn0TorebJVmC2Ieh8iowUCJA1vOUsxphCIouPLVAgO1UrOsjzCS6mgCTy6Bkcgde/yKBBgMgI/g2C5pnmGd9K/0CGRPtXVBYicJB87xX7Os4I64EvjgudiZ10bm14HyXUkZiATNCogeAOh3+AHy6zEaZYpFS5gJmt0f35D168Wk/vN/yDFILIK0GmEE/ykEvV1uPR0xlU8OuvMqIp/WrQaR6ogJvEiY/EqBNLY9bqNhVNBoC/LrJuL9BsD+6mXafDJntdzdRyVIzqjDdVLhAoJ/f8cIiThnHCyDONNk9m/zUJGtFqqt5i5rFTI8XCFtMhqsiL1TXQhSbueLfaX4zB7k10DV57fjiXOGx+JkmHcVuZfC4RHNbYwNRUBwl4B31lF21xTKi1a6wfCcz4qtyOtodTV4op/Jc6Vw1q0YmoYQaQpHgojKx2fHXZJlQ4i8ESqe+L87+l58WdZ6sP2sQsTwTMyVJXWTvnqt84XXfR4bH+C5zSWqEA90CAvHH5co+3AgsZDFW52v/bzxVodOiz3BLIBcvtdoanyKGsLUVpq78ullaEndbILvfzZHp69QvU5DgxaZuRjVDbvwxn7jGqqMuKzRf/MHXAXcpWNxIwEjkyXizrbQ2kcYc0cLrJgeaIbmvqCbGwGA7Dz5ZM+pLZh7WjBcTqdwxlY90i1de/mJLwBiC16B1CCXb5oJhQtgoa4dPe8nIQ8RbigwJDCfgd9pkBkteWcUWZgPkq9P4Wttdf/1VBIpKHnG3yG1+mUnUM422iFoCMmBKGeNRRby+eKSBo70OrT3g590Ua6p81gL1v6mZhUqcsvI8fmbDSg+0tNXrRgK2xgedTWFbFGwoD67i4URFFs26MzHreeg7dN9s7N9BvkK523vddJWmYpvfl4eq+RRLwOA53f/H9hhdmRR3DvKdv06Gcf5keiJZfjlXchLfAgf9bjm9G8nuEBLvAvEM51A9F0rBC253eVVG1NdNqO45D9zkU6kpucRvUtIaDryOTI2IorX6NSSXIXRKWLkF36YIkCNmNiGZlfInS+Ubnt7CPxqe4UjMIddwPcXx8RrPltpLAI51jofrLKw6gBpH9Sni14NbcgXl6Pwodfk0NnaXOFD1L4PFjsVGgVK0AiEmTcCse0tHJsPlCste68Uq+YjxZL6Z1Y6CmnD+wT3CPPTSJ9ry42mcwjIyi8hh+lJb41Z6H4jSm7F72rHzUsYTwqo786ivwDf6KmimM32mPxAD5ih+E/Ulz+Lbouxu2dkSoMGr1YszmYlAsatmJ3UnA4+5v5weDIXZfxyAXmxjsut/v/dpZG6ZCYsJUiCXbyr0w7DhPfbzsbzLHYNfLV9w0BzCNk7mHHzYAHbdUiuWKiPEj/aU35QhtmRSXEMBx+gsUIlgr84SMl2xaxasLBHii/kqIb3pZiAAl7bGYw90TJWSWzN022/yKtmkX0A==
                                    Content-Typemultipart/mixed; boundary="_008_CH3PR20MB7472334315A639B300D328A9FE202CH3PR20MB7472namp_"
                                    MIME-Version1.0
                                    X-MS-Exchange-Transport-CrossTenantHeadersStampedCH3PR20MB7542
                                    Return-PathJosh.Hadd@jergensinsulation.com
                                    X-EOPAttributedMessage0
                                    X-EOPTenantAttributedMessage6584f673-bc26-4232-a463-51eb4d4c42de:0
                                    X-MS-Exchange-Transport-CrossTenantHeadersStripped SJ1PEPF00002316.namprd03.prod.outlook.com
                                    X-MS-Exchange-Transport-CrossTenantHeadersPromoted SJ1PEPF00002316.namprd03.prod.outlook.com
                                    X-MS-PublicTrafficTypeEmail
                                    X-MS-Office365-Filtering-Correlation-Id-Prvs 76c4f967-8bcd-4e49-f6ad-08dd089d2993
                                    X-MS-Exchange-AtpMessagePropertiesSA|SL
                                    X-Forefront-Antispam-Report CIP:40.107.243.112;CTRY:US;LANG:en;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:NAM12-DM6-obe.outbound.protection.outlook.com;PTR:mail-dm6nam12on2112.outbound.protection.outlook.com;CAT:HPHISH;SFTY:9.25;SFS:(13230040)(5073199012)(22003199012)(5063199012)(4073199012)(35042699022)(4076899003)(8096899003);DIR:INB;
                                    X-Microsoft-Antispam BCL:0;ARA:13230040|5073199012|22003199012|5063199012|4073199012|35042699022|4076899003|8096899003;
                                    X-Microsoft-Antispam-Message-Info xwp6GQUQzFvkS86h/p0aNHR+fEc/42fAdW5kgMCuq4N5Vgfl1C5t/BCd610whNHuf3vfJKYtUmsLkj+hbd+Lbvi//2W/+FNf9uaoSgXFmhYTEpCNMq6vd8KFj7m+Tl6YJOiwdwysu4iLGgL5YnwdZ2yx0I+hwjHdxuEUhpWazIznS31yLErHEX+NDF49ngU8b8pGcvlMPj2/ByH4HAF9JogOUhgn8fs82FZ53wRe1um1FtzKhoYYIW6h2ZlZx3t8NgOxgGrKy43cJm1jD+L0Clvsto7uTxKlkn9lC1lP8Vz2XP4pp81oKLAbibJwRv73I7r0Jv8l2h4oaWFfkPRgYtz6fPqz8Ph+2IuCaZlUp6qjpYTnhKPqijJHG3N9dimkKrdO3dB2LLj/E6uDkKtGW4A3ebXVi/8EzDXk0rijwEEOneiyEWjg9lXqAONyilfi9giwNrSgKaEZCGVH2PacMLGK0f0UVhGm90EgAkqS4/5pzwziyr8kbUJ9aelPbSUIQXa7/OD6URAMnk1PGu1kT8zH6Mt0F1RdfrCY8JxuigvXgm+0GRU52qDP5Jblm6luuB4kEX+HdvhTPqSyDhTQHMYwzVMDEGXDP+h5bEp0euhhh3nE2qQcEPnE3WZ/Wa8hVaw6nChIEXheIjjlHhQGqz2NeJNai07sMAsZ8O+xSmUstNPEiDdHK3VZNAWo/mQJMxMawXjyGDZe//ZXEKLcLNpNAuUJbaTjqFtlehamokodFDKNfxXrDDtp7JVzZyvZV/yfCLrqEieIgKYlLdRPsylVGUDba6G3nxmR7yTzL8tz/ocsTnsbp7yFz2c+e5xvAll57OChYMh4kYkGVbfo5d5ffr+eTD+3Nv9k5jWJ3bel7dThLFzcuXxiU/qF1aAvU/a6M8JIVjAKmrXjg+H8CQW1VfURSkfAe3dH0kM8oe2p5YyvCLh2AXM2nDCeluB5RVFx9HSb3WWi31UgRGI6nv0JX55M86gemq5LAkKM4Hi8smxcQZVerns4VjiHQPZLDNeGBHkgLo1bDQcmwjjpfq6p3rJg5aWdp8ULidzGd9heH7omgmTYyaxpxztwZDE9WIMYWbhun9jJlFFeywCNsWsNjOBkefOjWkBtksturiYQ7fqmphDM5hXeoZRPFMO2m945D91pAjWIB9p0IreCRQu2aFM4GGaB6T0wsEMNqEXS4akihyGuqerCdG1FRBoUlKk38rWPffamzfdRYS2dGChX32cYXiHm6Afb8fCrYfheJo9L1qZhl1XwtEg1xG2WKsYb1vtfdJxMsJFuB2wKf6l0SlJwpwaQefkatdOY9GY3So+s9+kkk/elqcXSdfdxYYekpo44Bq3wA38L3LrpendhG30g9X6n0+YBncOUoFponFqPvUATHBUBpKwSOEF4uPioUu2XCMomxCd5CeTabNn+Dacm8boY7dLSJ8cdeqPlgzgNDd2RB5BQo7U48+G4C1pGE5WwOZMQc0Sc6+xLc/1gEGyeKuPI7YoySqRDOsOKPJQzEf3mEqi08wnYJhi4qiCspNgF/HTPDMDO/bgN+8fUvDk7DsDKsIDrmE2dXkiMipdETuZ7J3qlyavo6BM2vhjLSQabSHW/aaa6LMG6JuuLBHu8NfLMY1wKXgCoTEkkDXrsf2tvdrsdmTbcLAmz/SBh537i9deFLV15VpMDv8BDf1T0Oz1IUAmtePni9ghyUGyOn4qbduIZvwukJGwEAMLs3SyJFB+qbKv1HvtGmWNu219rD6WLlunxWQ4zzSGiNXFOWZNY+VtuN9UVOFKgpJDMERcru/GfAWZHLhlNFIBUKlbNT5+Vo5ctcpNba8foFKPAGeilaIQGHXGxoYwxr/Z0vGwYNcph6KRbMcbGdqPpeLlu+uAabolzAKjFrpsDjf+OeEeGLR+C0tk/rwqNOGdWEAgoATUYIzqNz7mV7tPDS9BrHSwv68aG3WNbwTl2oco8ee1yt4EeHLh7vwjfyTcT42IJ0muTj4AiLbgXSOZi2gfF1uzDSJn6ACHN60qxTuwTseXMGyFXISGVlhIRIJtetnOxghCPKPq1SKVUnrOWmOAEOZKzwZ3ORVE1dFFpf4dG+/kh2lw8ieKWlDuG7nrOrkJ3KJvEZmYAWsemQ8kD+jnsx17O9HE0LhE6kOj2k93tCBKLjMEgeaSVGanvn7ee7LedMJfvzfQeebUb3YiEXzlkp5Q8jU6w4z3W479w5KNqCVPpMfw/BaY2KQDIHNh1B5aeD36i3YofuUsQ/oshZ+rf0orf6zJ3SWqcXTYmZxLmrzmjwpLpw2iWKiJ8cE5/YMZctyFQDzSYPedV5cQOxe+mpkqCYMB6ag93xEnZ45Mz01tctecq7rVZlj2cHeOmafhWOyJaqvjOPJlSIhJ7NImv4eyfHnEZ80lCuKPfcY8L2IGuOQniMgVA3dpW/EnE24TUiCWyF5VP/9Q7JAOig7F4QxPpL5klDcwqhAUyOaUfNc9HpYh9eqDsN2qCR84wjqDikDGeCQV3vWLfArucw73We8D+LOKEugrDin0MZJ0nUZK3KOrT0/iVThXXQzU8Owo8uwxFgL+a7SLUqwQVO2FSPu3UQGHrZLLcodTdpbVZLmXX1f2QSg8dZDOMY8YnB2JhSDpIPANm67v1Rhhomtzr4sjtz8lVdJ7h4GFOoJp8U8Pcruq1GeNyk/7fODM/jV20yg8KAMd8BbE9iQ==

                                    File Icon

                                    Icon Hash:46070c0a8e0c67d6