Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg

Overview

General Information

Sample name:FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg
Analysis ID:1560511
MD5:8501e1d0877f75ef0a815418413e97d0
SHA1:8733fb8fce8534202a4c11684e76c2d0c97b8c7b
SHA256:13f2ebe3d2863b0caa13ed16443a275a54ae2d796c5a151481ca886f0525382c
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
HTML page contains hidden javascript code
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 5568 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3748 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4A4BAC7E-3EB1-4B5F-81B5-3222C22B2936" "B23B2BB1-3104-471D-92E1-9E7E9492F690" "5568" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 6924 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\Steamsolutions_Settlement_Agreement_52384746_22471_807886172.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 7116 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 4300 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2204 --field-trial-handle=1572,i,7761268585645680935,8764826032999139796,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aceitesvailejo.com/?email=a2F5bWFtaUBzdGVhbXNvbHV0aW9ucy5jb20= MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 7564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1772,i,11634664136686848852,14190223576951525417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5568, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5568, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: Page contains button: 'Corrected Agreement For Your Review And Signature' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains QR code
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: Suspicious sender name contains random string of characters (FXYMVBUICDBCGEFSRQQDVKCEYOTKYTXJZXLUURIRSTKTYICYVN). Sender email domain (activ8.net.au) doesn't match claimed HR department of Steamsolutions. Document naming pattern with multiple numbers and 'Settlement_Agreement' is typical of phishing attempts
Source: https://aceitesvailejo.com/?email=a2F5bWFtaUBzdGVhbXNvbHV0aW9ucy5jb20=HTTP Parser: Base64 decoded: 1732223709.000000
Source: https://aceitesvailejo.com/?email=a2F5bWFtaUBzdGVhbXNvbHV0aW9ucy5jb20=HTTP Parser: No favicon
Source: https://aceitesvailejo.com/?email=a2F5bWFtaUBzdGVhbXNvbHV0aW9ucy5jb20=HTTP Parser: No favicon
Source: https://dorkxystus.info/?jliiyvjd=3a6fd2c97d3ac00dce5e72a4fa4cdc59d4910128216c056f29a610b4b28ba18e43df2ab42abbb84c895994d1375bd1e134c4e84db17e94792b89e15388435850&email=a2F5bWFtaUBzdGVhbXNvbHV0aW9ucy5jb20%3DHTTP Parser: No favicon
Source: https://dorkxystus.info/?jliiyvjd=3a6fd2c97d3ac00dce5e72a4fa4cdc59d4910128216c056f29a610b4b28ba18e43df2ab42abbb84c895994d1375bd1e134c4e84db17e94792b89e15388435850&email=a2F5bWFtaUBzdGVhbXNvbHV0aW9ucy5jb20%3DHTTP Parser: No favicon
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\Steamsolutions_Settlement_Agreement_52384746_22471_807886172.pdf
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\Steamsolutions_Settlement_Agreement_52384746_22471_807886172 (002).pdf
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49760 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 27MB
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: aceitesvailejo.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: dorkxystus.info
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49760 version: TLS 1.2
Source: classification engineClassification label: mal48.winMSG@38/50@19/222
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241121T1614380134-5568.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4A4BAC7E-3EB1-4B5F-81B5-3222C22B2936" "B23B2BB1-3104-471D-92E1-9E7E9492F690" "5568" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4A4BAC7E-3EB1-4B5F-81B5-3222C22B2936" "B23B2BB1-3104-471D-92E1-9E7E9492F690" "5568" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\Steamsolutions_Settlement_Agreement_52384746_22471_807886172.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2204 --field-trial-handle=1572,i,7761268585645680935,8764826032999139796,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://aceitesvailejo.com/?email=a2F5bWFtaUBzdGVhbXNvbHV0aW9ucy5jb20=
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1772,i,11634664136686848852,14190223576951525417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 0D693946EAACF6D1306B6E59E53B9754
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\Steamsolutions_Settlement_Agreement_52384746_22471_807886172.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2204 --field-trial-handle=1572,i,7761268585645680935,8764826032999139796,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1772,i,11634664136686848852,14190223576951525417,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\Steamsolutions_Settlement_Agreement_52384746_22471_807886172.pdf
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\Steamsolutions_Settlement_Agreement_52384746_22471_807886172 (002).pdf
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Modify Registry		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dorkxystus.info
45.11.182.166
truefalse
    		unknown
    bg.microsoft.map.fastly.net
    		199.232.210.172
    		truefalse
      		high
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		high
        challenges.cloudflare.com
        		104.18.94.41
        		truefalse
          		high
          www.google.com
          		142.250.181.100
          		truefalse
            		high
            aceitesvailejo.com
            		172.67.207.205
            		truefalse
              		unknown
              default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
              		84.201.208.106
              		truefalse
                		high
                x1.i.lencr.org
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://dorkxystus.info/?jliiyvjd=3a6fd2c97d3ac00dce5e72a4fa4cdc59d4910128216c056f29a610b4b28ba18e43df2ab42abbb84c895994d1375bd1e134c4e84db17e94792b89e15388435850&email=a2F5bWFtaUBzdGVhbXNvbHV0aW9ucy5jb20%3Dfalse
                    		unknown
                    https://aceitesvailejo.com/?email=a2F5bWFtaUBzdGVhbXNvbHV0aW9ucy5jb20=false
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      84.201.208.106
                      		default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comPoland
                      		34390NPLAYTELEKOM-AS-PONPLfalse
                      172.217.19.227
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      172.217.17.46
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      20.189.173.4
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      104.18.94.41
                      		challenges.cloudflare.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      52.109.89.119
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      52.111.252.18
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      23.193.114.18
                      		unknownUnited States
                      		16625AKAMAI-ASUSfalse
                      162.159.61.3
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      54.144.73.197
                      		unknownUnited States
                      		14618AMAZON-AESUSfalse
                      35.190.80.1
                      		a.nel.cloudflare.comUnited States
                      		15169GOOGLEUSfalse
                      107.22.247.231
                      		unknownUnited States
                      		14618AMAZON-AESUSfalse
                      92.122.16.141
                      		unknownEuropean Union
                      		16625AKAMAI-ASUSfalse
                      52.113.194.132
                      		unknownUnited States
                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      172.217.19.238
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      172.217.17.35
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.181.100
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      74.125.205.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      23.32.239.83
                      		unknownUnited States
                      		2828XO-AS15USfalse
                      23.195.39.65
                      		unknownUnited States
                      		20940AKAMAI-ASN1EUfalse
                      45.11.182.166
                      		dorkxystus.infoGermany
                      		42708PORTLANEwwwportlanecomSEfalse
                      52.109.76.243
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      172.67.207.205
                      		aceitesvailejo.comUnited States
                      		13335CLOUDFLARENETUSfalse

                      Private

                      IP
                      192.168.2.17
                      192.168.2.13

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1560511
                      Start date and time:2024-11-21 22:14:06 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:24
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Sample name:FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg
                      Detection:MAL
                      Classification:mal48.winMSG@38/50@19/222
                      Cookbook Comments:
                      • Found application associated with file extension: .msg

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, TextInputHost.exe
                      • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.76.243
                      • Excluded domains from analysis (whitelisted): roaming.officeapps.live.com, ecs.office.com, omex.cdn.office.net, s-0005.s-msedge.net, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • Report size getting too big, too many NtSetValueKey calls found.
                      • VT rate limit hit for: FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6b817b6d-cf08-487a-b20f-4c2b7b8d9d2c.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):476
                      Entropy (8bit):4.972387324326547
                      Encrypted:false
                      SSDEEP:
                      MD5:85DC98575DA17F09D2C254C63B42A54D
                      SHA1:1CEE4FCEC8E9EF261A185CB69B67EEFC03E569D5
                      SHA-256:0B879A23429C9BC6E365264C15B459796ED63CA334001AA983217E9B1E922E04
                      SHA-512:56BA93D738F4EFB43189C69094D405BC83A78F505208A4A828ED38F8CF55B5E61F037FBE7BF1BFAC1DAB12FC2C3096BD90E7A6669095FF42C483B6C9744A734B
                      Malicious:false
                      Reputation:unknown
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376783710535276","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":667544},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):0
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                      SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                      SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                      SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                      Malicious:false
                      Reputation:unknown
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4011bb.TMP (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):0
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                      SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                      SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                      SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                      Malicious:false
                      Reputation:unknown
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e70f6f29-9e38-47f0-9ffe-7a4f59baed1f.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):384
                      Entropy (8bit):4.932552339462053
                      Encrypted:false
                      SSDEEP:
                      MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                      SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                      SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                      SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                      Malicious:false
                      Reputation:unknown
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241121211506Z-172.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                      Category:dropped
                      Size (bytes):65110
                      Entropy (8bit):1.8348166050748467
                      Encrypted:false
                      SSDEEP:
                      MD5:2BB871C8290872DC18537949A62DA5DF
                      SHA1:03BCE4EBA9189979C6F1EA78801AC297E91434ED
                      SHA-256:392A1F272D4FB3454913CD13A7FC4955BED5F512535EDFE7F236D7D4D2F10116
                      SHA-512:B619EA3AF53FA5082B75FF565178FA548AAD6C62DCD242F3287DCA874F79606C02D221B0D90954C3CF65A9738BD384315266BDCCB1BE30EFA41ED23B26579E67
                      Malicious:false
                      Reputation:unknown
                      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                      Category:dropped
                      Size (bytes):86016
                      Entropy (8bit):4.444883801723904
                      Encrypted:false
                      SSDEEP:
                      MD5:D10F3EE3603A0DA605A96FEBE533D864
                      SHA1:282B8AAE30A4650A85C4FF7C29B5615D703AFAF0
                      SHA-256:AB11972DCB3D2441243D01CD15FB3D42027DA725998F4D187435CBD941B20552
                      SHA-512:AA91BD85C1E8679F35A02391D5943B885ACB724102E06E10F7FA8014A871DABDC334DCB63B6FA2672C40BBDFC0DFC49546AB6AC2A42198F6E50EC0A209688366
                      Malicious:false
                      Reputation:unknown
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):3.7666580304903703
                      Encrypted:false
                      SSDEEP:
                      MD5:9F751867BD78BAC910F500FFE553A2F7
                      SHA1:60EC78AC804DB165050B4062CB923A109D5D8FA4
                      SHA-256:8B393FE49CDC014B65EDEEFDAC6B2EB1972EABB0EE383A52A82707F72D565FB7
                      SHA-512:0AB4014919DA2206D65011BCC82DAEF4F8A815FA4192CD78EBDFBCC682C0BD0E20B28E65212F24DDE36CDFD6160C0ED4036A4EBB454A82FC759D7965EC138D61
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c.......m................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Certificate, Version=3
                      Category:dropped
                      Size (bytes):1391
                      Entropy (8bit):7.705940075877404
                      Encrypted:false
                      SSDEEP:
                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                      Malicious:false
                      Reputation:unknown
                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                      Category:dropped
                      Size (bytes):71954
                      Entropy (8bit):7.996617769952133
                      Encrypted:true
                      SSDEEP:
                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                      Malicious:false
                      Reputation:unknown
                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):192
                      Entropy (8bit):2.742553200765872
                      Encrypted:false
                      SSDEEP:
                      MD5:26FB3128DBB815F8ECE6824F3007D43F
                      SHA1:6EAB95D83D9B927AF867D53172967AF077857E81
                      SHA-256:BBF0EB8B6994B80E64A9C87B92B1F0D72BAC5B27BA2F3C435A950E029DE308C7
                      SHA-512:F2E4A36FF8F32D3A424E9CDD48D2125DF71CD1668D4BA9F112C0BFC1F446F3356DFF58B337D9A62888E35DC267130E11587B8C9AD2D962A1ABF2B6FC553641FB
                      Malicious:false
                      Reputation:unknown
                      Preview:p...... ........si.tZ<..(....................................................... ..........W....J...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):3.4514189380640397
                      Encrypted:false
                      SSDEEP:
                      MD5:21DCAB43F69354E472153124548F1213
                      SHA1:CB626A7FFB6CECC6F5EA9314AFCAC337AAD96B60
                      SHA-256:840F98D66B97F8C957D07D1F0496516A2CDFF464285C64599D3F1B298545A967
                      SHA-512:87A007F12FF2EC5CAB5D93A8BA95ECA80C4A17ADD9399AC877D7691B44B36D1845FA5711E7B2BC6F509BED1D5DEBEE1A386174D7B1E7067A9B00A3EE55002540
                      Malicious:false
                      Reputation:unknown
                      Preview:p...... ........q..dZ<..(...............................................B:.VZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:modified
                      Size (bytes):328
                      Entropy (8bit):3.150184159866505
                      Encrypted:false
                      SSDEEP:
                      MD5:6A5E52C4CEA3ACFDCC0F3BBB53032D51
                      SHA1:843AF162156521CBB6163878BCF3973EE732A07C
                      SHA-256:029E644E4EB6E15D626E0FD8062FCA6BF6F11178E90B977F47A971ABFBF1E9CB
                      SHA-512:2B420FDF1593B7A013A9FECB42A3F8B517B9D658E26BE092E25D32029BF3EE2F51D8AE229B92E1A8C8A4CD7EA1AE9C47C95F2BD513C724B3A5CC4E91651EF6E9
                      Malicious:false
                      Reputation:unknown
                      Preview:p...... .........'`.Z<..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.376833803142952
                      Encrypted:false
                      SSDEEP:
                      MD5:F06B9FE949CA32A02C4B3F56E8440926
                      SHA1:94EC2D7D91B51E758E7BD7C7F2FE7D399BB375C9
                      SHA-256:E82D9582B64086023896666F03B7297F3CB349CEF5594E85D4ADAD3EE8A8DED0
                      SHA-512:B2A9405B9FAE155A19E34426204370AA746FFA82473F9BCE29B95FE07F3563D1140B1EAE23F68C1E5493F1C5CF9252FECCD50E08C2BFDB86AEA5797112121AC0
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.328459545379163
                      Encrypted:false
                      SSDEEP:
                      MD5:FDABB111876CFB62F10D1AA7BEA77478
                      SHA1:E8DEA6E12880084FCBFB644CF67B7351AD0BA0F1
                      SHA-256:8EE872C96AE8B7ABC708910374BB18EAFBC30F09C09424BACCC8F4F73F61C97F
                      SHA-512:8BC1E65FB8A9E903DE191D4BE604C200EDC352E163361EFD661785676C2427E1A88AD684D7AE2295AB19B965AB39F4199BD415ADB3D5B77E47B56464E24780F0
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.3064121453785225
                      Encrypted:false
                      SSDEEP:
                      MD5:004BC60D7F3ABF03EC7CA56FFEE44892
                      SHA1:095262F413235A5DCB5BECE1BD33D94AE2B3376A
                      SHA-256:795CEE059DCCC1A1AECA888F8043EF7B70A9D56463A8B71F7A49DE6F5D3DE73F
                      SHA-512:A900CF5F43633F8082928BA1134E70631EADCA52F0DD41C7622BB23368480DE141513B9CB240AB337A7012BED250D8F8B189F4D9C41E3C04D5B8F3E3EE74C4FC
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.363402933110869
                      Encrypted:false
                      SSDEEP:
                      MD5:7BA586F9284877AD772F985E56F99D6A
                      SHA1:70B0C2101E334931E9D5B2E0323381978EC069D8
                      SHA-256:91B646778CF77B546DC0D97A52E2CE657089AEA572F232D6BF6163615F139A72
                      SHA-512:276877036FB1DFA6BF652F26B2AAC6B0C92D4BC2BB9101991445D40CA3C3EA899DDA3669CD2159D1D40C1492B5882146715943C21BBEF14C2378B15A18E83836
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1123
                      Entropy (8bit):5.694026133568598
                      Encrypted:false
                      SSDEEP:
                      MD5:169E170940749D84CCC97B219D443316
                      SHA1:3814F3FC13D2948C81C9D8C5093CA36D38DD510C
                      SHA-256:B82464039165940072DE45111074401DDFFCF2BCD157C26E47EF298BB40CAC67
                      SHA-512:B83E1E55FA71DFD01004E1A5FBDBAA178067EB9CBF693B0EE6BD1C6AA7675D26855B37BBFDDE119AAAD770F9D6A7E0B9BDE8DB72EE2DD68700DE78D90D742F7C
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1122
                      Entropy (8bit):5.684605585266537
                      Encrypted:false
                      SSDEEP:
                      MD5:B66E3437C9F4E60310BA05A11612F531
                      SHA1:08A6639CB9EAA240CF7E265ABCF6841E9A74234F
                      SHA-256:B61F21CF4231E13032502B41A6D4BF96DDD489C389F3DA27749CA9FD424D05D0
                      SHA-512:096D8162BCFF5D22E679B6086D4EE96C515CAC4B69CC1C43882EB4B6E5CDA156D659C2DEFCD2EA1E237919B48019ACFC9C93ED2D574896A781DCC9FD8CE843C1
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.315318243848198
                      Encrypted:false
                      SSDEEP:
                      MD5:F0C4E57877B0A3C4B8F5BD1E603D0BA7
                      SHA1:9774AB45DFA33CA9BEFB7C916BE400CA24FB468D
                      SHA-256:636983ABA792F02FEFFD53E30C237FADAC748750175EBB7945BE6D107B5261DD
                      SHA-512:56022AA67EF7C690264C390F931A02374A4B2AEB273413CC186D8109634007CC0027D765F62193C43F6350F28187EFA443B7CE701C1E53C212EDD10B578CF86D
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1102
                      Entropy (8bit):5.669925131538177
                      Encrypted:false
                      SSDEEP:
                      MD5:D72DF6980E4B51F5EAA3B44D5E2AB573
                      SHA1:EFE1807C52127458639591B8E309F83D1233489F
                      SHA-256:1AA31B705B19E03EFB0590AC9A413EBC47D9061AA16D986630BFF89BBABEDF76
                      SHA-512:6FF675FB53A4570E43181D35018C33F4AAFD2901735BBE60EB0DCE61184D078189F2D49791F398DB1040A5A760657F9C812FB1835EAFC589837E190360B19855
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1164
                      Entropy (8bit):5.69904307576691
                      Encrypted:false
                      SSDEEP:
                      MD5:8DCAFF792FFFC1E422E7AE5F83F5A7DD
                      SHA1:FCF1F81E9BAD1E70C10831A50FAA891AA6032042
                      SHA-256:ADFF1DBC2A4811125BCFAA0C519D6B523DC243B2E409B6CFB3BA7FBECD7B9461
                      SHA-512:2F7334188B1055906F27967FEC01B5127678B523E94E0CA9C0E59E9CA2C7627AE9519910A78D83489F7F6C0B12BCBF845717978E8812B2B67289E31471015867
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.32172227698601
                      Encrypted:false
                      SSDEEP:
                      MD5:D54F272E9022DD79FF92F7EE7336845D
                      SHA1:39BBA4B37ED0B7BA7D462C7CCA954AA0343D18BA
                      SHA-256:5FEDA3BC2E391FAE00DE73BF470F9EC5D88164C4C1209922E7B62DC419538441
                      SHA-512:73157798310638AD3CAE7C4C5B4467602D81ED5A83EC068D8EB5CD14363D00AF6858B4BD6932434843C3DF8CA24CBA4CE5F46C202BF2ABB71BA571937A8D37CD
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):284
                      Entropy (8bit):5.307837382729822
                      Encrypted:false
                      SSDEEP:
                      MD5:7BEB539AC535AB093F530919A3B9566E
                      SHA1:C8BF2A8C86B347EB37332065A6BB9C4DFCA08E95
                      SHA-256:B6A38FA7A572EE4E98013F82259A17D48348A6D2F07D4465EB7C1246A7D358EB
                      SHA-512:D94C8BB08A258EE5F4414F96EF5E7D728A064007BBF746CE6A0BD30ABDF2578B7A47BA73482531C7BF8B971E05B11B12BDF8F6760974E3BF5881B831C0DADBF0
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.305120080659969
                      Encrypted:false
                      SSDEEP:
                      MD5:1251FBFEDA112BC54A5435311EE6368A
                      SHA1:7FD689AE4AF37EADD9495550DB93FD71EEA531B2
                      SHA-256:BF1EEF2B10E5FBEAE5323DACFB55BDDE17331D08C36A8B6C65C28A97552FEC28
                      SHA-512:76FD1EFF8B024928BAB541F88AD67324988C787F50BBBF273A2A668E4813639F8A632FDEB0CACF5CD6575ECC79A13D5ECDE93FE270493B4DDC7D3B1CBD9D0D32
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.3067795880846536
                      Encrypted:false
                      SSDEEP:
                      MD5:54AB6184AEBA311561BF25D6EC08051F
                      SHA1:111E76E82F19B2F867D0284DCB87EAC8D181E075
                      SHA-256:C9531F28B422BE79891A6C39DD8383214124E473C462BF7236762AC412514B52
                      SHA-512:2C249600BF0F17BF07EF54364925B46BDF6A3CFF5349255B8B4A2F84DE904E323F57AAF3128652A47485B6A594D849822D23452C69B8B4E7BDA1861755A4E0D8
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1090
                      Entropy (8bit):5.66885166920423
                      Encrypted:false
                      SSDEEP:
                      MD5:8A8F407BFC1025DF103F96824BF804E0
                      SHA1:4CC6FE2864EE8838ACAA72BA59035F8248CF1DC4
                      SHA-256:F8C9267FE9EABA22F881852BE2ACCD83BFD801BB227A99E6EB562D2261577272
                      SHA-512:3C4EFE87A96769543E48E93F5C23B56549D50279D0DF40225D59E9D5DA2A932EAD765293962762A0D5B16F83835C783F52897781778672684E44E47F9A6B2DCE
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.281344335093634
                      Encrypted:false
                      SSDEEP:
                      MD5:FA75B4F56774F5337A54176C186498B4
                      SHA1:82CD6A4E9A8DE0427D0BC7C7DFD826BBA71854CA
                      SHA-256:D3135315FB0747C0A4C58B83362E2F23CFFF6CC3C08A0F1A82A27230BA9624F1
                      SHA-512:CE7446CCFC31E4E4441686B2DD1C9839CDE9EAD02BFF4F1AC89909D2B8352602DF0A7DA66766ACC5A6DD88F69D5E9EF24CC84B22A721FCAE12DD868999D450F8
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"5125a027-9359-428b-99c2-0bd5dcd39951","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1732403187975,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Reputation:unknown
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2817
                      Entropy (8bit):5.118870887178768
                      Encrypted:false
                      SSDEEP:
                      MD5:012F3086726E924B9AFE68F6E6273753
                      SHA1:3AC17A7300115EE5A08B16F7CB7F8A0474CA302A
                      SHA-256:FAD1C194C649A8BF96DFF0E4C7FDEC4196D954781BC0949C30D9BEC467C9878A
                      SHA-512:667617C02E83BB1AE2FFDF998F7C0EED36E492F7E5832766204D6346E8BF9EADD0B19041738B77EDA332D7EBFC263129F8E8868485A88A85B75D39F84351552A
                      Malicious:false
                      Reputation:unknown
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"41b21a94cb49209f4053e38aaa7697e2","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732223712000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c9817f4074a76529648f848ddc8705a1","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732223712000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"b9b9df5efd2b30b211a3a99ff1a3f4f0","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732223712000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"7bca7ad00298f431fdb229370f5d3f0c","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732223712000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"c2dd9ff2e8df5976524d6ad60754a2e5","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732223712000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"d63e98631ebf724f9b8f24aaf675ee5d","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):1.3571635399484125
                      Encrypted:false
                      SSDEEP:
                      MD5:30A5FECA6871028AAFA8A51C5489F3DD
                      SHA1:E6D25E1EBF9E3B1CD4226344328BE10800AEC763
                      SHA-256:CC53C04E21B2E0BC752A61CB52C1A08C452C290B2E0D3EE847A54AAFCC3C2D7B
                      SHA-512:080214E86DE50E788CDA09067E647E2B94D249C7D66EA40F6505AEDDCD9E70E053FBB85AD25B51311FF264CE79481FF74B184FFEC3A7A5235AB14377BC0FC33A
                      Malicious:false
                      Reputation:unknown
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.8315985192568038
                      Encrypted:false
                      SSDEEP:
                      MD5:5F41D24D297C86A84F6EC80C2A8F2E01
                      SHA1:0B762141B207339321ABA8719885FA758774046F
                      SHA-256:CD181C6B5070388F82AB494CB4467B5519713E52D31DE9789D99315600202CF9
                      SHA-512:6B49B056A693CB8A467693AABB9DE4A3AAB7F9F62CF46B2F4E3A32B55D94B008977EB1F4560208E9060895677C87A7466B57BD1E8453C6F8EFA3B8E8644B8D77
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c........}......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):231348
                      Entropy (8bit):4.382789238894823
                      Encrypted:false
                      SSDEEP:
                      MD5:D739A51E81C78C653ACA732A325EA32C
                      SHA1:32518141B39E236B0FDAE2C20F51F77958762890
                      SHA-256:5B4DED3E201526F29D4E18E072BEA9F7F2FBA8E0014F27F1F8ACD3B337092970
                      SHA-512:50F1039626162934215608E45831979BA7A975A3D91FDE9E99541EC5DA8E7441EF6CE2F3114C8CD8EF5CB61E2612B9A6A59CA50AAEDE6176CDA5B6B04C545AC9
                      Malicious:false
                      Reputation:unknown
                      Preview:TH02...... ..*.UZ<......SM01X...,......UZ<..........IPM.Activity...........h...............h............H..h.A.....J..|...h.........K..H..h\tor ...AppD...h.Y..0...H.A....h...............h........_`.k...h...@...I.+w...h....H...8..k...0....T...............d.........2h...............k........4.;...!h.............. h........`.A...#h....8.........$h.K......8....."hP.............'h..X...........1h....<.........0h....4.....k../h....h......kH..h.O..p....A...-h .........A...+h.........A................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:dropped
                      Size (bytes):322260
                      Entropy (8bit):4.000299760592446
                      Encrypted:false
                      SSDEEP:
                      MD5:CC90D669144261B198DEAD45AA266572
                      SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                      SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                      SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                      Malicious:false
                      Reputation:unknown
                      Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):10
                      Entropy (8bit):2.6464393446710153
                      Encrypted:false
                      SSDEEP:
                      MD5:A6EFE7DB1C61340919536587F683157F
                      SHA1:11D01B9FDD5C5336662D713A4BD8B33BEA24AE36
                      SHA-256:C4F952C29853C09372A08E8CF6651FC1B293D94C2B1388AAAF31BAAA598C43E6
                      SHA-512:E7769F80E14B03648FFF33A8125ADB0CC587CB9F59794AB81E29618C677233C5CEF980C6989CC7BE0ABE45DF783E49155330CD55F2B5D9EB751F29FD4FD92CA4
                      Malicious:false
                      Reputation:unknown
                      Preview:1732223685

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):4616
                      Entropy (8bit):0.13760166725504608
                      Encrypted:false
                      SSDEEP:
                      MD5:C462B2118D75C543EC6549EE2CA2FB94
                      SHA1:71BFCABC94AEF0762743E8ABED151C39691059A3
                      SHA-256:F9DACE33D7A1F3B9B8F5DAA346F6AE7599546BAD1AE7D60B66608D0A537C6594
                      SHA-512:DE67CE1CD33D92D6A6008899AF2BDBF4680F0B7191064888450976CB3743AB0CBA649C20C618FB6802F3E24D6D31651370E52B8A9872AEC290DD01323D49EDB3
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c......Y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):2278
                      Entropy (8bit):3.8434368545656334
                      Encrypted:false
                      SSDEEP:
                      MD5:77F5B0C8075D6C69184E911C54E2DD06
                      SHA1:3273F757CEEFAB6E36D14FE397A193C5B96E7A37
                      SHA-256:7263C78F8BF4D1AE421D1E33D08D82547CE7FF638F7DC88DC814F5F90160A6BF
                      SHA-512:63E917B3856368DD08F4C35772AC9D465AE16AB8C22E3DC664B32E7675FEC9C108A397D95AE04A5E3950D101B18BB0F85C7717ADD2BCB38C806F98DDD2FADB52
                      Malicious:false
                      Reputation:unknown
                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.D.G.Y.w.W.I.8.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Q.+.2.y.C.f.

                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):2684
                      Entropy (8bit):3.8963211209639232
                      Encrypted:false
                      SSDEEP:
                      MD5:46A459EBA353EA8480072A3B9549030C
                      SHA1:E996B1DC35B8585BEB9B76CAB03DC58FB9A1C21C
                      SHA-256:8DD235A7B3EE03FF17D57210065ACB66664438B5C5C3294B317B1A784EC29696
                      SHA-512:B0CF886577E1512A1A7C6D87ADAC360E27D6BC823A10AE1E8658D4841D3F67D90F84A95E3A9EF0EDF6233AE7AD9EF8FF1517C2C79AEFAC4915541E78EE11A6A8
                      Malicious:false
                      Reputation:unknown
                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".c.0.k.h.2.S.t.b.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Q.+.2.y.C.f.

                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):4542
                      Entropy (8bit):4.004199902083253
                      Encrypted:false
                      SSDEEP:
                      MD5:0477E4ABC40EA5BF211D6F29CCA42852
                      SHA1:C20788AA364085785AEEECA2E20CD8D6D51377E5
                      SHA-256:A4CBC37CB267E71AA3600EE752EACC336138D1C89E38539A561DEB9310CD6E2C
                      SHA-512:0C2988EDCF1396FF9B1E2DA37CEDADF8197E1AF3D08AEBA603F4BDF89E15DC9C139C3656217C523A61D05374F01763DC32E86FC41C27578676986F5217FC7544
                      Malicious:false
                      Reputation:unknown
                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".U.Z.1.n.p.1.o.8.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Q.+.2.y.C.f.

                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\Steamsolutions_Settlement_Agreement_52384746_22471_807886172 (002).pdf

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:PDF document, version 1.4, 1 pages
                      Category:dropped
                      Size (bytes):55187
                      Entropy (8bit):7.864863333486263
                      Encrypted:false
                      SSDEEP:
                      MD5:942000C943DEB0B0581FD8F17A9CF4F1
                      SHA1:007A3694F6638C239BC4D4CCEF115882C5CD41D7
                      SHA-256:5C0E3FE55A46B9971ED1D75A21E76FFDAAC03DBBC62A951F484B9F0F8393BE05
                      SHA-512:DED6D734B1530AE04F4A4AC35140B569274C0425ACEF4E29C12B96495158503EF4F047F9621DC59B77699063F5FC4A24E961CC916DB350671724288A0A732DB3
                      Malicious:false
                      Reputation:unknown
                      Preview:%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241121154024-05'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endobj.4 0 obj.[/Pattern /DeviceRGB].endobj.6 0 obj.<<./Type /XObject./Subtype /Image./Width 96./Height 96./BitsPerComponent 8./ColorSpace /DeviceGray./Length 7 0 R./Filter /FlateDecode.>>.stream.x...kH.A...5...L........OJT.0......23)$|..S{......A!.H. ..A...C|..&a.(..v............6..........q....-..?T.6.._.4...6....&p.|%.....e...|.....,...;.}.6c.....o2....}...o...\g..&.....\2Npu.d.....$....&...y>".\.>w.w..o.~.........]|.....o...g!...Y./uG....%..fZ...Q.s...vv......Y)x.DZ..a....\..L.....I....+kd....S..iE...A......R.T<...?4-..g.qE..:?..^..A..."...*..R....d...}....4..J..3I...]......}.x.K..r..=v4:.n....c..O...ufy.K.kp.....o..........Qn....)4t.,o..w'..6.`.x.8..z..>o..y....-&.b...g.....$..|.....U.b...Y.....}....H..

                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W4PB80TJ\Steamsolutions_Settlement_Agreement_52384746_22471_807886172 (002).pdf:Zone.Identifier

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with CRLF line terminators
                      Category:modified
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:
                      MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                      SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                      SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                      SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                      Malicious:false
                      Reputation:unknown
                      Preview:[ZoneTransfer]..ZoneId=3..

                      C:\Users\user\AppData\Local\Temp\MSIf0155.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.511036883392733
                      Encrypted:false
                      SSDEEP:
                      MD5:A376C2186BCA8791B5F1987C3F048872
                      SHA1:3B5A4EFC53BADA5A47CA61A1DB48C7E09044F8F9
                      SHA-256:356B0E1FADA039554AF341DCBD4EF2567282018DA82FF2DABC182E41658BEDF9
                      SHA-512:B5FDD1E7E5666153C832D7AC9AEC12AE3FFC9363B04D650E094A9A9DBB32B174907774ACDF5628A4E02377DCDE840868265E0FDC17811371BA8D0A6A8D9F466F
                      Malicious:false
                      Reputation:unknown
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.1./.1.1./.2.0.2.4. . .1.6.:.1.5.:.0.9. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-21 16-15-04-198.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.359827924713262
                      Encrypted:false
                      SSDEEP:
                      MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                      SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                      SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                      SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                      Malicious:false
                      Reputation:unknown
                      Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):35721
                      Entropy (8bit):5.418195212457877
                      Encrypted:false
                      SSDEEP:
                      MD5:DA4159697239D58D262E1BBB40D40991
                      SHA1:EF75D19E6EDC0D56936A6E7CD6F80965F493097E
                      SHA-256:E4D0F1C4239BB9DC9D204B3A94D3F98CE0507470E97D36640C575C91F41F3F53
                      SHA-512:E121164024B9FC39A97954F4ACD75406BDD805D87F8B05A1D442C7DE52228FE6B567A7BF280F786983FFD65EE5A4377DCF3E2CBBE8A7E745BD27E3610000EEE2
                      Malicious:false
                      Reputation:unknown
                      Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):30
                      Entropy (8bit):1.2389205950315936
                      Encrypted:false
                      SSDEEP:
                      MD5:49A534FA374FFAC67F7FD361A09B9B85
                      SHA1:6629FAF025192B5CFEA32921BA9A0DFF6D38B3FF
                      SHA-256:E08777FDBDF67818C6804B65DD43617526DE5D4DF22F23D3BF0BC45AABEB60A4
                      SHA-512:E963E4910F3B49F8F36E529175070400DCCD16DC1B11680CA35CA9F8DBBDA1488738F045C5AD80A2096D2FADA06389135098CC938A4ABF51AC5AB7AFA4E26DF3
                      Malicious:false
                      Reputation:unknown
                      Preview:....<.........................

                      C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:modified
                      Size (bytes):18
                      Entropy (8bit):2.725480556997868
                      Encrypted:false
                      SSDEEP:
                      MD5:A5E51FDFAF429614FB5218AB559D299A
                      SHA1:262EC76760BB9A83BCFF955C985E70820DF567AE
                      SHA-256:3E82E9F60CE38815C28B0E5323268BDA212A84C3A9C7ACCC731360F998DF0240
                      SHA-512:9B68F1C04BDE0024CECFC05A37932368CE2F09BD96C72AB0442E16C8CF5456ED9BB995901095AC1BBDF645255014A5E43AADEE475564F01CA6BE3889C96C29C9
                      Malicious:false
                      Reputation:unknown
                      Preview:..t.o.r.r.e.s.....

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 20:15:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.9990022275409136
                      Encrypted:false
                      SSDEEP:
                      MD5:52ACA3BBC00F1F318E7723F732F5BC51
                      SHA1:DA9B59369568A5FC5C65AC75EF1361C809B9BC40
                      SHA-256:6C10ECB91DC4C53C39B5A4DD65BF52354B6B67302AE5EC9412FF4D23ECB9A53A
                      SHA-512:20C9637EB9F831D5E3896F113656FC17FC2BCB38BF1E06F293547163B4047273D0F3CB0742D8CDB71723604F0BF8FB61DCBED8DE072BF1ECD2B1A1C3A6DBC147
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.......qZ<......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IuY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VuY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VuY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VuY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 20:15:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):4.013190191024234
                      Encrypted:false
                      SSDEEP:
                      MD5:F83535452A428F7DB976FFD8FB944351
                      SHA1:B9744EDB9BD90DD796C65816966BE4914132F24A
                      SHA-256:5EDA041FD31B00966857D8C625686C69FBF425737C99AFC7E8E419F6DBB506FA
                      SHA-512:F75C8E2FD12665DE12576DFE84504885797723074122E6B70FB9493308F0F244354CD378005F891B5DEB6C1E6818B2C887EFE27FD8A1CDB681089C11EC93392E
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....B..pZ<......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IuY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VuY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VuY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VuY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2693
                      Entropy (8bit):4.021154086070755
                      Encrypted:false
                      SSDEEP:
                      MD5:9CCA578040EE6D1D7A16D0B2218E880D
                      SHA1:2915FC9413204B7F9D20A81A366CF98B6A420861
                      SHA-256:497A36B1616D9C48EDE204FF1AE9C5C0D9209AAE5AF584394F4976E61EDB8E07
                      SHA-512:FB4CF533B30D224892A3A225BCAA88C0E6EB50ECE8AFBE764D75E7F9371DE43B4B08A2FD41134EC04666E67D2288D9A2D28AB7B86D7C92EC36E2A250EE98C4BD
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IuY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VuY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VuY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 20:15:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):4.011168867027063
                      Encrypted:false
                      SSDEEP:
                      MD5:8121DFBF95170AD97BE34B8F955ABD60
                      SHA1:6D9CAC8B24146041220950ED9CB73C314578F8B7
                      SHA-256:EE0E472396325219D8501C7D365EDED7915F8548372ECAF18CE5C7AE117BD5CD
                      SHA-512:0CB69795B94B0A52EBB55CB140B6018555F9699A5BDBAEA64D32BC172712C11018ED76C26EAA2054BF072165D7546AB4B3A0B966681F81E9AB5ACB747E7874EB
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....I.pZ<......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IuY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VuY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VuY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VuY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 20:15:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):4.003190068931476
                      Encrypted:false
                      SSDEEP:
                      MD5:39EA373787E4D668EA9C5106D5B8A190
                      SHA1:F4E2327123F21CEDE31010EE073727C93B0AE4BD
                      SHA-256:63AA33A14AB19126C7124EC703E2374C99EF68D815CB6C91DE5E4E602C6BFBA7
                      SHA-512:5395A47B75296D016026AC33F75265530D4348DDC4E0611145DEBC7B6FCEBC3BDAACE9383640D0A95780C5D082867F30E20E0DB5E68EE21E4CD487A63B611089
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.......qZ<......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IuY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VuY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VuY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VuY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 20:15:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2683
                      Entropy (8bit):4.007355443091001
                      Encrypted:false
                      SSDEEP:
                      MD5:547D8FF6C081F663866AEF7AF7075AF3
                      SHA1:C25554D9DC3CC0F25D4A1631D0D4AC105CA76C2F
                      SHA-256:3732F0691613F3A0E3A79648C00846033ADA2705C6B91338EDD47FD51002485C
                      SHA-512:17E73DF59BFE56CF639E6F82F6626F9E2E5D1E04C08916192AA07F63C78CF8E2375C176ACED23786CEAB91E0997ACFA8117C96ABE89C24EE2B4922B141E6188D
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....Kt.pZ<......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IuY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VuY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VuY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VuY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      Static File Info

                      General

                      File type:CDFV2 Microsoft Outlook Message
                      Entropy (8bit):5.768217504627908
                      TrID:
                      • Outlook Message (71009/1) 58.92%
                      • Outlook Form Template (41509/1) 34.44%
                      • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                      File name:FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg
                      File size:140'288 bytes
                      MD5:8501e1d0877f75ef0a815418413e97d0
                      SHA1:8733fb8fce8534202a4c11684e76c2d0c97b8c7b
                      SHA256:13f2ebe3d2863b0caa13ed16443a275a54ae2d796c5a151481ca886f0525382c
                      SHA512:6ceb3a65c8dd48288f97f7d58bc1ae2981299199a0b681c45180c85ef1a9eb3f8c567e1933759fb82c35bab566902c30728562d692a7fbf4d6c142af1abf6b06
                      SSDEEP:3072:K1oSq+XyF+tsSSSSSqSR++4mhMy/xJAhYWzFp:iq+XyF+OMhy
                      TLSH:75D3D92436E9061AF277CF758EE390AB9536FD929D109A4F3195334E0672940A863F3F
                      File Content Preview:........................>......................................................................................................................................................................................................................................

                      Static Mail

                      General

                      Subject:FW: Signature Required For Agreement with ID:41392PJBM8759674
                      From:Kathy Aymami <kaymami@steamsolutions.com>
                      To:Cameron Gambrell <cgambrell@steamsolutions.com>
                      Cc:
                      BCC:
                      Date:Thu, 21 Nov 2024 21:45:29 +0100
                      Communications:
                      • From: HR | APayable-FXYMVBUICDBCGEFSRQQDVKCEYOTKYTXJZXLUURIRSTKTYICYVN <bcitaliano@activ8.net.au> Sent: Thursday, November 21, 2024 2:40 PM To: Kathy Aymami <kaymami@steamsolutions.com> Subject: Signature Required For Agreement with ID:41392PJBM8759674 Importance: High CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
                      Attachments:
                      • Steamsolutions_Settlement_Agreement_52384746_22471_807886172.pdf

                      Headers

                      Key Value
                      Receivedfrom BY3PR15MB4801.namprd15.prod.outlook.com
                      2045:29 +0000
                      Authentication-Resultsdkim=none (message not signed)
                      by SA1PR15MB4449.namprd15.prod.outlook.com (260310b6:806:194::10) with
                      2024 2045:29 +0000
                      ([fe80:a595:5e4f:7e20:96c5%7]) with mapi id 15.20.8158.023; Thu, 21 Nov 2024
                      Content-Typeapplication/ms-tnef; name="winmail.dat"
                      Content-Transfer-Encodingbinary
                      FromKathy Aymami <kaymami@steamsolutions.com>
                      ToCameron Gambrell <cgambrell@steamsolutions.com>
                      SubjectFW: Signature Required For Agreement with ID:41392PJBM8759674
                      Thread-TopicSignature Required For Agreement with ID:41392PJBM8759674
                      Thread-IndexAQHbPFYvMaeFu9Kj+0qy+I1HL873S7LCM9Qg
                      Importancehigh
                      X-Priority1
                      DateThu, 21 Nov 2024 20:45:29 +0000
                      Message-ID<BY3PR15MB4801FABC4DE69E46312EAC3CCA222@BY3PR15MB4801.namprd15.prod.outlook.com>
                      References<173222162323.2276.15809695433929195725@activ8.net.au>
                      In-Reply-To<173222162323.2276.15809695433929195725@activ8.net.au>
                      Accept-Languageen-US
                      Content-Languageen-US
                      X-MS-Has-Attachyes
                      X-MS-Exchange-Organization-SCL1
                      X-MS-TNEF-Correlator<BY3PR15MB4801FABC4DE69E46312EAC3CCA222@BY3PR15MB4801.namprd15.prod.outlook.com>
                      MIME-Version1.0
                      X-MS-Exchange-Organization-MessageDirectionalityOriginating
                      X-MS-Exchange-Organization-AuthSourceBY3PR15MB4801.namprd15.prod.outlook.com
                      X-MS-Exchange-Organization-AuthAsInternal
                      X-MS-Exchange-Organization-AuthMechanism04
                      X-MS-Exchange-Organization-Network-Message-Id3a1e5c62-626c-4d02-6caa-08dd0a6d6f51
                      X-MS-PublicTrafficTypeEmail
                      X-MS-TrafficTypeDiagnosticBY3PR15MB4801:EE_|SA1PR15MB4449:EE_|MW4PR15MB4682:EE_
                      Return-Pathkaymami@steamsolutions.com
                      X-MS-Exchange-Organization-ExpirationStartTime21 Nov 2024 20:45:29.4924
                      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                      X-MS-Office365-Filtering-Correlation-Id3a1e5c62-626c-4d02-6caa-08dd0a6d6f51
                      X-MS-Exchange-Antispam-SubmissionContentTypeMail
                      X-MS-Exchange-Antispam-SubmissionContentSubTypeMsg
                      X-MS-Exchange-Antispam-SubmissionIdsd57f2a88-9591-49c2-541a-08dd0a6d7017
                      X-MS-Exchange-Antispam-FeedDropEnabledTrue
                      X-MS-Exchange-Antispam-FeedCategory7801
                      X-MS-Exchange-Antispam-FeedTypePHISH
                      X-Original-X-MS-Exchange-Antispam-FeedCategory7801
                      X-Original-X-MS-Exchange-Antispam-FeedTypePHISH
                      X-Original-X-MS-Exchange-Organization-Antispam-FeedCategory7801
                      X-Original-X-MS-Exchange-Organization-Antispam-FeedTypePHISH
                      X-MS-Exchange-Antispam-FeedbackProcessingScenarioENT
                      X-MS-Exchange-Antispam-SubmitterEmailkaymami@steamsolutions.com
                      X-MS-Exchange-Antispam-SubmitterOrganizationIdae77d94d-d50f-4ea7-877a-9ae2f36050b2
                      X-Microsoft-AntispamBCL:0;ARA:13230040|366016|8096899003|41050700001;
                      X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY3PR15MB4801.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(8096899003)(41050700001);DIR:INT;
                      X-MS-Exchange-CrossTenant-OriginalArrivalTime21 Nov 2024 20:45:29.1756
                      X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
                      X-MS-Exchange-CrossTenant-Idae77d94d-d50f-4ea7-877a-9ae2f36050b2
                      X-MS-Exchange-CrossTenant-AuthSourceBY3PR15MB4801.namprd15.prod.outlook.com
                      X-MS-Exchange-CrossTenant-AuthAsInternal
                      X-MS-Exchange-CrossTenant-Network-Message-Id3a1e5c62-626c-4d02-6caa-08dd0a6d6f51
                      X-MS-Exchange-CrossTenant-MailboxTypeHOSTED
                      X-MS-Exchange-CrossTenant-UserPrincipalName7557Ea25a9F6XqWn6VFU7XPhqelJ0rpA4SD53DPa2qbE+sESjaqwj+WRvXV5I/Sl1v4ab/jbrYEevMR1iCvrEtBANygl/Us/jLVRXtJH1+0=
                      X-MS-Exchange-Transport-CrossTenantHeadersStampedSA1PR15MB4449
                      X-MS-Exchange-Transport-EndToEndLatency00:00:02.5331466
                      X-MS-Exchange-Processed-By-BccFoldering15.20.8182.013
                      X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003)(1310096);
                      X-Microsoft-Antispam-Message-InfoJumV4N4jTZNwWyPRrV/Ruu8/8hYYfryOSOtfMMrBtZ4HOwhZWUhhfzBuXHK99pHy8usC8/bercBcKBaXkE2rUauV2Shh385N4EsG/jLAFNsyeh48vjfQUwzbwomIMMu9urjH/ZP63gZ/0Ir2pJNRg/H7hpVm5pMUH9fqYl+8ntaR14PgXoczUX0jbpKI0lTqgpaNTlBsg0y84uDVCqy0rAZBztrPbo8XmBQUX1eejlOkfqWtRcIA9AfwCYq92E+vT/fEtQ2P/CwG9l2HibjxYzDazHhNsLOD7AiEoRE7sf3nUYZI37lMVJZ6iDig4UxUHD8r++WucormTsDOoesre+/xcoqf4NfxVqfcOGtvjhSBH9jNeGntc91luMFwWyqv3we5mtbMYmx3S6q8EG+oon7ToJShUAvC896QzAx/Xps2o4LW9LpwnKMOz8Vhln2PAAboJffoeRPXlhUXr70OdL3zf89VSR3BJpyndiEtWOsNEgCYLNWmSprxqBBLU42I0zRN7FkRb6OkhaBxYP33K2WeQqVrovvYWuZ6THYUph7sFm2YRGodRtX8WhJ3nJ0IoH9eTjIZgAxYwMzzkl0P1oWDtnA8BeayiVrDZFYSq/DCzer2fI0Ei14aGmbbFdMGTAyxcKEqTvyJN35Yl4VSPVyblQmsowNZF+XexAAwipnSW5+/HNIm2s9pG41cmkVauetC0CsaNRhUEbxYFJrQPmFfUcnmQmtgy6xm8LyvBOZP39vqftNW8QGbp/ZgpOYotecN9wC9OiESfO0VCgca6Q==
                      dateThu, 21 Nov 2024 21:45:29 +0100

                      File Icon

                      Icon Hash:c4e1928eacb280a2