Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0.eml
Analysis ID:1567183
MD5:8a6617c720d0fcb92af9ec4df713cae2
SHA1:bcb885c916a6bed5fca3efd25dc5adaab4eca50c
SHA256:6b24e8181a27909f79d6120648b705af46dc7fdb39280c71260f0c2f02000801
Infos:

Detection

Score:25
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

AI detected potential phishing Email
Creates a process in suspended mode (likely to inject code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: File Download From Browser Process Via Inline URL
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6280 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3524 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "389F078F-BC2D-4E69-AF2C-BF18FF581EFE" "529CC3F4-883C-4F70-8513-5AA069569130" "6280" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 6460 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1LXR2A65\?????????.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6400 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6716 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1752 --field-trial-handle=1580,i,5165964902121869785,11513866164368758884,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • chrome.exe (PID: 7848 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitbucket.org/ziphose/obmen/downloads/Doc.7z MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 8032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2028,i,5383239194381992328,1699073893764032435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • OpenWith.exe (PID: 9152 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
    • 7z.exe (PID: 7448 cmdline: "C:\Program Files\7-Zip\7z.exe" "C:\Users\user\Downloads\Doc.7z" MD5: 9A1DD1D96481D61934DCC2D568971D06)
      • conhost.exe (PID: 7436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: File Download From Browser Process Via Inline URL
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitbucket.org/ziphose/obmen/downloads/Doc.7z, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitbucket.org/ziphose/obmen/downloads/Doc.7z, CommandLine|base64offset|contains: -j~b,, Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1LXR2A65\?????????.pdf", ParentImage: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe, ParentProcessId: 6460, ParentProcessName: Acrobat.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitbucket.org/ziphose/obmen/downloads/Doc.7z, ProcessId: 7848, ProcessName: chrome.exe
Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6280, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1LXR2A65\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6280, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49694, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 6280, Protocol: tcp, SourceIp: 52.113.195.132, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-03T08:59:39.215679+010020283713Unknown Traffic192.168.2.164969452.113.195.132443TCP
2024-12-03T08:59:39.215679+010020283713Unknown Traffic192.168.2.164969452.113.195.132443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: Email contains corrupted or deliberately obfuscated text using unusual spacing and characters. Empty subject line is suspicious and commonly used in phishing attempts. Attachment with generic PDF extension without proper name is a red flag
Source: EmailClassification: Credential Stealer
Source: unknownHTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49694 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.147.5:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.147.5:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 7MB later: 29MB
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49694 -> 52.113.195.132:443
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.5
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownHTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.16:49694 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.147.5:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.147.5:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: classification engineClassification label: sus25.winEML@39/52@10/196
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9152:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7436:120:WilError_03
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241203T0259330304-6280.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "389F078F-BC2D-4E69-AF2C-BF18FF581EFE" "529CC3F4-883C-4F70-8513-5AA069569130" "6280" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1LXR2A65\?????????.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1752 --field-trial-handle=1580,i,5165964902121869785,11513866164368758884,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitbucket.org/ziphose/obmen/downloads/Doc.7z
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "389F078F-BC2D-4E69-AF2C-BF18FF581EFE" "529CC3F4-883C-4F70-8513-5AA069569130" "6280" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2028,i,5383239194381992328,1699073893764032435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 74D0EF016B4079AB6EC88DADEE5B88C8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1LXR2A65\?????????.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitbucket.org/ziphose/obmen/downloads/Doc.7z
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1752 --field-trial-handle=1580,i,5165964902121869785,11513866164368758884,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=2028,i,5383239194381992328,1699073893764032435,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\7-Zip\7z.exe "C:\Program Files\7-Zip\7z.exe" "C:\Users\user\Downloads\Doc.7z"
Source: C:\Program Files\7-Zip\7z.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\7-Zip\7z.exe "C:\Program Files\7-Zip\7z.exe" "C:\Users\user\Downloads\Doc.7z"
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ninput.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: explorerframe.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: dataexchange.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: msftedit.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.globalization.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: globinputhost.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: structuredquery.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: atlthunk.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.fileexplorer.common.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.search.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: linkinfo.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntshrui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: cscapi.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: winmm.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: networkexplorer.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: ehstorshell.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: cscui.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: smartscreenps.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: shdocvw.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: mpr.dll
Source: C:\Windows\System32\OpenWith.exeSection loaded: sfc_os.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: C:\Windows\System32\OpenWith.exeFile opened: C:\Windows\system32\MsftEdit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe TID: 9156Thread sleep count: 37 > 30
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\7-Zip\7z.exe "C:\Program Files\7-Zip\7z.exe" "C:\Users\user\Downloads\Doc.7z"
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions		11
Process Injection		1
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Modify Registry		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		11
Process Injection		NTDS13
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s3-w.us-east-1.amazonaws.com
52.216.41.241
truefalse
    		high
    bg.microsoft.map.fastly.net
    		199.232.210.172
    		truefalse
      		high
      s-0005.s-dc-msedge.net
      		52.113.195.132
      		truefalse
        		high
        www.google.com
        		142.250.181.100
        		truefalse
          		high
          bbuseruploads.s3.amazonaws.com
          		unknown
          		unknownfalse
            		high
            x1.i.lencr.org
            		unknown
            		unknownfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              172.217.19.206
              		unknownUnited States
              		15169GOOGLEUSfalse
              172.217.19.227
              		unknownUnited States
              		15169GOOGLEUSfalse
              1.1.1.1
              		unknownAustralia
              		13335CLOUDFLARENETUSfalse
              172.217.17.46
              		unknownUnited States
              		15169GOOGLEUSfalse
              172.217.17.35
              		unknownUnited States
              		15169GOOGLEUSfalse
              52.109.89.119
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              142.250.181.100
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              52.22.41.97
              		unknownUnited States
              		14618AMAZON-AESUSfalse
              23.47.168.24
              		unknownUnited States
              		16625AKAMAI-ASUSfalse
              162.159.61.3
              		unknownUnited States
              		13335CLOUDFLARENETUSfalse
              74.125.205.84
              		unknownUnited States
              		15169GOOGLEUSfalse
              52.113.195.132
              		s-0005.s-dc-msedge.netUnited States
              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              104.208.16.91
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              185.166.143.48
              		unknownGermany
              		16509AMAZON-02USfalse
              23.218.208.137
              		unknownUnited States
              		6453AS6453USfalse
              52.109.32.97
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              52.216.41.241
              		s3-w.us-east-1.amazonaws.comUnited States
              		16509AMAZON-02USfalse
              2.19.198.56
              		unknownEuropean Union
              		16625AKAMAI-ASUSfalse
              23.195.39.65
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              199.232.210.172
              		bg.microsoft.map.fastly.netUnited States
              		54113FASTLYUSfalse
              52.109.76.243
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

              Private

              IP
              192.168.2.16

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1567183
              Start date and time:2024-12-03 08:59:03 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:28
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Analysis stop reason:Timeout
              Sample name:phish_alert_sp2_2.0.0.0.eml
              Detection:SUS
              Classification:sus25.winEML@39/52@10/196
              Cookbook Comments:
              • Found application associated with file extension: .eml

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe
              • Excluded IPs from analysis (whitelisted): 52.109.32.97
              • Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, europe.configsvc1.live.com.akadns.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtEnumerateKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryAttributesFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Report size getting too big, too many NtSetValueKey calls found.
              • VT rate limit hit for: phish_alert_sp2_2.0.0.0.eml

              Created / dropped Files

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):290
              Entropy (8bit):5.175566688276612
              Encrypted:false
              SSDEEP:
              MD5:693ABFC31B59859BC2472E7EB3D1E34C
              SHA1:C5F896852E6D9A64CF32BEB9F0C14633A4C6253C
              SHA-256:A3101E8219DE9D65713AE1E90272C5BC3E8822681F28A8F25D259E8BAB9A555A
              SHA-512:8BFD5AE7F2BBEB8CE1A126B5A6450917A42CC45C4C5B52A62568512A6488829300C1F2767419699E2BEFD129786417DE68DC2694E9C5B53C068488D87FD4DF8D
              Malicious:false
              Reputation:unknown
              Preview:2024/12/03-02:59:42.288 19fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/03-02:59:42.290 19fc Recovering log #3.2024/12/03-02:59:42.290 19fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):334
              Entropy (8bit):5.170044769303561
              Encrypted:false
              SSDEEP:
              MD5:1245AF9B9F99B29A6C07A6A4D5CA1A0C
              SHA1:2144B04BC7B29B214957C8E8F9888D45D9570251
              SHA-256:3AC5313317D23CAB92D623E5A1A4A42B04E50D664F39BCAE554A63B78CAD798F
              SHA-512:429567CECDAE8728500032EE485538D9B1066061A654A3B42A73119665C3B416A94D17A5C9BFBB96ABA4B517E43DBF16604ABDA50E15D3A440678D5C41B5F111
              Malicious:false
              Reputation:unknown
              Preview:2024/12/03-02:59:42.167 1a6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/03-02:59:42.170 1a6c Recovering log #3.2024/12/03-02:59:42.170 1a6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\855a7b83-e6d0-459b-89e2-2cf629c10d95.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):403
              Entropy (8bit):4.9759518177273945
              Encrypted:false
              SSDEEP:
              MD5:61D6D2E11FE683B922289ADAE86DE801
              SHA1:F1950BEC6F60DD6014345CACDE2A0284B8E82BA4
              SHA-256:03E8D3C72826AF328B0E6E8947FBFFB2D5B408C7D914EEEA106B9468E8C84C0C
              SHA-512:687A8BFB200F38BDFDEE0D08B03992F9D3399E16838D496706DF8E0D8AEFC32D626140960E4C56C83F4D2E91BCBC25541FA6A5CF30BD6ABDDBFA9AE5DF2EF815
              Malicious:false
              Reputation:unknown
              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377772793992576","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":632911},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:61D6D2E11FE683B922289ADAE86DE801
              SHA1:F1950BEC6F60DD6014345CACDE2A0284B8E82BA4
              SHA-256:03E8D3C72826AF328B0E6E8947FBFFB2D5B408C7D914EEEA106B9468E8C84C0C
              SHA-512:687A8BFB200F38BDFDEE0D08B03992F9D3399E16838D496706DF8E0D8AEFC32D626140960E4C56C83F4D2E91BCBC25541FA6A5CF30BD6ABDDBFA9AE5DF2EF815
              Malicious:false
              Reputation:unknown
              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377772793992576","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":632911},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):4509
              Entropy (8bit):5.235094702720616
              Encrypted:false
              SSDEEP:
              MD5:1E27DFEBDE95958BC11C380876152A6D
              SHA1:AD04AE028506016E9F690EF4398D74897DA28079
              SHA-256:145BB2C17810B4C553DDE2DD66C33542C16C89F17F4B67066AAA0B147181795C
              SHA-512:13F21B5F204A2B733A9613893EB1567BAF662C2653335CB08A34585A9441E15B15D5A3755A5C6B7D0FFCBE53B3098CC156D9EEBAF719F59BB6AEAC74BEBF877B
              Malicious:false
              Reputation:unknown
              Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):322
              Entropy (8bit):5.168763688570648
              Encrypted:false
              SSDEEP:
              MD5:AF7336AABA93FEAC5157CC7BC9DFC022
              SHA1:10F2824FCD3673690B5656B2FF5ED22416F38886
              SHA-256:7B980A0EB4934FC2836AF5FA54045F0C6F0092AC345C6F2DD4B3F6691421E9D1
              SHA-512:D014045BE90A1E3219EF3B607010E8069E576541E26C8E680B084C321C9A162B7AC57B6F274FCC89674E8BFDA8B4E60EFB13BB8645EF04E5C8D84BDDD7D2830D
              Malicious:false
              Reputation:unknown
              Preview:2024/12/03-02:59:42.360 1a6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/03-02:59:42.362 1a6c Recovering log #3.2024/12/03-02:59:42.364 1a6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241203075945Z-165.bmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
              Category:dropped
              Size (bytes):71190
              Entropy (8bit):0.2324748341558125
              Encrypted:false
              SSDEEP:
              MD5:96662E1621B28FC91BB704A95F518D1D
              SHA1:0644B8EA960BD7ABBFB2D1BC3148A435205E2F88
              SHA-256:30BA926E11DC494B15ABE66B3694FA5CF95F174308A2A0342807B4F3A65D02FD
              SHA-512:C2EE96D9785E05DA6811ADB56847357291BF47B8C8F303E1AA6F661CECA1260B35779540636C9276E6DB125CA4D26DB457856A6E376332D72EBEBCB0A1580384
              Malicious:false
              Reputation:unknown
              Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
              Category:dropped
              Size (bytes):57344
              Entropy (8bit):3.291927920232006
              Encrypted:false
              SSDEEP:
              MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
              SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
              SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
              SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):16928
              Entropy (8bit):1.214485795042941
              Encrypted:false
              SSDEEP:
              MD5:1B345E64974032DBB933E141354208E5
              SHA1:39CFF652F5C8A9180B4777AA429D56CBB5A58572
              SHA-256:0E714D45AA9BC6252F4A1509FAB003B81AACA660CCDF38EDD3F7C458E7104D29
              SHA-512:B3F58A54D1303D988D3D20328D27D011B375AD03EFE727A0C76A8ED989555BDFFE53173D89273D89AD08150C08777DDCD43B8197E45AE96BF9B716210F6F7058
              Malicious:false
              Reputation:unknown
              Preview:.... .c.......Y.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Certificate, Version=3
              Category:dropped
              Size (bytes):1391
              Entropy (8bit):7.705940075877404
              Encrypted:false
              SSDEEP:
              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
              Malicious:false
              Reputation:unknown
              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
              Category:dropped
              Size (bytes):71954
              Entropy (8bit):7.996617769952133
              Encrypted:true
              SSDEEP:
              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
              Malicious:false
              Reputation:unknown
              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):192
              Entropy (8bit):2.756901573172974
              Encrypted:false
              SSDEEP:
              MD5:3A3A646C20A48504FA411670F07D8BEC
              SHA1:41B65A7E595482250E3CD33052F9A192804825F4
              SHA-256:F2A258CD0369A3EB21608D09FBD757C79F4EE05B96D7D80F68BFA68C858E3AD8
              SHA-512:4E4D60C544D2FFC9E83B835D3AF5B785FAA1021C7AE473AE1CFF781CD81DBCBA5604E4CDE8659DF50B115A3C4F8F4CA70DA46E04E1BBBC7A508B0C85F2D44432
              Malicious:false
              Reputation:unknown
              Preview:p...... ..........WYE..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:modified
              Size (bytes):338
              Entropy (8bit):3.4682509493906966
              Encrypted:false
              SSDEEP:
              MD5:846A613733DD80FDC4287AD104E757EA
              SHA1:5F87C858D4415F92408788AB965168ACFCFE4792
              SHA-256:20CD662A9427E5CB673EF2685344922D586654B015E19848BE49CAF81A5A2021
              SHA-512:A62317331913C571A94F1CC5F07132D447122CCAD7480E48B9BF171FF9035265A50B3576DD34E669B73618DEC5A10538A341B4D2D747928B1BAE273CA43F8F51
              Malicious:false
              Reputation:unknown
              Preview:p...... ........kc.NYE..(..................................................^SZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:modified
              Size (bytes):328
              Entropy (8bit):3.234088949531399
              Encrypted:false
              SSDEEP:
              MD5:8F18A07C2315160BAAC8C1440DC93ECD
              SHA1:7063E9CFCFDD4CCC07C335276C8CA8C328705585
              SHA-256:DACE88996EB45442B07D815D1C3BA9764DC563BDE525F7D98BB55ED394F7716C
              SHA-512:C2DA6F185C9CF8C4F6CF2F001D9F70EAF668EA60B0E93A78AD6F6C7C42749F8EFF3F0C8FE58AD87CFD2C3DEDA73B6E9B693EDF6BFF4F30EB534CA72D565AB94E
              Malicious:false
              Reputation:unknown
              Preview:p...... ........Ea.jYE..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PostScript document text
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:8BA9D8BEBA42C23A5DB405994B54903F
              SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
              SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
              SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
              Malicious:false
              Reputation:unknown
              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6556

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PostScript document text
              Category:dropped
              Size (bytes):1233
              Entropy (8bit):5.233980037532449
              Encrypted:false
              SSDEEP:
              MD5:8BA9D8BEBA42C23A5DB405994B54903F
              SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
              SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
              SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
              Malicious:false
              Reputation:unknown
              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PostScript document text
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:8BA9D8BEBA42C23A5DB405994B54903F
              SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
              SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
              SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
              Malicious:false
              Reputation:unknown
              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PostScript document text
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:B60EE534029885BD6DECA42D1263BDC0
              SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
              SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
              SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
              Malicious:false
              Reputation:unknown
              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6556

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PostScript document text
              Category:dropped
              Size (bytes):10880
              Entropy (8bit):5.214360287289079
              Encrypted:false
              SSDEEP:
              MD5:B60EE534029885BD6DECA42D1263BDC0
              SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
              SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
              SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
              Malicious:false
              Reputation:unknown
              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):227002
              Entropy (8bit):3.392780893644728
              Encrypted:false
              SSDEEP:
              MD5:265E3E1166312A864FB63291EA661C6A
              SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
              SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
              SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
              Malicious:false
              Reputation:unknown
              Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):4
              Entropy (8bit):0.8112781244591328
              Encrypted:false
              SSDEEP:
              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
              Malicious:false
              Reputation:unknown
              Preview:....

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2145
              Entropy (8bit):5.082666519159163
              Encrypted:false
              SSDEEP:
              MD5:F7DDA6A89B33C5A244F16C2AE5D5AD08
              SHA1:6D67C5D475CA9663D263284DE0295BBA751AEDA7
              SHA-256:EE6ABCB60F2D8F765041E6909F88DF61C3DF4D00E65CB5974C4EC8264394521C
              SHA-512:75DC32EB2DB75ACF08772A9DD3123AFC38A48A992E6D43B06FEE84041E13CA64DD4B5C7E71C52BC09ED21FED83B78D863185122BF4F487208BE5A45273036EBF
              Malicious:false
              Reputation:unknown
              Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1733212784000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f44756c6e08822e64c0e471a2499e34d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696585148000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e8f53b6740aba22a83a1a569cebedbcc","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585148000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"cc1faa6a0c714f2f0c497731f1772fa2","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696585143000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ab062dea95f25ef019cc2f5f5f0121d4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696583346000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"65580efad4bc88b91040ff50d71bfae9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696583346000},{"id":"DC_Reader_Edit_LHP_Banner"

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
              Category:dropped
              Size (bytes):12288
              Entropy (8bit):0.986722112116702
              Encrypted:false
              SSDEEP:
              MD5:922CBD303BF956D743731AE1191CC8EC
              SHA1:E8AB92CF91EE3CC877970FD6BAE24C12DD497EDC
              SHA-256:D5F1F44B263AC01D0542FC55D2071F04EBD3FDD501A7F82AA0B9E1BD75285FE1
              SHA-512:77FC835815861E95D6DC08D10E2E3EDFAA4886164CB36DB15243EBB2852143DF13B489EE1AF30D5B5EE7D006BCDB73F780C427FAB4858B4E2F3383C19B5DE24C
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):1.3441799960545944
              Encrypted:false
              SSDEEP:
              MD5:04ABCA40FD16616DBA70E2C4BBC23265
              SHA1:D2BE672CB45F4305CC82E2A9C25F6E114F922F2A
              SHA-256:657353D1609D9B32EEF932CF99C3E785E528DA34243B106F7F41BFBA80555EC7
              SHA-512:BE6B8949E4B0D1EBE5591290D2B0F0CDFAFB95EA78F913441773D85AB3B1441F46E3F5A6A643732B38EAD13ABD07A0417FC8237AEF3952316B7008F49AD7997C
              Malicious:false
              Reputation:unknown
              Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):66726
              Entropy (8bit):5.392739213842091
              Encrypted:false
              SSDEEP:
              MD5:A128F723B0F98C88EE7E3857BFFCDF72
              SHA1:2E1C2FA93CF682DB5C6EBB98A98BACC6833BA4A3
              SHA-256:75B8ADCE16DA3FCE7C3D07FD8DCB4D31708726EB8BA46A8788011187A789A626
              SHA-512:86A0FC74BED1383DAA783C427AF694B77AB1B29D5B9E8D4C63ECA251E327126CC5AE7AF5C6EC4BEF01DFBC82A561B58A91617941615865DFB15E28F7D0CB1244
              Malicious:false
              Reputation:unknown
              Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):231348
              Entropy (8bit):4.394662958771322
              Encrypted:false
              SSDEEP:
              MD5:799FE43C06C69EFA936D0EBEC65B94AA
              SHA1:3560F9EC9B44B7B8BD73B3AD1AF05B6976EF7BBC
              SHA-256:83B646860AE082A7BCBB99C8E3DF8509A307240EFB8922AB24BEC2638FAB31CD
              SHA-512:EA99ECC468C517324267BDBE619C9C7A6938EE928E5CF0217676A390DA99E7D3A5A973B17F9FEBFF0A4785D69BFE9F6C407B1070C58AA2D635EC3F45A67B8C05
              Malicious:false
              Reputation:unknown
              Preview:TH02...... ....AYE......SM01X...,...0..AYE..........IPM.Activity...........h...............h............H..h........F&6....h........`./.H..h\cal ...pDat...hh.0.0..........h.<y.../........h........_`Qk...h.>y.@...I.lw...h....H...8.Vk...0....T...............d.........2h...............k."............!h.............. h..............#h....8.........$h`./.....8....."h./......./...'h..Y...........1h.<y.<.........0h....4....Vk../h....h.....VkH..h`./.p.........-h .......<.....+hV<y......................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with very long lines (65536), with no line terminators
              Category:dropped
              Size (bytes):322260
              Entropy (8bit):4.000299760592446
              Encrypted:false
              SSDEEP:
              MD5:CC90D669144261B198DEAD45AA266572
              SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
              SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
              SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
              Malicious:false
              Reputation:unknown
              Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):10
              Entropy (8bit):2.5219280948873624
              Encrypted:false
              SSDEEP:
              MD5:6C503EBA2E2B6E0F970E33A1064346D7
              SHA1:ED9A14FAA2D8DBADB8A3DAC9CAB9BA852766ED57
              SHA-256:8CCD5C5D75A9085517B12A4C0BC2BD3C045C692BAD16859188C7C8CE1ED4B0BF
              SHA-512:1D413AA7CBCE91B780EEA79608BBF2B90561A39446EE6F02EF8FC0D3E8033491E5A9CBDFF512F0A8E132959CD20B326E1CC135721D830261A773501C38559FB4
              Malicious:false
              Reputation:unknown
              Preview:1733212780

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6FFDAB97-E50E-4534-B6F8-B06018501FCC

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):181859
              Entropy (8bit):5.295324302100923
              Encrypted:false
              SSDEEP:
              MD5:EE203E7E2B551AB7814F0E28ECB0B2C3
              SHA1:0E357F66396799A2A201745EE482DBB3D785D603
              SHA-256:F4CA99766D7160173BD20CD6226B49F6D067BC9205CE4BDFAF269A98E19BC484
              SHA-512:E28DF4A23821BAA1A4662C03A9B8BDB3CD6E381B124DAFC313DFD16139D10787D1A2B3510804A5D88FAE6818EE0EFC1AC7FE5DF1D655F9AC5956BEC1677013AD
              Malicious:false
              Reputation:unknown
              Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-12-03T07:59:36">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):2278
              Entropy (8bit):3.8548730369480126
              Encrypted:false
              SSDEEP:
              MD5:180DDB98178D21D4A41F41FB5E3F0EA1
              SHA1:9E4BEAE442120E603B24881E704503248E763A82
              SHA-256:F3BDD1069F7375DA3781EE5FED7EA7B3689F8EB46F36CF8CDA3D14B77802B339
              SHA-512:B5E2C6D1496E7215830423FE58FD684AF1CBD23562B3E4CE35CD7B0A435C9367B2073CD54B37691DF5ED66376FF8DB799F311D08A170EBC8FA5CA490CE63CDE4
              Malicious:false
              Reputation:unknown
              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.K.L.x.r.W.F.F.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.e./.X.Z.h.B.

              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:modified
              Size (bytes):2684
              Entropy (8bit):3.91274617359307
              Encrypted:false
              SSDEEP:
              MD5:98BD79ED4F04C329A2D7A38D378C24D8
              SHA1:236800F16E540E27AFCDF9418D497424C4823D26
              SHA-256:7E08C51E47CE258E0C80899F023482ADC3127C6584801C5C8D4893B13CAC0A7B
              SHA-512:757346A579DE420FB98CA88059CF39F4F31EB7B999743240846B1467B306499B02553AA611E6722FFB6B552F41F11FAF5F5C02E53947402B71E6F081924982B3
              Malicious:false
              Reputation:unknown
              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".I.D.h.D.x.S.p.k.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.e./.X.Z.h.B.

              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):4542
              Entropy (8bit):3.989534446085521
              Encrypted:false
              SSDEEP:
              MD5:D73F09F5F8E6F6EBCE1AE1F81815CEAD
              SHA1:204E094DED28CA1DB93AA6084DCAB58B195101DA
              SHA-256:DAC57623DEAF3A4D4E8CDD6B3F8C38D68AD22412F69DD95F84FD8203F773BCAC
              SHA-512:1F4A12BBF562915FD360DD297708CA9B1A644AB9A39FCC6F213E267176E38FAF9D242987E8A5B90E5EE0D62943B14D3921117CA6167308E278AD0AA5A1BE7EA6
              Malicious:false
              Reputation:unknown
              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.1.3.K.k.1.l.F.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.e./.X.Z.h.B.

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1LXR2A65\????????? (002).pdf:Zone.Identifier

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:
              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
              Malicious:false
              Reputation:unknown
              Preview:[ZoneTransfer]..ZoneId=3..

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1LXR2A65\?????????.pdf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:PDF document, version 1.7, 1 pages
              Category:dropped
              Size (bytes):94074
              Entropy (8bit):7.921184927978686
              Encrypted:false
              SSDEEP:
              MD5:CB5CC5179B056A147619814321460860
              SHA1:6FED9ABB4842109795C59EF0E2436760C8F81D8D
              SHA-256:0BEA1751A1A39E5FF70992CC06A678156056A5AC30A3514BE8C37DE3A665DEA0
              SHA-512:35F4A97A5DCFB1B9F8F756750096E3536ABA24446273F24B43DDA3549C715B4A2B8C732883E94A5C5D9AEB09B51CDCEDB7EB790BC1D87652D7BC6B9E2D75C27E
              Malicious:false
              Reputation:unknown
              Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(ru) /StructTreeRoot 24 0 R/MarkInfo<</Marked true>>/Metadata 49 0 R/ViewerPreferences 50 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</XObject<</Image5 5 0 R>>/ExtGState<</GS6 6 0 R/GS9 9 0 R>>/Font<</F1 7 0 R/F2 10 0 R/F3 12 0 R/F4 18 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 17 0 R] /MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 476>>..stream..x..T.k.0..7....`Yw....;..+tM....BIL..nY...$kmZ....H....O....54My.]. ..Y.A.X......<C.B.E..H.`..7y...vy..._6...=.Yy...7..G..g0.............6..vy.JsE)dxj$.lx.5...8...(...!F....$.V.B..AH.9x...i$,........<.s...(A..,nn.....f..D/...Q..D..D.......1o.5...+...d.W.XZ_%...".....3.k2...]....c6.Q..cV.l.Xo..g...R.]...}.Kj..PM.P.Gd]..PA..f=.]..C.n..:.s......#..=d(`.!..#....Bbm@..9.......o~.5.

              C:\Users\user\AppData\Local\Temp\MSIfc49c.LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):246
              Entropy (8bit):3.529459928009153
              Encrypted:false
              SSDEEP:
              MD5:38F04A5F1359176ADC07A3C3B152D446
              SHA1:A27AB6127C59DBDC5EC270832F5B4F97047CDB24
              SHA-256:4764FA7A978D440BB83E6C5BD20E49197727E0AF03D8962877CE02CE8C266B30
              SHA-512:DD91D9AEED39F16037B4539A3C95ABC5983F2B3D159D499095C4089CCFF859FDC7C4E4A975B07841D72ECB64B6B6A557940AD2EB679632AA268168557253950E
              Malicious:false
              Reputation:unknown
              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.1.2./.2.0.2.4. . .0.2.:.5.9.:.4.9. .=.=.=.....

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91ebc4yf_1qep3s5_524.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PDF document, version 1.6, 0 pages
              Category:dropped
              Size (bytes):358
              Entropy (8bit):5.047159713160517
              Encrypted:false
              SSDEEP:
              MD5:4D05649D63A44C9591CF5C5036214413
              SHA1:C26BEA4AF0A0A1F3CF66993E91FF2697E42D369E
              SHA-256:7BC84AC631EA2BB8127D30798B0B0B40885D72AD588BF2B27D42C56A4DB85F9F
              SHA-512:6C62F53CED085CC2C6AC618ED35DE7248818456AABEF07D0AE7F81B4677ED73559855741996AFFD79665ECE98D53B8D05FC4095D652FF99DBB253B4665B618CF
              Malicious:false
              Reputation:unknown
              Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<008F36C85F29C14E96F648F86ADB1F99><008F36C85F29C14E96F648F86ADB1F99>]>>..startxref..127..%%EOF..

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-03 02-59-43-696.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393)
              Category:dropped
              Size (bytes):16525
              Entropy (8bit):5.353642815103214
              Encrypted:false
              SSDEEP:
              MD5:91F06491552FC977E9E8AF47786EE7C1
              SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
              SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
              SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
              Malicious:false
              Reputation:unknown
              Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393), with CRLF line terminators
              Category:dropped
              Size (bytes):16603
              Entropy (8bit):5.340971117029323
              Encrypted:false
              SSDEEP:
              MD5:29080919652F8876326D31305F8A684C
              SHA1:C255036C8BD214538C64726ED3DD5D255301551B
              SHA-256:94FD82E0A6B117D86133DD24246131FD56D10451B2B66C3C6CF99420538EE188
              SHA-512:0C58BA290EE9ADD8EDED4F68AC0E108ADE8E6886F97854984226036A840C6C88D1324D74B7BD9410CD19A0D158E404C1053C792633A0ADE6EB22E2E33935C5FC
              Malicious:false
              Reputation:unknown
              Preview:SessionID=1a9cdc14-100b-4c2d-a579-be2764f03dce.1733212783714 Timestamp=2024-12-03T02:59:43:714-0500 ThreadID=7272 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=1a9cdc14-100b-4c2d-a579-be2764f03dce.1733212783714 Timestamp=2024-12-03T02:59:43:716-0500 ThreadID=7272 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=1a9cdc14-100b-4c2d-a579-be2764f03dce.1733212783714 Timestamp=2024-12-03T02:59:43:716-0500 ThreadID=7272 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=1a9cdc14-100b-4c2d-a579-be2764f03dce.1733212783714 Timestamp=2024-12-03T02:59:43:716-0500 ThreadID=7272 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=1a9cdc14-100b-4c2d-a579-be2764f03dce.1733212783714 Timestamp=2024-12-03T02:59:43:717-0500 ThreadID=7272 Component=ngl-lib_NglAppLib Description="SetConf

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):29845
              Entropy (8bit):5.421035647283983
              Encrypted:false
              SSDEEP:
              MD5:978CA6B54B82BE9AB8451455A06F616C
              SHA1:84ABA8541ADC4E79A8437A33BB9220E82251A62D
              SHA-256:2F1CC80CE01CE7FF897F64F7BB67A42D83A3FDA53C9E01BC02DADE8A2AF79EAB
              SHA-512:E70911C6CA6E60768FC17D90F258E3824D1B73089BBA0164E540147004CF6A9ED453ACD35899B66DA3EC2F2C9FC1A2A33E06894BCD8B59787BB1C0FF15E3F90F
              Malicious:false
              Reputation:unknown
              Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

              C:\Users\user\AppData\Local\Temp\acrocef_low\0008d6d5-40e0-43eb-b597-b08217bc739c.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
              Category:dropped
              Size (bytes):1407294
              Entropy (8bit):7.97605879016224
              Encrypted:false
              SSDEEP:
              MD5:22B260CB8C51C0D68C6550E4B061E25A
              SHA1:DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
              SHA-256:DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
              SHA-512:503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
              Malicious:false
              Reputation:unknown
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              C:\Users\user\AppData\Local\Temp\acrocef_low\02416c42-2524-4ad9-9706-7a828149815f.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
              Category:dropped
              Size (bytes):758601
              Entropy (8bit):7.98639316555857
              Encrypted:false
              SSDEEP:
              MD5:3A49135134665364308390AC398006F1
              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
              Malicious:false
              Reputation:unknown
              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

              C:\Users\user\AppData\Local\Temp\acrocef_low\78f03d36-d485-4488-aa76-31449e431e90.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
              Category:dropped
              Size (bytes):1419751
              Entropy (8bit):7.976496077007677
              Encrypted:false
              SSDEEP:
              MD5:0A347312E361322436D1AF1D5145D2AB
              SHA1:1D6C06A274705F8A295F62AD90CF8CA27555C226
              SHA-256:094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
              SHA-512:9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE
              Malicious:false
              Reputation:unknown
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              C:\Users\user\AppData\Local\Temp\acrocef_low\874a211f-7207-40af-956c-ad1393977dc2.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
              Category:dropped
              Size (bytes):386528
              Entropy (8bit):7.9736851559892425
              Encrypted:false
              SSDEEP:
              MD5:5C48B0AD2FEF800949466AE872E1F1E2
              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
              Malicious:false
              Reputation:unknown
              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

              C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):36
              Entropy (8bit):4.294653473544341
              Encrypted:false
              SSDEEP:
              MD5:5C6B932A79952B4B27833691305E61DB
              SHA1:09804DB0986A989C2C49CDCEA563567FB4C7B1A0
              SHA-256:DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A
              SHA-512:4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059
              Malicious:false
              Reputation:unknown
              Preview:%PDFTrustManagerDocsData 1.0........

              C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):54
              Entropy (8bit):3.7119196645733785
              Encrypted:false
              SSDEEP:
              MD5:6A614A7743B0C781AAECA60448E861D6
              SHA1:67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D
              SHA-256:9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146
              SHA-512:3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6
              Malicious:false
              Reputation:unknown
              Preview:%PDFTrustManagerGroupPerms 1.0........................

              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):30
              Entropy (8bit):1.2389205950315936
              Encrypted:false
              SSDEEP:
              MD5:03404653EF5DF793AAB52A68D10A0314
              SHA1:B6C032B05BE4A228B95029F5D907FC444352DF63
              SHA-256:AA6B7E4CE3EBA76F1074232FA2075474496221D65462006832BDAE4231844605
              SHA-512:D9694AD0E62278123AED2613B8B1DA05818B473A2063AD1087D24362CFEDE3E9A76F1572C64CB72C11483748EBE87D3820BEECB483A7D6583F0D53618143E7B1
              Malicious:false
              Reputation:unknown
              Preview:..............................

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 3 06:59:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2673
              Entropy (8bit):3.9821089770528117
              Encrypted:false
              SSDEEP:
              MD5:25353CD7FE4A4618A4B175255DAD2BE9
              SHA1:941B797C3D056559503757AF3827F9BAF185A44D
              SHA-256:DDF8AC90508F966F4942052E298CB740A650F725705B37404A0C2FB4398F2C6D
              SHA-512:AA8A21808FBA76C990D492D9D137D3A84D8A94A0B16E9119D8C37FF3490BC576E59C26669582C19758365AA7D3071138F9F90D4588903D87BC4239268F756879
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,......SYE..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yh?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yx?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yx?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yx?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yy?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H).W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 3 06:59:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2675
              Entropy (8bit):3.9972650947340824
              Encrypted:false
              SSDEEP:
              MD5:EE4520A5EEC0BEB459DB2BE771FBB01C
              SHA1:3A64EBD89599C8DAF7E692FF535E1A1E9F97A37D
              SHA-256:8CC1555F00026157AB275B91924466A0BEA10B548E5C302A88EC3746859D0C06
              SHA-512:0D8F78312BBF175A84FDF1FC027ADFEB1A78C6D345BBF769160FEC8916AE8F62496A01DB19E5EA391F26B70F1FFD3C3A2825A58252ECC1FF7EB928DB63CF4047
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....>..SYE..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yh?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yx?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yx?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yx?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yy?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H).W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2689
              Entropy (8bit):4.005390871090963
              Encrypted:false
              SSDEEP:
              MD5:A51FBF527EB50FCCDA9A1E516A381B66
              SHA1:F8D2AFF52AF0DD516CB857CE47752A4582EFFB58
              SHA-256:5D139494EEA1A815367E24732635618ABF4D113644EE51DCD94A85FFB62B23C5
              SHA-512:E48F0EAFFC576D86666B0A689B42A8ED09F026E94A1E9E34B363CB8E94296FC23877B1C1729BD1AEF8D3554E1FEBFAB46A650D1E19E722661D3D6AC2B3D15A56
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yh?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yx?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yx?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yx?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H).W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 3 06:59:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.992997733482174
              Encrypted:false
              SSDEEP:
              MD5:D5A274C866265B3690CC6F07DA8CCB34
              SHA1:F6BAD4666BCD56A2C1422BAD2C9B9037EF279210
              SHA-256:1E991D0A0D509EADAB80E68032A3B93ABFADDB73A6DAC0BBAF9B8D98D987F022
              SHA-512:8F3EE8AD7707166305619916DD7E7DBE0C057E521E5A88E584D20F9B93F24CD34367CD535B07FAB13660617D275020C9C99D5AEBC8A5F1CF39377469BAAC2758
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....b..SYE..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yh?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yx?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yx?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yx?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yy?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H).W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 3 06:59:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9853018682454278
              Encrypted:false
              SSDEEP:
              MD5:55582C7A2490A041FA64654ED278AF39
              SHA1:A41F252B720074F908E4B37B0C7E865A2A75A82D
              SHA-256:C58E8926450F7A8D7BA6A6C12696622E2050BE99F2E99290D608B2693D763FAB
              SHA-512:471F654867AEC659C89796F4FBFD96D3550FF0BB9FF1CD09C3E006558A5CA15B32F8F7E7474F6F5CA300136A834D80B21DBB8E5F0E8666486A262A7A075CD398
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....]..SYE..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yh?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yx?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yx?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yx?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yy?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H).W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 3 06:59:49 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):3.9913295251712135
              Encrypted:false
              SSDEEP:
              MD5:469721A9E87D44A20FB5565FC4368134
              SHA1:AFBBEAC957F7682FE34AAB8CEAF5DFD32F5ACBA8
              SHA-256:6D3015415B9D850CB4ECA2AB4024401E4D0CEFE2ABD7E5DB06018723B6783B52
              SHA-512:39D9A308F054CFCA1158B164CD0DEA76D99EA0397F20649E4A0BB3C7038EBF3BCA7542EB3AA188CB2427928F35A07F1063FDFDC3F65209C34C0A93B74F279AFB
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....I.SYE..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yh?....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yx?....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yx?....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yx?..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yy?...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........H).W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\Downloads\503455ff-803e-4a04-81b4-2fc19f4f47ef.tmp

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:7-zip archive data, version 0.4
              Category:dropped
              Size (bytes):16869
              Entropy (8bit):7.985259573027342
              Encrypted:false
              SSDEEP:
              MD5:231B40123A96F95047D6C734B40017BB
              SHA1:53C871E2F9A0E0A274D1E1AF614578FB37130B25
              SHA-256:4E45618D3B392B83F70E6035372354AFA749C1EF8C0E5FC450DC1A43BF014E57
              SHA-512:529FEB41583DE5E0A74E8E1FE4D14C91630C1F0FCD85E8C2C7573128AB9C9CA816CC129B2293234101F25A5D9A2122FFFB68F7EADE54659840679FD180FFC21C
              Malicious:false
              Reputation:unknown
              Preview:7z..'...s<...9{.....%.........."...PK...........Y..............1.......... ....../up-..`..7........... ......../PK........o..Y..x./{../{.2.a.......... ....../......... .......docx.rarup]....q............ ......../........... .........docx.rarRar!......8.!.....6.6.s.....sbG..#Y)......!qcQ.A.....[.&..O...^71\e.....V.[y...k.E|.L.G.P1.....50....L.....4.......:.i9sEJ.Z._.w.......b9.l.\M\.pT#.......y...&.~>!...zV.7..'20o...w..99....qx...7Q...m.ag.rk.A...F...t..........8w...VX3.;.;S.~...C...eK=....'%.B....R..i....5.....5.{Z.J..N2..~.n.8..)............}.sZ..d.C.(.C.p\..b=.=..8!z....JlS.^....f......KU...cL..b.5H.FF...HR..($.2K.@9...z.?.....1Mq....._+.............O*[<Z...<=...7z.n..n`...1.}.3.z._.}%.<;. ^...x..b.8t.<m.9)ho.'.f ...R4?..c4o...U...`..-M..CM...c..y...D....>{....f.Q..o...y..G........&.......U...f.....OO....#v.Sm>..Q..d..s..3...2AH(.8=...?..H.m.....C.+...j.......=.e.<IZ....`x.w..%Y..1...g..S

              C:\Users\user\Downloads\Doc.7z (copy)

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:7-zip archive data, version 0.4
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:FAB64F2E9CDCE2818163BD11B0F91875
              SHA1:C25062581CB66B586498CB093F4A076C779DE368
              SHA-256:9A9C460F026CC09385B91C1CA1D8C89C0310808B0848B4A8E29BA52FEBD7BBA7
              SHA-512:35DE1C27E6E731F2D1C9284259574DDB1CAAEC4723E3D4777929FE51BB0BE46207241B81112ED9E7FD5D0BC2EB894302460870429627DBED1F2A6391874B6924
              Malicious:false
              Reputation:unknown
              Preview:7z..'...s<...9{.....%.........."...PK...........Y..............1.......... ....../up-..`..7........... ......../PK........o..Y..x./{../{.2.a.......... ....../......... .......docx.rarup]....q............ ......../........... .........docx.rarRar!......8.!.....6.6.s.....sbG..#Y)......!qcQ.A.....[.&..O...^71\e.....V.[y...k.E|.L.G.P1.....50....L.....4.......:.i9sEJ.Z._.w.......b9.l.\M\.pT#.......y...&.~>!...zV.7..'20o...w..99....qx...7Q...m.ag.rk.A...F...t..........8w...VX3.;.;S.~...C...eK=....'%.B....R..i....5.....5.{Z.J..N2..~.n.8..)............}.sZ..d.C.(.C.p\..b=.=..8!z....JlS.^....f......KU...cL..b.5H.FF...HR..($.2K.@9...z.?.....1Mq....._+.............O*[<Z...<=...7z.n..n`...1.}.3.z._.}%.<;. ^...x..b.8t.<m.9)ho.'.f ...R4?..c4o...U...`..-M..CM...c..y...D....>{....f.Q..o...y..G........&.......U...f.....OO....#v.Sm>..Q..d..s..3...2AH(.8=...?..H.m.....C.+...j.......=.e.<IZ....`x.w..%Y..1...g..S

              C:\Users\user\Downloads\Doc.7z.crdownload

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:7-zip archive data, version 0.4
              Category:dropped
              Size (bytes):24853040
              Entropy (8bit):7.9999935730427065
              Encrypted:true
              SSDEEP:
              MD5:FAB64F2E9CDCE2818163BD11B0F91875
              SHA1:C25062581CB66B586498CB093F4A076C779DE368
              SHA-256:9A9C460F026CC09385B91C1CA1D8C89C0310808B0848B4A8E29BA52FEBD7BBA7
              SHA-512:35DE1C27E6E731F2D1C9284259574DDB1CAAEC4723E3D4777929FE51BB0BE46207241B81112ED9E7FD5D0BC2EB894302460870429627DBED1F2A6391874B6924
              Malicious:false
              Reputation:unknown
              Preview:7z..'...s<...9{.....%.........."...PK...........Y..............1.......... ....../up-..`..7........... ......../PK........o..Y..x./{../{.2.a.......... ....../......... .......docx.rarup]....q............ ......../........... .........docx.rarRar!......8.!.....6.6.s.....sbG..#Y)......!qcQ.A.....[.&..O...^71\e.....V.[y...k.E|.L.G.P1.....50....L.....4.......:.i9sEJ.Z._.w.......b9.l.\M\.pT#.......y...&.~>!...zV.7..'20o...w..99....qx...7Q...m.ag.rk.A...F...t..........8w...VX3.;.;S.~...C...eK=....'%.B....R..i....5.....5.{Z.J..N2..~.n.8..)............}.sZ..d.C.(.C.p\..b=.=..8!z....JlS.^....f......KU...cL..b.5H.FF...HR..($.2K.@9...z.?.....1Mq....._+.............O*[<Z...<=...7z.n..n`...1.}.3.z._.}%.<;. ^...x..b.8t.<m.9)ho.'.f ...R4?..c4o...U...`..-M..CM...c..y...D....>{....f.Q..o...y..G........&.......U...f.....OO....#v.Sm>..Q..d..s..3...2AH(.8=...?..H.m.....C.+...j.......=.e.<IZ....`x.w..%Y..1...g..S

              \Device\ConDrv

              Download File
              Process:C:\Program Files\7-Zip\7z.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):153
              Entropy (8bit):5.161314273071717
              Encrypted:false
              SSDEEP:
              MD5:F76C67DEB55D7B9B808C73237782AFC3
              SHA1:974656BC9BA176FF10CBC2DC2529805EA90679E5
              SHA-256:79A22C3874CAADDB11AF0365AA654F5D7E7E59DCFFFCEDA3F8701E6BEA4D45D1
              SHA-512:73B57B4EC03F8904CF0CD1A44ACFFA3E869DAD4387874F455B327BB836F9E152B2B655D7BDBF1DFB13EB01C66C153441D07F7205ED6A097AA48512E0D93871E8
              Malicious:false
              Reputation:unknown
              Preview:..7-Zip 23.01 (x64) : Copyright (c) 1999-2023 Igor Pavlov : 2023-06-20........Command Line Error:..Unsupported command:..C:\Users\user\Downloads\Doc.7z..

              Static File Info

              General

              File type:RFC 822 mail, ASCII text, with very long lines (2113), with CRLF line terminators
              Entropy (8bit):6.090099063398057
              TrID:
              • E-Mail message (Var. 5) (54515/1) 100.00%
              File name:phish_alert_sp2_2.0.0.0.eml
              File size:137'823 bytes
              MD5:8a6617c720d0fcb92af9ec4df713cae2
              SHA1:bcb885c916a6bed5fca3efd25dc5adaab4eca50c
              SHA256:6b24e8181a27909f79d6120648b705af46dc7fdb39280c71260f0c2f02000801
              SHA512:7613c9d4954f6fcfc7f48831b52d16c4974db70fd1fc926b02bbb2edc7c17a2fe8b33887cc9889c7329f568c58054b6820b0b540789e71cec29bc2858d815fbf
              SSDEEP:1536:OqPyT7JpNMIeYZ+GIIC0Oi7ELA2SGP7dLZ6vqGbKxttlwEvrYtou6/n5fX2zvlI9:JI6HB+0xPKqGbKDt2EvJn5ebmLZQLWrV
              TLSH:E7D3F13BAC072D06735081F303EE9CED2CAF7B8F65C3289921484B8651A95B975DA91F
              File Content Preview:Received: from DB8P189MB0634.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:fc::18).. by AM8P189MB1394.EURP189.PROD.OUTLOOK.COM with HTTPS; Tue, 3 Dec 2024.. 07:31:08 +0000..Received: from DU7PR01CA0046.eurprd01.prod.exchangelabs.com.. (2603:10a6:10:50e::29) by D

              Static Mail

              General

              Subject:
              From: <lorenzobiondi@sircase.it>
              To:Olena Kobryn <o.kobryn@gms-worldwide.com>
              Cc:
              BCC:
              Date:Tue, 03 Dec 2024 10:26:21 +0300
              Communications:
              • , 06.12.2024 . , . , . , , 06.12.2024 . , . , . , , 06.12.2024 . , . , . , ,
              Attachments:
              • .pdf

              Headers

              Key Value
              Receivedfrom qkwunqx (unknown [45.150.33.32]) by plesksircase2.if1.housing.ehiweb.it (Postfix) with ESMTPSA id B6FDEA0463 for <o.kobryn@gms-worldwide.com>; Tue, 3 Dec 2024 08:26:25 +0100 (CET)
              Authentication-Resultsspf=pass (sender IP is 79.98.45.25) smtp.mailfrom=sircase.it; dkim=pass (signature was verified) header.d=sircase.it;dmarc=pass action=none header.from=sircase.it;compauth=pass reason=100
              Received-SpfPass (protection.outlook.com: domain of sircase.it designates 79.98.45.25 as permitted sender) receiver=protection.outlook.com; client-ip=79.98.45.25; helo=sircase.it; pr=C
              Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=sircase.it; s=default; t=1733210789; bh=cBE2TpvyJUS7mcsEEPLRc+3tthmsrgQ6JLfthSQNEKU=; h=From:To:Subject; b=Fr9FlI0a3F0wwWAFVGJ3+ZDAWAe9VK+LmKzg+HHiQPzLsK4g/lV3F6TUR7Hd2R8xp YfmB9lR6o5t8Mq7dHfRwSXgAG5ISdF/m73yGWnE3T6+KYWr1xO+E6PFVosIpe4bdf7 n/3dIAmLdykv6K0xcej5N2UnwV9EGIV+LUnlzn9c=
              Message-Id<88226bc05a674d42f15b12bade1b230a608d@sircase.it>
              From <lorenzobiondi@sircase.it>
              ToOlena Kobryn <o.kobryn@gms-worldwide.com>
              Subject
              DateTue, 03 Dec 2024 10:26:21 +0300
              MIME-Version1.0
              Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17332111736340.6056939549119269"
              X-Ppp-Message-Id <173321078972.13484.5568739583916369923@plesksircase2.if1.housing.ehiweb.it>
              X-Ppp-Vhostsircase.it
              Return-Pathlorenzobiondi@sircase.it
              X-Ms-Exchange-Organization-Expirationstarttime03 Dec 2024 07:26:30.3380 (UTC)
              X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
              X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
              X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
              X-Ms-Exchange-Organization-Network-Message-Id fbae92db-e560-4880-ad3c-08dd136bce7f
              X-Eopattributedmessage0
              X-Eoptenantattributedmessageb257b72a-b83c-4005-915b-ce5ce92eaad2:0
              X-Ms-Exchange-Organization-MessagedirectionalityIncoming
              X-Ms-PublictraffictypeEmail
              X-Ms-Traffictypediagnostic DB1PEPF000509FA:EE_|DB8P189MB0634:EE_|AM8P189MB1394:EE_
              X-Ms-Exchange-Organization-Authsource DB1PEPF000509FA.eurprd03.prod.outlook.com
              X-Ms-Exchange-Organization-AuthasAnonymous
              X-Ms-Office365-Filtering-Correlation-Id fbae92db-e560-4880-ad3c-08dd136bce7f
              X-Ms-Exchange-AtpmessagepropertiesSA|SL
              X-Ms-Exchange-Organization-Scl1
              X-Microsoft-AntispamBCL:0;ARA:13230040|8096899003;
              X-Forefront-Antispam-Report CIP:79.98.45.25;CTRY:IT;LANG:uk;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:sircase.it;PTR:plesksircase2.if1.housing.ehiweb.it;CAT:NONE;SFS:(13230040)(8096899003);DIR:INB;
              X-Ms-Exchange-Crosstenant-Originalarrivaltime03 Dec 2024 07:26:30.2130 (UTC)
              X-Ms-Exchange-Crosstenant-Network-Message-Id fbae92db-e560-4880-ad3c-08dd136bce7f
              X-Ms-Exchange-Crosstenant-Idb257b72a-b83c-4005-915b-ce5ce92eaad2
              X-Ms-Exchange-Crosstenant-Authsource DB1PEPF000509FA.eurprd03.prod.outlook.com
              X-Ms-Exchange-Crosstenant-AuthasAnonymous
              X-Ms-Exchange-Crosstenant-FromentityheaderInternet
              X-Ms-Exchange-Transport-CrosstenantheadersstampedDB8P189MB0634
              X-Ms-Exchange-Transport-Endtoendlatency00:04:38.7646243
              X-Ms-Exchange-Processed-By-Bccfoldering15.20.8207.017
              X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
              X-Microsoft-Antispam-Message-Info UdO6vn1QEz7L74cLmmqGFvluNd1f7LBFcPQAaG6AtLu5NiAdw0rFQFLJONLY5FctcWeMXemcMQE2K0n2JzEFs6QgwzPNJV3xmaVUQs2DI/rcfgm02E3sIqjBjuNu4bVAa6h2ehgubIc1+F6WENMFkXK26BumVM+ItcdxSXXUd+n56Zn2QgO99tsX5nHMsx/GeOBySwDiXJOGFypJlCv85THK24Ulqmg+BgfncytPL0bQE4TN/AQbYoe/TQJZIX7KHJehTqSF64RkZbCGlkDwYgxTUkKx9MxTYkZNG7FuMwmH1qhaa9cUs1mNzNdq6DzkwTZQzdKXq8aEs4bZE3jcaBiHU96etgHX/6nWdZcWHKbUr2pFpVSIe1jyJMD4Wst7cNDff3Ej3blOigE4GCtn7K3E8TjNaBuO6ir+8UF+XfLciWwEbk+oCjReREE13LCtYKQvaElPQKMXysqJyG65+t6hcFgJ5Ke1ebHh1MPXEltW8T1Bc5kV8If0s/kyuA2rX60ThZdD3A2Z0xXI8a3qqhdLg9A8N7RBawWFDuVAW4jF8inI2ZFYTOL1RZw48snVkYlgOElT/J/Zyer/784Vc9Tjx1z5J8BPf3dhX2eKSiMnoHapVDmPDHx08R9lNLvq5a/0L+LIdNn2FOS2wFyJaikh4kPcqa34FXIwTB11JBYz+GD7wWawpnN/AmueGPQqPQilUYkM6IAroK/XjsmswxZSGSMYVvTSzyiWRbiDgMOKoXaMi4b+25nMpGbaaYLsSgQBaXtsPl6TDQLKbiTTodiNGYiHb+6cgrd4WLvwk8sNC6+nphtlJNGc8sTn8ktORasPjfgLeucQXsZBVboQkSDBy8bVwAdiGzqLWei3GI4oLQcirWtyC+9jH2aHYEib+z6+rX1tvLRJi5/AkVfccXDwT+ZFqZHIVvC4QLT6S5OlOVVDfw8eD3B7P80kAON/op+kkI6TXcWl14WerE8Hh4M8w/2S4AWnMPDpvDlDR/8a4Z2ModSUQWIcECzUYNtk6ybOZRZFJmGKsrSswSwktStAHLqRCBAzkeT1bg+SU8RHOprPXPy0sSWGZoPN9XGgY5wUlXcl5zNYcKP0IO7ISlOcs3KF8ZOa3mWfMNp6dRzlCbaDFsWwBFVrdyJZQYM1+ugfRy5f6weXVkbarHs+3Uabt2mGtRe6d09B8Tc1cb1XHsHNsJQ+mrz6E1Fls6k/l0xe/HCayEEyCbebZYdbgXKNqJVsRYkGetrGg+kStZlETkYs2lBdQ/PA9FVvPTce7cMhiz1tykrYaAh7Dpl0aKvAJlFndNm2rQ7LeI0iF9X5AARK1iHmKRSQ+ckdytfOVmifVk5b+OA5n+8ravjAkCiE7ndL62A7Sqs6zgIcMdIgntc/o34pFBFusF2yT4lkjIhxmYXt080NLpGdWv8hIKjxbPIBiKn4dkyyd07ZOKFaL4NYQI0I2pnV8Dau3m/WmcOO+WhA14XMjapARBxW0pSnZwElOKLPHLrq4xd4E/gkHtoRQya7sf7yMsOTOhhaheDTImdFSrJEKeNGciCVy6HHegwiKZEiiP7q8DdjuG1jMyJ+SiqfQLBX2tnz8YhOI1nQsBgDlQyl/o7CcNILaSb/SWdySlOJKgp07UPFHutVbeTAQYxigCNweEktu9vzh73I9s6gmtiJsuErfuWYIQCn1E0rYsKpH61tHL1iAmLZmteA4A6bSF9YQMEOzWIB2Gqh7DcBicv1A6sB7c9ynWUYKrmUe9Q31l44z9XiyUZzVy1cdNjFK8YwInqSODY9aFMGHUWNUlO7CTBBuRTMHft2SnXlD3ZoyNxahYNXOQH8SWqy/T+u4A74mU4gIWIoWrPJGfGj82agGs77jb5kBLOSgOMa0M4jjaqLap947DNvkoz6YJPGv+l6bkreODOljzSBsElHIvCn6hhWYBukEisQEdxcAAVYdIg9eo262OSA0/qD1RXu6dz+f5bFMapDUKIJc+yOYT7BmNrve3F0sdCqTV8Xe3LVJBlYrrHsSx1B/7P01/nALmz5JTqUemJ8qbLPotnR4VuWNGbcTnW3eIjmv9ivoZO6B4GrqzisF+oDY8h1YXHnacNozyPbhGT/
              Content-Transfer-Encoding7bit

              File Icon

              Icon Hash:46070c0a8e0c67d6