Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0.eml
Analysis ID:1569959
MD5:e5608b170558f1304dc4f6ec826de20e
SHA1:af829e8d0c3a7b3a8e84acc79763deb54606748b
SHA256:a2798a1898d4f5271d057a109b595abcd63b7b575ed1394f6c4733d396c2a21b
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript
Creates a window with clipboard capturing capabilities
HTML body contains low number of good links
HTML page contains hidden javascript code
No HTML title found
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Office Macro File Download
Stores files to the Windows start menu directory
Tries to disable installed Antivirus / HIPS / PFW

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6864 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6320 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "69257090-1380-4333-9FA9-C7FE8007ABAD" "B1FCEDD0-C90D-42D9-8190-5089486CCE6A" "6864" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 7008 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LFRQB950\N Yuzefovych_ReviewSign.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6968 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 2996 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1568,i,6067518761959947969,17236583181797475140,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7264 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9fe MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2060,i,4105359688866621109,8392540911821828311,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6864, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Office Macro File Download
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6864, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
Sigma detected: Office Macro File Creation
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6864, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feJoe Sandbox AI: Score: 9 Reasons: The brand 'Adobe' is well-known and typically associated with the domain 'adobe.com'., The URL 'embeds.beehiiv.com' does not match the legitimate domain for Adobe., The domain 'beehiiv.com' does not have any known association with Adobe., The presence of a subdomain 'embeds' does not clarify any legitimate association with Adobe., The email input field 'suckmydick@gms.net' is suspicious and unprofessional, which is often a red flag for phishing. DOM: 1.4.pages.csv
AI detected landing page (webpage, office document or email)
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feJoe Sandbox AI: Page contains button: 'Submit' Source: '1.4.pages.csv'
AI detected suspicious Javascript
Source: 1.12..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://embeds.beehiiv.com/cdn-cgi/challenge-platf... Script shows multiple high-risk indicators: heavy obfuscation (encoded strings, complex control flow), use of dynamic code manipulation (String.fromCharCode), and suspicious array/object operations. The code appears to be a challenge/fingerprinting script with intentionally obscured functionality.
Source: 0.11.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156... Script exhibits several concerning behaviors: 1) Uses obfuscated payload data (+3), 2) Sends data to external collector domain (+2), 3) Contains tracking identifiers and session data (+1), 4) Domain 'px-cloud.net' appears to be a tracking/monitoring service (+1). The presence of UUIDs, session IDs, and encoded payloads suggests sophisticated tracking or monitoring capabilities beyond standard analytics.
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: Number of links: 0
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: Base64 decoded: 1733484197.000000
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: HTML title missing
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: HTML title missing
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: HTML title missing
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-WJXL7FH
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-WJXL7FH
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-WJXL7FH
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: No <meta name="author".. found
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: No <meta name="author".. found
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: No <meta name="author".. found
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: No <meta name="copyright".. found
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: No <meta name="copyright".. found
Source: https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9feHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: embeds.beehiiv.com
Source: global trafficDNS traffic detected: DNS query: client.px-cloud.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: stk.px-cloud.net
Source: global trafficDNS traffic detected: DNS query: collector-pxebumdlwe.px-cloud.net
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: nel.heroku.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASS
Source: classification engineClassification label: mal56.phis.winEML@35/65@23/106
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241206T0622590651-6864.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "69257090-1380-4333-9FA9-C7FE8007ABAD" "B1FCEDD0-C90D-42D9-8190-5089486CCE6A" "6864" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LFRQB950\N Yuzefovych_ReviewSign.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1568,i,6067518761959947969,17236583181797475140,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9fe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 954EC002B3BA6A42DEB0F1059220987E
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "69257090-1380-4333-9FA9-C7FE8007ABAD" "B1FCEDD0-C90D-42D9-8190-5089486CCE6A" "6864" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LFRQB950\N Yuzefovych_ReviewSign.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1568,i,6067518761959947969,17236583181797475140,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Drive-by Compromise		Windows Management Instrumentation2
Browser Extensions		1
Process Injection		3
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Clipboard Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Disable or Modify Tools		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		Security Account Manager14
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    nel.heroku.com
    		3.248.127.62
    		truefalse
      		high
      www.google.com
      		142.250.181.100
      		truefalse
        		high
        embeds.beehiiv.com
        		104.18.69.40
        		truefalse
          		high
          stk.px-cloud.net
          		34.107.199.61
          		truefalse
            		high
            collector-pxebumdlwe.px-cloud.net
            		35.190.10.96
            		truefalse
              		high
              client.px-cloud.net
              		unknown
              		unknownfalse
                		high
                x1.i.lencr.org
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://embeds.beehiiv.com/7926197b-a480-4f0b-8156-2c5f0610a9fetrue
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    35.190.10.96
                    		collector-pxebumdlwe.px-cloud.netUnited States
                    		15169GOOGLEUSfalse
                    23.56.162.204
                    		unknownUnited States
                    		16625AKAMAI-ASUSfalse
                    50.16.47.176
                    		unknownUnited States
                    		14618AMAZON-AESUSfalse
                    142.250.181.136
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    23.193.114.19
                    		unknownUnited States
                    		16625AKAMAI-ASUSfalse
                    3.248.127.62
                    		nel.heroku.comUnited States
                    		16509AMAZON-02USfalse
                    52.109.89.19
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    13.89.178.27
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    172.217.21.35
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    88.221.134.57
                    		unknownEuropean Union
                    		20940AKAMAI-ASN1EUfalse
                    104.18.68.40
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    34.107.199.61
                    		stk.px-cloud.netUnited States
                    		15169GOOGLEUSfalse
                    172.64.41.3
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    52.113.194.132
                    		unknownUnited States
                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    172.217.19.238
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    1.1.1.1
                    		unknownAustralia
                    		13335CLOUDFLARENETUSfalse
                    172.217.19.234
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    88.221.135.80
                    		unknownEuropean Union
                    		20940AKAMAI-ASN1EUfalse
                    142.250.181.100
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    52.109.28.46
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    172.217.17.74
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    104.18.69.40
                    		embeds.beehiiv.comUnited States
                    		13335CLOUDFLARENETUSfalse
                    142.250.181.99
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    23.195.39.65
                    		unknownUnited States
                    		20940AKAMAI-ASN1EUfalse
                    2.20.68.210
                    		unknownEuropean Union
                    		37457Telkom-InternetZAfalse
                    173.194.222.84
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    52.109.76.144
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    2.18.108.135
                    		unknownEuropean Union
                    		20940AKAMAI-ASN1EUfalse

                    Private

                    IP
                    192.168.2.9

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1569959
                    Start date and time:2024-12-06 12:22:26 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:20
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Sample name:phish_alert_sp2_2.0.0.0.eml
                    Detection:MAL
                    Classification:mal56.phis.winEML@35/65@23/106
                    Cookbook Comments:
                    • Found application associated with file extension: .eml

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 52.109.28.46
                    • Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtSetValueKey calls found.
                    • VT rate limit hit for: phish_alert_sp2_2.0.0.0.eml

                    Created / dropped Files

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):290
                    Entropy (8bit):5.154645637953888
                    Encrypted:false
                    SSDEEP:
                    MD5:74746CA57A3097685EB3445774B9999B
                    SHA1:7BDC3CE30B1C6698DE696BB5EE03E2D8396D9E85
                    SHA-256:B7392DE0C73BA037F609E065BE54E1D1DFFC7B8CFD97D5A5F21CB1E8C9C6F398
                    SHA-512:6CE10C94EE149B864DC7DC33EA2B1A1FF148E6E8AB3C5D9302EBAC29BB1C05018DBA168746B5B2813DB29A5D285DDE9E231D0498B7E8BCD104BB03B68024AEE7
                    Malicious:false
                    Reputation:unknown
                    Preview:2024/12/06-06:23:13.521 11bc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/06-06:23:13.536 11bc Recovering log #3.2024/12/06-06:23:13.536 11bc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):334
                    Entropy (8bit):5.205298601513553
                    Encrypted:false
                    SSDEEP:
                    MD5:B5F605808267A7597C063127A15B9E24
                    SHA1:1D88584266B4295C0C48CDDFDEDFAA0F6312296C
                    SHA-256:E451482BB63D66EA7914916F9F8373FA28757C3B1E5DDD9DED5C7FDB4E62FD80
                    SHA-512:45255C80B6A6E2DB43815D5C12762F88B2E2958D9D456AE03A939046521A922462768103EC936264111CF404279AB8CEE375DC002F75A17A219FE2CCE5F31608
                    Malicious:false
                    Reputation:unknown
                    Preview:2024/12/06-06:23:13.343 19d4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/06-06:23:13.357 19d4 Recovering log #3.2024/12/06-06:23:13.358 19d4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4099
                    Entropy (8bit):5.237606927056239
                    Encrypted:false
                    SSDEEP:
                    MD5:DD5940CF1015BCD361D301ED98FAE61D
                    SHA1:45A13E241934ED4D72F7ED49D50D81CFB938FE1D
                    SHA-256:32D6B9622298D71FF87A32FA84719298791645B2768C7FD3405A157617631984
                    SHA-512:CC4E8246AB367D65BEEE4E172055DABD38B5B459BD5BBCE07E44EA05E4C94ABA8D8657DAFEA7667104B996CBE041C163F07EACC50347042B81FA487B5CCA681B
                    Malicious:false
                    Reputation:unknown
                    Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:ASCII text
                    Category:dropped
                    Size (bytes):322
                    Entropy (8bit):5.160653111045078
                    Encrypted:false
                    SSDEEP:
                    MD5:5A5C2344D759D2C587F05F484889C8FA
                    SHA1:A202BD87A4C2CEB40D8C1AFC9897734E4C6F2BD8
                    SHA-256:7E684715A5E3A0AE095CED410CF4CFCC4585986DFEF26D9CC485699E4997459C
                    SHA-512:28342601742A543D6354FCADB2C8C2FE595B541397ED7DC7AA256751BA89DB0888086F04C7E8C096EE0688FA2B01B63B1B57FE75C58396053724B853CD6E5278
                    Malicious:false
                    Reputation:unknown
                    Preview:2024/12/06-06:23:13.600 19d4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/06-06:23:13.601 19d4 Recovering log #3.2024/12/06-06:23:13.604 19d4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241206112317Z-163.bmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                    Category:dropped
                    Size (bytes):71190
                    Entropy (8bit):0.9084013517861638
                    Encrypted:false
                    SSDEEP:
                    MD5:D01085EB3A208BDE12DB865D169695CA
                    SHA1:803775296587BC08BDB6A9B506B5882EED759C76
                    SHA-256:77EABB9E2305D9EA385D0742C0FAD4639C60354C09D50A0A1E64BC888C166449
                    SHA-512:BD38B395FA3C0E6D154D1640F0013CE7D3135EA90F046C3970B673B12ED0ADFCDA800C754D4E9B1473D49D000060CD6E55FAA600A10BCE63E9B144AE0C55F5D2
                    Malicious:false
                    Reputation:unknown
                    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):57344
                    Entropy (8bit):3.291927920232006
                    Encrypted:false
                    SSDEEP:
                    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                    Malicious:false
                    Reputation:unknown
                    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):16928
                    Entropy (8bit):1.214534937209568
                    Encrypted:false
                    SSDEEP:
                    MD5:CE9A28C1EE43FF9101D2D17A054883EE
                    SHA1:FD4BE9102E80C9C3B48EF0CCCFFC263ECAA7E425
                    SHA-256:AA906647338E9AC728F21C9C565CCDA41C8FE133DDDF81D8E9530337F045D4B9
                    SHA-512:0124969BB019C8D5CEDD14F48FE413A5DADED2F464FFB9200D4EC77A6390F11FCDD1A929AD2D956867C1426F706AEB119978CE17F920C52A917846CDD846EEF5
                    Malicious:false
                    Reputation:unknown
                    Preview:.... .c........n........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Certificate, Version=3
                    Category:dropped
                    Size (bytes):1391
                    Entropy (8bit):7.705940075877404
                    Encrypted:false
                    SSDEEP:
                    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                    Malicious:false
                    Reputation:unknown
                    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                    Category:dropped
                    Size (bytes):71954
                    Entropy (8bit):7.996617769952133
                    Encrypted:true
                    SSDEEP:
                    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                    Malicious:false
                    Reputation:unknown
                    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):192
                    Entropy (8bit):2.7464849065063075
                    Encrypted:false
                    SSDEEP:
                    MD5:330155EBCFAE2770B30D33B87DD24C40
                    SHA1:5A98486C64DB98C143C16AC1D10F00C36B8D1BE9
                    SHA-256:0EA200D227B3DDCCD4926315731D672BE4B0DD9D40229672CCBD0D7F195366FD
                    SHA-512:55150198038D0360E111AB672647151DD5A0CF33EA30C533B8CADF4DAB6A909521C2BFE65068E9412E83588E15700643F11FA87530BD67DBADFED205B8C6982A
                    Malicious:false
                    Reputation:unknown
                    Preview:p...... ..........eE.G..(....................................................... ..........W.....W..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:data
                    Category:modified
                    Size (bytes):328
                    Entropy (8bit):3.144086598890895
                    Encrypted:false
                    SSDEEP:
                    MD5:D6B5CB16C0BEDEF5D888949F008AEBB7
                    SHA1:2B6A1D9B0A70ECBD3D75AAEE5C2C4AB915A6C7F9
                    SHA-256:2856B5C6294E9354B4570C31CDB38F173318CEF8829BFD8C9335454B2FF59FA3
                    SHA-512:4B2C5A433787ED606C5F4C1CCD07914C11985E9E2E21053909A3B5999407A185B97E2CC8621D80E173ABAD3D25C7317C07E2E686A5F22D24E44F39AB57330B6A
                    Malicious:false
                    Reputation:unknown
                    Preview:p...... ..........jX.G..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):295
                    Entropy (8bit):5.384985844781883
                    Encrypted:false
                    SSDEEP:
                    MD5:BB64FCC8940C7E59766478E4F83E5301
                    SHA1:6CEB2857F0CD5C9356B30C3156D9021A3565F64E
                    SHA-256:F54D158AADDD1C453A65C865C315848616032A652E08B60B7AB5FD7A4763D966
                    SHA-512:6F16F7967C72A07B8F91325CA99326DBEE4B342D130AAA626CDCC8ECC68871BF7AE18E6BEB716DA6AE7C104A09B7EEFB499951C38EC49281953DDC5815154802
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.334215647247923
                    Encrypted:false
                    SSDEEP:
                    MD5:42EF370ABBC91BAA43557CD6BF911F1B
                    SHA1:F0AA7FDD1E007A84CD126F7916F97D645A6EFAE5
                    SHA-256:139B0EA72C566A724D3A8AEFF374C03A37D2EFA0B0F288CEDE3C30CF3E86AFAB
                    SHA-512:DEAF429A17A8429D5E360AF540DAD1156A03939594A50E563CA437A6776C198D7A4F03D7C85BDD68D3FD5BC806E4C8896432BEB521176FC03054E5C978AD0C72
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):294
                    Entropy (8bit):5.313702216385326
                    Encrypted:false
                    SSDEEP:
                    MD5:6B5EFDF277397486DE3350A4DC8521B8
                    SHA1:E8107D67D581812E3F536FC0522D52BFE09362FD
                    SHA-256:FC6CE84AC7364160038165B5D66487825A17C8218A4C29CE7B20DE4D5B288A43
                    SHA-512:DB0379DA77EE0E134F85E70ABA7EE1AC3401EE35C370083197C73C6C3FB3373589D4C6F5EAC18FE67D605E2ECF662DCB347372EEE17B8D654028B43B9B2D2990
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):285
                    Entropy (8bit):5.374124716276024
                    Encrypted:false
                    SSDEEP:
                    MD5:1B8EE9157C80943D5FC2A982A94A2066
                    SHA1:C725F3ACC7FF94459DDECB5146DD5AE1A8470AB8
                    SHA-256:D5CFDBD90D1594F3C0030A0061431C1344B0A0289FB74CF058F09A1568244F58
                    SHA-512:4BB584E7122298FBA60D8C078DE4FE5DCEFE22A57E58975A8602CEB1555EAC52318C5ACAD6ABB7EB5940B98048E70BC8804F74F99850787EF7633FC1D12D8008
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1123
                    Entropy (8bit):5.697016188310799
                    Encrypted:false
                    SSDEEP:
                    MD5:E9CA71B7494E6F1585CA28B292C56AFE
                    SHA1:4E4575CB16397FFA0265C216C5C3A8530A7B1B33
                    SHA-256:F39682B0DE805F5FABFAF11449199B5521849955F5F9F09A840738CD6FFEA46D
                    SHA-512:087C6BD6E0A9C9FC6C45CAD7E57F9DEE1CEC3539E06A47D74C4E202DFFD53412EA7B8EF1FA97E405037F11485654EA9BAAAB1C8E84931C6EBB4C09E2DE7F3826
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1122
                    Entropy (8bit):5.690791855750961
                    Encrypted:false
                    SSDEEP:
                    MD5:D78928BFE09808C921F55D084D8C4F15
                    SHA1:D2BC4EBDAB9038FA2C405BDFC35F12D6E90F8F7E
                    SHA-256:140DEF16C9D40E193DAAB17AE9EA62D23B8AF53FD30504162A2C44742BDC7E4C
                    SHA-512:45673DDBA06A1CBBA576F0097A2CA2956C93DFFA21F944E6DCB83777B6FA8760568CFA1C99F9FB1DE5EC96675E383650E67B464FC4C261499D423FE4E8237C04
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):292
                    Entropy (8bit):5.327898286576213
                    Encrypted:false
                    SSDEEP:
                    MD5:964A159F09D49087F72C9F6433A2207B
                    SHA1:E733E37F0613E7C15DB931789E0E3FFB95B6E287
                    SHA-256:52EA078679151565E1D749647CAD60C9493D925A4D7F3AD9F35AA1D05BCA9B4C
                    SHA-512:4F876D76C193954C3AFB9A1923F16ECD41284C7852C69B25E3E94B1486C6A91B1CACA1E61E7FCF643C9A6EBB84B7704E06A854D70719F9D20C5C0071640E0CFA
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1102
                    Entropy (8bit):5.683646899219591
                    Encrypted:false
                    SSDEEP:
                    MD5:C41DD5A780BB09DA2E30286D34BCEF03
                    SHA1:6AC378F549B11AC8EA2EF633A552532782A19A20
                    SHA-256:8B11ADEB3F61DD15F258B7BE53584053EB4AD8400DC32329E1ACD32147E12600
                    SHA-512:1A7281588CD9AFFA0A9421063AD489E08119F9869A2877C1CA8F6AE550071DF49CA27E989FCE1CD97DDED84DE96F3C469C23639CD4A72F5DA66F89425A6928E2
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1164
                    Entropy (8bit):5.707037457152545
                    Encrypted:false
                    SSDEEP:
                    MD5:D49655E24DD4DD9F79C8A6D50C1EA921
                    SHA1:B5CD8A6BAB81F71C33ECCC42C2508FE4E646B1D4
                    SHA-256:354D9815CA3F48F4215835180FC1B2D0132591CFDD9256A9650717DA6CC0FB62
                    SHA-512:E29068F35049D0ABFACC00CE1AE1A954D840DA70DD7D9781B17F118100584BD9FD0A44686BAF652DBDDA0120A890AE39E60E69600D85C2326B7FAF1A4DEA261A
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):289
                    Entropy (8bit):5.331388184290225
                    Encrypted:false
                    SSDEEP:
                    MD5:A89F782A26B05B8112C3A85DBD434D81
                    SHA1:A73325331B1F534794EEA9733437C3231C54F4BD
                    SHA-256:80119259031BE16DD524645737202C0037478785DB930D327EAF0F16384225C4
                    SHA-512:785FF5D1FD9A78A45167C7EC41EB5A7A4140C8FA32C709B5232BA212C570C5BA9DB7C5C100755D41FEC921B12DC69163364270318133D1A6D40BFCE36EF04BE3
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):284
                    Entropy (8bit):5.318290156919089
                    Encrypted:false
                    SSDEEP:
                    MD5:C236A1849D8EB763D5ED1FEF5BF1088C
                    SHA1:A7AEF97B957AC768BFACDF8ACC2A7DB4FF4C23F1
                    SHA-256:50D090299C38A602E96AD070EA52B4037299C06D32334ABADD405FE39D0B4AFC
                    SHA-512:BBCB3C893A4152C5529C88D5E9F569F41ECE1ABE008ABCCF343036CB2C77D0B659E1DF14EA2A33C8A87E952171FC6B8A5C5A97698CA58172F724E28C0E3DCC7F
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):291
                    Entropy (8bit):5.314719555611578
                    Encrypted:false
                    SSDEEP:
                    MD5:920A6741C27060CF492172A84B7100C4
                    SHA1:4586933DFA751C2576D58B98F665D6A2A32848A1
                    SHA-256:CB5701393CD1E5BADA6652D1C5597DA0A7FAED36F7931F4D99035D75D75558D5
                    SHA-512:4E2B6FC0AF60022AB6B409E28F575C71767DC989E77E660D65FF5067B4D4F9E7EE1C6F3FD3D7D27E93ADB06885FC70FB6CF31149694097542EBD6DDBCC14BB3C
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):287
                    Entropy (8bit):5.317885585178871
                    Encrypted:false
                    SSDEEP:
                    MD5:DBAA6C3D87B0BAC784BD26EBDED9B1DB
                    SHA1:ACDBE6341FB43D618F4617D752252D127FE27965
                    SHA-256:01A29D5B8F54006813B48D7DBFED226C402CE4AAF2D2636DE5BFC0E95188B3B1
                    SHA-512:79F99264527AF5B7E39F5DCF05205033A70C7EFEAE64381139ECED9488C4965F606C4DA1F20D25717763B2B4FEB11076C59D3BE05B27B04090556A55664AB741
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1090
                    Entropy (8bit):5.672388737670747
                    Encrypted:false
                    SSDEEP:
                    MD5:478BDB4AA77E790D803094B69A327A62
                    SHA1:852075A8DA7ED7D00FF9F31A821D3366C6A8D0FB
                    SHA-256:557112C374D803BCC44A959C3D1DB03A2BA3914B178F902EE73C90FD20176DA2
                    SHA-512:2D1AE2E3F93572E251D560225A1E3D4B91C44DFBC47A72A9934D758E4946624BAE860D789F0B49FF52F2B05BD204D131E02A167EF054C63D271EFF27EFAEFF87
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):286
                    Entropy (8bit):5.296573040749804
                    Encrypted:false
                    SSDEEP:
                    MD5:EDDF0D75B4890F913C37FBAA8C506E32
                    SHA1:58B51D625772CDDF2418F50ECB52A665715B1EAD
                    SHA-256:7544A0C358C9EFDC685465DEE489EC09FB5513164CE69B115A03163DFB44C83C
                    SHA-512:581999FD7BCCEC16A7EAE031C81F516FF6A99859B7CECA9FCB550FD6AE193D3CC4E282EC4482BBAC5EC705956F52EC474F0A474871F7435B2B7159C4CBB9AA68
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):282
                    Entropy (8bit):5.297886012147741
                    Encrypted:false
                    SSDEEP:
                    MD5:F9C2D49947909FAD598F74E34B1ADEFB
                    SHA1:4AE2FE275B558768CD1ABDD07B50106281DEA4A0
                    SHA-256:3A539016762571D19C5FDD51834428B5A6FD11FD8ADEEE34372A3C486BBB3AAC
                    SHA-512:1CD05397E27A146476CDFE1E0B2582982D440A8AFEB14BC024BB97F2B8FECB967167CF6926A841111B7E60FEBB042157E9D6BC85CE3A6928343438718F52B835
                    Malicious:false
                    Reputation:unknown
                    Preview:{"analyticsData":{"responseGUID":"64b9742e-6287-4527-84f9-fe4055287842","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1733657692423,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4
                    Entropy (8bit):0.8112781244591328
                    Encrypted:false
                    SSDEEP:
                    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                    Malicious:false
                    Reputation:unknown
                    Preview:....

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):2817
                    Entropy (8bit):5.139217052037201
                    Encrypted:false
                    SSDEEP:
                    MD5:85F97808380C284258767703E5F84AA4
                    SHA1:4477554CC24D007FB7C7E7C61BA90A37631D25EE
                    SHA-256:0A37B95393CC00AEA7523CEE4ABC9D02CD4AF8E41E5FC31038BB9F8AAB4D0AEE
                    SHA-512:2AB6F17AD39248C760C5F1FEA436F877245DF8635CB68BE4A9460CBC94BC5F3F8D1337BDB3BC43D43E945CF171E41515AB3C9657C729199541BCF1641EB11260
                    Malicious:false
                    Reputation:unknown
                    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"14cb5fe331d73e01cdc440acd4196fc1","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1733484201000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"fa2cc692198bca06f89e8946013a37bf","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1733484201000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"fa9325328d264a3148cc29efd6d3acfb","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1733484201000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"7b3172239438039e45cbac57362621f4","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1733484201000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"b618a95f67d567b11c40223618f69e4a","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1733484201000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"8562b8cefe79a430c961614e0d362b28","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                    Category:dropped
                    Size (bytes):12288
                    Entropy (8bit):0.9883814193123562
                    Encrypted:false
                    SSDEEP:
                    MD5:7A295A8A38DD2BB5C232D88D39EE7E5C
                    SHA1:FA6BA8C39354D2C6A03946DE6E5E5CD27800D5BC
                    SHA-256:482FCC78A26628AC0A3F66471C531D51D96C0B106D62D15CE8D62EBADA8BEE7C
                    SHA-512:519DF34D10E2E4A42885B1E10E02FC55D50A5AFA1B96C3ACCCCF9B9D42B9EE3421CA1D8B369711E80FEB541194907AC2057F589D371B97FED66C04AE7CD68D9A
                    Malicious:false
                    Reputation:unknown
                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):8720
                    Entropy (8bit):1.3459297235282563
                    Encrypted:false
                    SSDEEP:
                    MD5:EEA3B5DB8F40C7C82DEB0EFE2040CFF3
                    SHA1:365AE1A675B3965C7B763AC8C13AD4F5DC44A77D
                    SHA-256:58E40CF6EE61A39563C5629588C4EAAF08BAB3EFF1FCC85CBC653ABA7B91093B
                    SHA-512:5116D40C88B83EB9A3DD7B1A23BC63E5F1702681AA643849449F28C1483A55C3FE59CE1CEE519EE0AEC65B60557EE2B1AE6E84E7DC9899436D76D7FD3FC8A955
                    Malicious:false
                    Reputation:unknown
                    Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):66726
                    Entropy (8bit):5.392739213842091
                    Encrypted:false
                    SSDEEP:
                    MD5:23EAFEF6D62ACB2F9044EF75B3BCF43A
                    SHA1:AC42950CD725640A70171C7143213EDD96334B2D
                    SHA-256:3C3C60F096C30D19CD9F0CBE3A866716BAB106BFE1F7AFBB17F50036B1399E13
                    SHA-512:4A24F3C62AEB978BA5D0427A15C1479DDF58FEA572AAD6B58CD334BC3002DAF0E99FE25AA9246482986413BC8936335BA9D98606B48400BF97F2E431D262DEA4
                    Malicious:false
                    Reputation:unknown
                    Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:modified
                    Size (bytes):231348
                    Entropy (8bit):4.392044146657044
                    Encrypted:false
                    SSDEEP:
                    MD5:132534543E42BA41F921AA6B86901684
                    SHA1:13A0CF85EFA2CBEE4AA36ABE25D7584528E40E5F
                    SHA-256:B7DC5B7D1A963AC361C3752BD1C0B33C3EBA644D10936E8783BAAC4DEC91954C
                    SHA-512:32A2FE81C5D568D6243D4A7DDE7099D9A0CC447DA2EAA5AE68FF7A642F54C2D2F3712959956EB955347F2C2AF781D6F22163D57465D8ADA42807872BCF5EE9C2
                    Malicious:false
                    Reputation:unknown
                    Preview:TH02...... .@.J*.G......SM01X...,...p.<*.G..........IPM.Activity...........h...............h............H..h..............h..........+.H..h\cal ...pDat...h.[..0...@......h.".../........h........_`Pk...h..".@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k.........h!...!h.............. h'7.A....X.....#h....8.........$h..+.....8....."h@.............'h..............1h.".<.........0h....4....Uk../h....h.....UkH..h.`/.p........-h .............+hU."............z...3P`.... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with very long lines (65536), with no line terminators
                    Category:dropped
                    Size (bytes):322260
                    Entropy (8bit):4.000299760592446
                    Encrypted:false
                    SSDEEP:
                    MD5:CC90D669144261B198DEAD45AA266572
                    SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                    SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                    SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                    Malicious:false
                    Reputation:unknown
                    Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):10
                    Entropy (8bit):2.321928094887362
                    Encrypted:false
                    SSDEEP:
                    MD5:DB3B7271A9D3E2D5AB90F417687E0430
                    SHA1:8B7ECA0C52D64126FDE27A07873A43CC78DAA461
                    SHA-256:F31A92B3CCF952F5BACCEBA73A55C2CF378DE30E701E41DF296D7F4F97D26F09
                    SHA-512:EFF9177ADD0259239702E8936F8A747E51AFE1351418C7D938858355990E04A1498BE5B9C8DFB881645E34BA7E2A334DDF27CE8AFC061DD55FF0FEB390DA696B
                    Malicious:false
                    Reputation:unknown
                    Preview:1733484187

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.CampaignStates.json

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):1538
                    Entropy (8bit):5.170046666246265
                    Encrypted:false
                    SSDEEP:
                    MD5:F903C4A051E8AA36E9E085B08D1BC55E
                    SHA1:FF9AF9BBA28D4F3FF2238A64425CABE8123250AB
                    SHA-256:59D97433D58543D3CAE4BFDF9AC0DC6990A99BFB10D118B0D62D32DA15D30968
                    SHA-512:7B9A526C71B8DF94CF6556AB827C07E2265ACF6F81B4A12B3303ACCD6601C92735ECAA0F4AD5DC054FD1E7EA19B29FC220F41213822CD04E71DC27FDA8C9027B
                    Malicious:false
                    Reputation:unknown
                    Preview:{"CampaignStates":[{"CampaignId":"398f8b35-ef06-4a2b-a5dc-d85540d6fff3","LastNominationTimeUtc":"2023-10-06T09:25:18Z","LastNominationBuildNumber":"16.0.16827.20130","DeleteAfterSecondsWhenStale":31536000,"ForceCandidacy":false,"IsCandidate":true,"DidCandidateTriggerSurvey":false,"LastSurveyActivatedTimeUtc":"1601-01-01T00:00:00Z","LastSurveyId":"7e1f72bd-2c13-423b-93cf-2786588bccbb","LastSurveyStartTimeUtc":"2023-10-06T09:25:18Z","LastSurveyExpirationTimeUtc":"2024-10-05T09:25:18Z","LastCooldownEndTimeUtc":"1601-01-01T00:00:00Z"},{"CampaignId":"8a42827d-29d2-473e-998e-3217724c5b68","LastNominationTimeUtc":"2023-10-06T09:25:18Z","LastNominationBuildNumber":"16.0.16827.20130","DeleteAfterSecondsWhenStale":31536000,"ForceCandidacy":false,"IsCandidate":true,"DidCandidateTriggerSurvey":false,"LastSurveyActivatedTimeUtc":"1601-01-01T00:00:00Z","LastSurveyId":"0bb7f335-0b8a-4926-bb93-540e4e5b86c8","LastSurveyStartTimeUtc":"2023-10-06T09:25:18Z","LastSurveyExpirationTimeUtc":"2024-10-05T09:25

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.GovernedChannelStates.json

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):740
                    Entropy (8bit):4.578658879460996
                    Encrypted:false
                    SSDEEP:
                    MD5:439A34DE8DA5C04AF25AADB84A2120D4
                    SHA1:F12F9FF6E03A5762BD03061557029446680B1DAE
                    SHA-256:32B560C75C25C6F56C0439F67A3FA7D4F271F07B435EE41575A3D82C6C612880
                    SHA-512:BE704CD0DF8041945D16B8103135650B33D5E97D6F7C202E9C9499C3AE57E33855C2CC3A8F73B578DB482F47026C756F1FAA411A2CC58B5E53CE23CD24229834
                    Malicious:false
                    Reputation:unknown
                    Preview:{"ChannelStates":[{"ChannelType":0,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":1209600},{"ChannelType":1,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":0},{"ChannelType":2,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":0},{"ChannelType":3,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":3600},{"ChannelType":4,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":10800},{"ChannelType":5,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":7776000},{"ChannelType":6,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":1800},{"ChannelType":7,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":0},{"ChannelType":8,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":1209600}]}

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.Settings.json

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):87
                    Entropy (8bit):4.576828956814449
                    Encrypted:false
                    SSDEEP:
                    MD5:E4E83F8123E9740B8AA3C3DFA77C1C04
                    SHA1:5281EAE96EFDE7B0E16A1D977F005F0D3BD7AAD0
                    SHA-256:6034F27B0823B2A6A76FE296E851939FD05324D0AF9D55F249C79AF118B0EB31
                    SHA-512:BD6B33FD2BBCE4A46991BC0D877695D16F7E60B1959A0DEFC79B627E569E5C6CAC7B4AD4E3E1D8389A08584602A51CF84D44CF247F03BEB95F7D307FBBA12BB9
                    Malicious:false
                    Reputation:unknown
                    Preview:{"ShouldFloodgateTakePrecedenceOverRateAndReview":false,"AreRatingSurveysEnabled":true}

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyEventActivityStats.json

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:JSON data
                    Category:dropped
                    Size (bytes):14
                    Entropy (8bit):3.378783493486176
                    Encrypted:false
                    SSDEEP:
                    MD5:6CA4960355E4951C72AA5F6364E459D5
                    SHA1:2FD90B4EC32804DFF7A41B6E63C8B0A40B592113
                    SHA-256:88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3
                    SHA-512:8544CD778717788B7484FAF2001F463320A357DB63CB72715C1395EF19D32EEC4278BAB07F15DE3F4FED6AF7E4F96C41908A0C45BE94D5CDD8121877ECCF310D
                    Malicious:false
                    Reputation:unknown
                    Preview:{"Surveys":{}}

                    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):32768
                    Entropy (8bit):0.04587332210802959
                    Encrypted:false
                    SSDEEP:
                    MD5:A11429BF1420C42E844CA4807CE981CD
                    SHA1:F10BFA7A3B152DCF95C1C4CB7266A111A76D6407
                    SHA-256:CE3F7F1E421D7653F916D34C5E6FF1D3C161327B166E730F74A1D04AB2AF3786
                    SHA-512:6558F4F2387CE9F0AE12730182960D5EB4014A2EDB63850B5D124C6F2859C5F49AD44A488AF5868F3CADDAC36F0B0477760684293288FE7F9BC20731099ED72A
                    Malicious:false
                    Reputation:unknown
                    Preview:..-.....................e.D..e.T.`....'....1j)....-.....................e.D..e.T.`....'....1j)..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:SQLite Write-Ahead Log, version 3007000
                    Category:dropped
                    Size (bytes):49472
                    Entropy (8bit):0.48495460336203183
                    Encrypted:false
                    SSDEEP:
                    MD5:4BB9CC106E24F1B7A93037A8686E5E83
                    SHA1:66275984DFAB4DAD4700E5E0F413789CCC0B3982
                    SHA-256:B762A72FA58D11A22D8C17438AECB354C7A5CFB9215D99722CE6448A8AB74C7F
                    SHA-512:63DAFDCC72BFF8C4ACA63692213705C8F21E2E80B845087D03840FFB2254DA17CF9A325FE8DF6008ED40AC318D544104C74DED1494CEAB48AB54C9CBCB154B08
                    Malicious:false
                    Reputation:unknown
                    Preview:7....-...........`....'.s|c.Y.(..........`....'./T#6...SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LFRQB950\N Yuzefovych_ReviewSign (002).pdf:Zone.Identifier

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:
                    MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                    SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                    SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                    SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                    Malicious:false
                    Reputation:unknown
                    Preview:[ZoneTransfer]..ZoneId=3..

                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LFRQB950\N Yuzefovych_ReviewSign.pdf

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:PDF document, version 1.4, 1 pages
                    Category:dropped
                    Size (bytes):56561
                    Entropy (8bit):7.8886735653589035
                    Encrypted:false
                    SSDEEP:
                    MD5:CFB2A609690AE796A38C98E6FFDEF46A
                    SHA1:5D32E578C9C3D1522F5E6126A5CEA47E5F664108
                    SHA-256:7C338CE2457F0231FC57F169D032F77277E4A33A3C361EFABF4CC2608F9B2487
                    SHA-512:312BCFA5E89F21D95F191C51214993662F10E8E319E625EC6E6E257D414F228C2BD114AF6873C7C4FDF80AC2A410A3A9FBD7B7F14D1E38FC2ED51D6CB49C3359
                    Malicious:false
                    Reputation:unknown
                    Preview:%PDF-1.4.%.....1 0 obj.<</Creator (Chromium)./Producer (Skia/PDF m127)./CreationDate (D:20241206085602+00'00')./ModDate (D:20241206085602+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.6 0 obj.<</N 3./Filter /FlateDecode./Length 293>> stream.x.}..J......(.....28.h..iRpi"..V..S..A.OHS..tspu+....c(....#....AR.x.......@.....?..F..[V[..G@`*...dK..$...O.K..o...@...6..`.O.,f'..O. .a.sx.0A..6..vf...8....{c7..%op..Z.:u.....Q.......0Q.F.....*....(.S....DGACAa..j.g.rx....]..s...PxM.......c...vhO.<..v....-X}...b3~...*....mDJH.T~...K..endstream.endobj.4 0 obj.<</Type /XObject./Subtype /Image./Width 329./Height 50./ColorSpace [/ICCBased 6 0 R]./SMask 5 0 R./BitsPerComponent 8./Filter /FlateDecode./Length 920>> stream.x...k.@...../.7S.do..*...;8.8.t...........A...h. .#^..,j{1..}?n*....].ON..w.r.".<'.i.Q......X.T.V.=7...O.7...:....lS/.RTu....{..5=..Uj..^..D.....,.9......e..d.s..0.v26.x....A.u..f...,..........).l`<d...A..fc.n...>i..._...\l...fcD.@A.4..L..Ao.Z.....;i.....p.

                    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1733484179863783000_DEC5F024-42F5-4425-BC44-01C56F476939.log

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with very long lines (28763), with CRLF line terminators
                    Category:dropped
                    Size (bytes):20971520
                    Entropy (8bit):0.16032740155974426
                    Encrypted:false
                    SSDEEP:
                    MD5:26D210B79FBE17B14F20DD36F8E2D91F
                    SHA1:9FA563FFC0796D3958520BAD1D48CC1F5E44A861
                    SHA-256:75110838F704B580DFF3F6E11BBF8EE2449193DE89DEDB7DD4C3A9DDA7B986A1
                    SHA-512:53D8608BBA7635C203E563C46FA10EDF3BD694D93F8C8CFAA32AA573208FF842C3298826325D9D5EF96E204CE10FD6EF09125D80F1E5A00A48A6280F492EFA1A
                    Malicious:false
                    Reputation:unknown
                    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/06/2024 11:22:59.907.OUTLOOK (0x1AD0).0x1AC0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-12-06T11:22:59.907Z","Contract":"Office.System.Activity","Activity.CV":"JPDF3vVCJUS8RAHFb0dpOQ.4.9","Activity.Duration":14,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...12/06/2024 11:22:59.922.OUTLOOK (0x1AD0).0x1AC0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-12-06T11:22:59.922Z","Contract":"Office.System.Activity","Activity.CV":"JPDF3vVCJUS8RAHFb0dpOQ.4.10","Activity.Duration":11516,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1733484179864690500_DEC5F024-42F5-4425-BC44-01C56F476939.log

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):20971520
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                    Malicious:false
                    Reputation:unknown
                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\MSId5b65.LOG

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):246
                    Entropy (8bit):3.5085442896850614
                    Encrypted:false
                    SSDEEP:
                    MD5:D5C15305EB6CEE2A66767A57D821F380
                    SHA1:30D228DDC96A432EDEB4145F7E52EBC9FE32E0B1
                    SHA-256:D55789A21D59E2D7D25B93FBD7BFA5515F13B9379EFBB8B800109A564D9C1ECA
                    SHA-512:401987A432AD81CF0F6B516638678E4FD50D0EB0C522FFDC8E54FF6413DAF8D2D09AC663EA5528C6739C8F7C3845F9D01E87F65A2D74AEA4986B95F80FCDF3C7
                    Malicious:false
                    Reputation:unknown
                    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.6./.1.2./.2.0.2.4. . .0.6.:.2.3.:.2.0. .=.=.=.....

                    C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241206T0622590651-6864.etl

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:modified
                    Size (bytes):114688
                    Entropy (8bit):4.524364262879413
                    Encrypted:false
                    SSDEEP:
                    MD5:58C54C94DEDC566576395B0592B28F6E
                    SHA1:A656F0CF883ABC752CE35BA3856F3397323EED09
                    SHA-256:5B55DDAACC016314F0B72AE12FD643601DCB5426F932FA9EB057F2E0E196D24F
                    SHA-512:88B9AFE4CE45153AD054EEFDE6DA01EF3594D9660CFE2DC0D2D8B7E8F5A96576F44A83B2D14D1ED18017A1876B4C549D60467D5ECDDEC36736B6A6589319DFC4
                    Malicious:false
                    Reputation:unknown
                    Preview:............................................................................`............D.4.G..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................;...Y...........D.4.G..........v.2._.O.U.T.L.O.O.K.:.1.a.d.0.:.5.2.5.0.8.0.d.5.d.0.8.6.4.3.e.0.9.4.4.7.5.5.7.2.d.d.3.4.5.1.6.5...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.2.0.6.T.0.6.2.2.5.9.0.6.5.1.-.6.8.6.4...e.t.l.......P.P..........D.4.G..........................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-06 06-23-15-266.log

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with very long lines (393)
                    Category:dropped
                    Size (bytes):16525
                    Entropy (8bit):5.353642815103214
                    Encrypted:false
                    SSDEEP:
                    MD5:91F06491552FC977E9E8AF47786EE7C1
                    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                    Malicious:false
                    Reputation:unknown
                    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):29752
                    Entropy (8bit):5.420176273025673
                    Encrypted:false
                    SSDEEP:
                    MD5:1A6F5017CE3DE66EDEA80F0A249757A0
                    SHA1:1E9DB7D6FEA3586FD2EBDD05513BF26AB7F5615F
                    SHA-256:9C86D305B179B488FAA0FD3A2EDD4226E4F7E6A3D251CC918A5C520A96555BB6
                    SHA-512:AF9D55F02945AFEAA30AEDA035E7F29B316A76E2E0A049629A02C1CACEA801DA0B588DC6A68C0D591EA61B7589DBBAD1D492BFDB3B94DA6AA1270637B59FB9E1
                    Malicious:false
                    Reputation:unknown
                    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                    C:\Users\user\AppData\Local\Temp\acrocef_low\2d8e6991-2cd4-47fe-8dd6-75d00e0abfec.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                    Category:dropped
                    Size (bytes):758601
                    Entropy (8bit):7.98639316555857
                    Encrypted:false
                    SSDEEP:
                    MD5:59EE5E2FB56A099CAA8EDFD7AF821ED6
                    SHA1:F5DC4F876768D57B69EC894ADE0A66E813BFED92
                    SHA-256:E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75
                    SHA-512:77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE
                    Malicious:false
                    Reputation:unknown
                    Preview:...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=*.R........4..(WCMQ..u]]R...R......5.*..N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]|..7;.5....^..7(.E..@..s...2..}..j....*...t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...z*Bs|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5|:bj[.._R{gi...^

                    C:\Users\user\AppData\Local\Temp\acrocef_low\565e214a-6797-4555-9df7-87ee1b966746.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                    Category:dropped
                    Size (bytes):1407294
                    Entropy (8bit):7.97605879016224
                    Encrypted:false
                    SSDEEP:
                    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                    Malicious:false
                    Reputation:unknown
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    C:\Users\user\AppData\Local\Temp\acrocef_low\6c9cc8c6-a648-425f-9345-2d1bea535438.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                    Category:dropped
                    Size (bytes):1419751
                    Entropy (8bit):7.976496077007677
                    Encrypted:false
                    SSDEEP:
                    MD5:1A39CAAE4C5F8AD2A98F0756FFCBA562
                    SHA1:279F2B503A0B10E257674D31532B01EA7DE0473F
                    SHA-256:57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
                    SHA-512:73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
                    Malicious:false
                    Reputation:unknown
                    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                    C:\Users\user\AppData\Local\Temp\acrocef_low\9cd3cac6-bdbb-434f-b03c-9aa6557860d6.tmp

                    Download File
                    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                    Category:dropped
                    Size (bytes):386528
                    Entropy (8bit):7.9736851559892425
                    Encrypted:false
                    SSDEEP:
                    MD5:5C48B0AD2FEF800949466AE872E1F1E2
                    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                    Malicious:false
                    Reputation:unknown
                    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):30
                    Entropy (8bit):1.2389205950315936
                    Encrypted:false
                    SSDEEP:
                    MD5:CB6DBA129B3D42DB169C752DCD49E273
                    SHA1:339F1CDF8645524130FC32EFF2582094C1ACA42C
                    SHA-256:06A3ABCB02779AC57143E31E667F58BD60410DAED3F04566AAE1B9C9B80BE8FC
                    SHA-512:2EA77735BAE45940E093342932C7FF5C25B30E9B9C08CEAE4463846A4EA5A45CDDD52CA28C27C7C65F9B1AE3D3BF223A9CD73A1548D8C266A353C1566C92D717
                    Malicious:false
                    Reputation:unknown
                    Preview:..............................

                    C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:Composite Document File V2 Document, Cannot read section info
                    Category:dropped
                    Size (bytes):16384
                    Entropy (8bit):0.6688910077504374
                    Encrypted:false
                    SSDEEP:
                    MD5:E57DC56D4A4FBB24407B7BA2F5DE6A75
                    SHA1:E6DE497F74985E8A718CDA32EAB33E991BDDED12
                    SHA-256:94ABD23040DFFD8F907D24E63FE0D991C1683CCDCB90ECD9BC22C33C5CB015F2
                    SHA-512:74F9562564869EA07DAD9604A79A48C1AD17F90EC425ACDB6CE300E3B44564E9CADD70D865CF329D672B2CDA77EF6D968B1711E244100849E69695E87F8AB003
                    Malicious:false
                    Reputation:unknown
                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm (copy)

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:Microsoft Word 2007+
                    Category:dropped
                    Size (bytes):0
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:43B0B095BBD8A8D7E559CB9C4145661D
                    SHA1:3B6E3DF877F6DE3C4858F7D2AC8C93F0C3722C96
                    SHA-256:1A606030F99BEFC51820B621FCDE311A4B5F411FDBDCB1FBE04733AFD052E10B
                    SHA-512:9F37C425DB4E29C649885D8AE49774A522BADDD4D952AAAC71159FF6DA46B8FD32813870449D06DCEBC2B42FE566A6AB60A695B603942A00F182C00A4A998FE1
                    Malicious:false
                    Reputation:unknown
                    Preview:PK..........!.Q3.p............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J\X ......J..0....K......H...R*.D.g..3.H....M!`.l.....J.j;*...>.b.Fa...B....wz...<`F..K6.._s.r.F`.<X.T....7....U.._t:.\:...<&....A%&:f.9..H.hd..*1y.Lx.k)".........e..k.g.....)....&......A...3..WNN.U..e...<....'4(.....x.....nh.t.....p7..j..s...I@.w6.X..C.Tp...r+..^..F.N...".az...h.[!F.!...g...i"...C..n9.~l...3.....H..V..9.2.,)s..GZD..mo6M..a.!...q$.......O..r-.........PK..........!.........N......

                    C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):162
                    Entropy (8bit):3.750838345061619
                    Encrypted:false
                    SSDEEP:
                    MD5:4BB68BA3DEA5EB2D28C8B47B197BAD74
                    SHA1:2D48D51ECE4504528C58C137E9EDB5E7D762DB8A
                    SHA-256:C4110F544A6C73A31B42E7CE548939FF2B13DFE468D29FCFA80E04E62D5F6E03
                    SHA-512:68DD211A0748F5381BDD1BCE4F55EADDAC30732A05E4DFF98722EAB0ACA3F3054D480A89D77BE9508B7197948B4A8051465D26ADF9A3394E40A687F17F9BB585
                    Malicious:false
                    Reputation:unknown
                    Preview:.user...................................................c.a.l.i....C...<.u......$..&=.\Y..Xz.dM....C.....c......$..&=.`j..._........M................$..Y..`j..

                    C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:Microsoft Word 2007+
                    Category:dropped
                    Size (bytes):19613
                    Entropy (8bit):7.476918547258224
                    Encrypted:false
                    SSDEEP:
                    MD5:43B0B095BBD8A8D7E559CB9C4145661D
                    SHA1:3B6E3DF877F6DE3C4858F7D2AC8C93F0C3722C96
                    SHA-256:1A606030F99BEFC51820B621FCDE311A4B5F411FDBDCB1FBE04733AFD052E10B
                    SHA-512:9F37C425DB4E29C649885D8AE49774A522BADDD4D952AAAC71159FF6DA46B8FD32813870449D06DCEBC2B42FE566A6AB60A695B603942A00F182C00A4A998FE1
                    Malicious:false
                    Reputation:unknown
                    Preview:PK..........!.Q3.p............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J\X ......J..0....K......H...R*.D.g..3.H....M!`.l.....J.j;*...>.b.Fa...B....wz...<`F..K6.._s.r.F`.<X.T....7....U.._t:.\:...<&....A%&:f.9..H.hd..*1y.Lx.k)".........e..k.g.....)....&......A...3..WNN.U..e...<....'4(.....x.....nh.t.....p7..j..s...I@.w6.X..C.Tp...r+..^..F.N...".az...h.[!F.!...g...i"...C..n9.~l...3.....H..V..9.2.,)s..GZD..mo6M..a.!...q$.......O..r-.........PK..........!.........N......

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 10:23:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2673
                    Entropy (8bit):3.989203238405506
                    Encrypted:false
                    SSDEEP:
                    MD5:89362E4CB4251821F5E3A1687074F4D9
                    SHA1:9808FBB254BD7ACB74FE64DA8E83D13C44DD1C03
                    SHA-256:188FF589E72F7043251AE6F74B96D02AE6E3D2A63ED0817312FFD65790CD528A
                    SHA-512:AE839D9FB9D24F3F263687B771D5CD2E398844E8683E77B6DFE43368E8ED182E14A2F5FC87219F58BAC761A3ADDC98E30C7DC8CB399E8F02D829559922171C03
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,...._..?.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.Z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.Z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.Z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.Z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 10:23:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2675
                    Entropy (8bit):4.005640528461213
                    Encrypted:false
                    SSDEEP:
                    MD5:A4C4F8DA33FC8D72A4B9EDD65C5F5BAB
                    SHA1:35425BDC6E8A5EA46DF16B8DDB5B8DF3C23D84B3
                    SHA-256:60517828B543A8932D1C25946260FF30D712C97322FCC73499F5466A52A2E4F7
                    SHA-512:DF4007EDC5EFA2805BEA138B2A6ED3D33B660491046705C36FBC66D2D00CB72B3B76E5A634FD8C3D7464723ACBBE4A1555FBA591EE969C5ACBE4DD2B914A2616
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,....V..?.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.Z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.Z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.Z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.Z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2689
                    Entropy (8bit):4.013069276544025
                    Encrypted:false
                    SSDEEP:
                    MD5:8CDC5BEE661CF7EADFCF6C5E32D3D5D6
                    SHA1:86E1ABDD42C6D180BB99DB08E0DA4C7DC28590B1
                    SHA-256:E777C071C661B3C043DF1EAF588FB8CF783153C5FDE58244B5FC53940391D300
                    SHA-512:6460163BF71BD950AD50EC0CAED6904A354CB70BC9AC9B27E36C6057A0BD42FB5B863D925B1333CEC7B39F24E5DC326D489051A5470EC8B030844EA71A711627
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.Z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.Z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.Z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 10:23:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):4.003082128383578
                    Encrypted:false
                    SSDEEP:
                    MD5:0CBF97A55C20AF78B71F6495936A9703
                    SHA1:8353BA38F982B0854FB80F77C859B055EEC9A0DD
                    SHA-256:220D0806F855D92BC9EF11782F5502DD0B29DD173385099AD1D47F3493C22990
                    SHA-512:64AB909037EFE4F7FBECA32974ED05082B47753F699AF536A74823D56B49982C4FF5C0AFD36944FE97BA7C330F6D2B91DCFF33A02BF66258FF64E72BCAFC90F8
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....1.?.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.Z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.Z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.Z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.Z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 10:23:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.993573190094571
                    Encrypted:false
                    SSDEEP:
                    MD5:75DDAEAD8DE40A7CE636D82AF7225AFD
                    SHA1:A62C916F27DD059A3B1E1F4FA74F327D1C072681
                    SHA-256:132260F311166D7EC4466A37E49B108242FAE2795EE4E482E69A4246BF7B3A38
                    SHA-512:3C7DDF98DCDEF9BD8C55841F3EEA6E2EC39728D354B02619C23D287E57551D54B36492CC64F05B418BFCB30221716428E4FC600CDC5DEF97F4C39DACC6C644C6
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....P.?.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.Z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.Z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.Z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.Z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 10:23:16 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):4.002599638360012
                    Encrypted:false
                    SSDEEP:
                    MD5:0F82BBB8C3E8D8C8CB906E23364BFE33
                    SHA1:6CC33CCC7500F931287ED10FC75915F841E213F4
                    SHA-256:17929868906D46DAC5E01801DBD3D55991B4F45E33674646CAC61954CEFA892B
                    SHA-512:6014E7FAFFAB808032E7E19D2A2D725ACB7100E8148DF68C96A896891248765BD22E6B78F88FEEAFACDA963413D4FDACC3113A221137120D2966E8D6C50A9050
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.......>.G..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.Z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.Z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.Z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.Z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........c........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:Microsoft Outlook email folder (>=2003)
                    Category:dropped
                    Size (bytes):271360
                    Entropy (8bit):4.425998458442113
                    Encrypted:false
                    SSDEEP:
                    MD5:3F116DFF138A9829D5B12246E7937C8E
                    SHA1:EE5B1356318E5EA9EE2062391C49466290999A25
                    SHA-256:7AB5661E31D07DEF365E5150327F815B1E9BBD81CD04D84F221C079881FBD48D
                    SHA-512:E89427AC6155FB1332B54654E09ECEB15D27DFDE03EC16E055C9E3ACB879B8D704AC243CE5574A8746F33CD91546D15C9ADE2DB856B4053EF2149DFB97C5E3D0
                    Malicious:false
                    Reputation:unknown
                    Preview:!BDN..mSM......\.......................a................@...........@...@...................................@...........................................................................$.......D.......(.......................T...............p..........................................................................................................................................................................................................................................................................................g.f.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):131072
                    Entropy (8bit):6.519622727020019
                    Encrypted:false
                    SSDEEP:
                    MD5:5D1F06B4BAEE8CBFCB0A9721562EA75F
                    SHA1:16E08A8F10DB23F4D11ACC0EDE529614FE0AAD68
                    SHA-256:FC0766E9A4BB2A3C812FF236B17BCCD4D397E8202D9A7E8FD85A3021BC355B56
                    SHA-512:039273D9C2D1F2AEB84FA3A5C412C3ED5A84E650F128AA1B17F76289B2771425BA643FEF969608A1D70868E6D4F54EBCBF387E772E55384F82CEE4BB6DEF8629
                    Malicious:false
                    Reputation:unknown
                    Preview:?K.@0...............S..4.G.......D............#........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................9.D........800...............S..4.G.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                    Static File Info

                    General

                    File type:RFC 822 mail, ASCII text, with very long lines (2157), with CRLF line terminators
                    Entropy (8bit):5.831428550464158
                    TrID:
                    • E-Mail message (Var. 5) (54515/1) 100.00%
                    File name:phish_alert_sp2_2.0.0.0.eml
                    File size:120'837 bytes
                    MD5:e5608b170558f1304dc4f6ec826de20e
                    SHA1:af829e8d0c3a7b3a8e84acc79763deb54606748b
                    SHA256:a2798a1898d4f5271d057a109b595abcd63b7b575ed1394f6c4733d396c2a21b
                    SHA512:e1ee35976e01047efb32f0df838a5fc03d3e94a905730e8ab513e896e19e6942ad44261a674d0fda5a07581f2ff453425da3b288831e8e0b78903a008120e9c2
                    SSDEEP:3072:j5j9Csmfu99lgJPYsgZePFM+SRWAiMJY+sjvj:j5j9CqX0AsgUHr6JY+sDj
                    TLSH:24C3E0353618378AAA48321DE02A355E37F4278086F670C5BFD6ED4E17DE170463BA6E
                    File Content Preview:Received: from PR3P189MB1001.EURP189.PROD.OUTLOOK.COM.. (2603:10a6:102:4a::18) by AM9P189MB1700.EURP189.PROD.OUTLOOK.COM with.. HTTPS; Fri, 6 Dec 2024 08:57:45 +0000..Received: from DU2PR04CA0352.eurprd04.prod.outlook.com.. (2603:10a6:10:2b4::23) by PR3P1

                    Static Mail

                    General

                    Subject:Gms Worldwide Complete via-Sign December 2024.
                    From:Gms-Worldwide SharePortal <contact@airdynamics.org>
                    To:Nataliia Yuzefovych <n.yuzefovych@gms-worldwide.com>
                    Cc:
                    BCC:
                    Date:Fri, 06 Dec 2024 08:56:02 +0000
                    Communications:
                      Attachments:
                      • Past Dues.eml

                      Headers

                      Key Value
                      Receivedfrom [198.244.236.14] (198.244.236.14) by CY4PEPF0000EE36.mail.protection.outlook.com (10.167.242.42) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8230.7 via Frontend Transport; Fri, 6 Dec 2024 08:56:03 +0000
                      Arc-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SNZ+d1FMlBvjC/VGXIXlPN0gjEPfXu6qly3eIA3oS205juv53twJ0KrnOR3GWamSf6Ireh4I/GWy7XPdsQ+bOL0oihc51kCsCik+1PTm1wqQwVz064rkgcV1sQgOUBpleKSl0VS7Rz6yCDKKg5R0UAiRvuUikbaFOv6Jt8Mw1fx6Hb2ily9mfctQHo2uHAiasD5k0ZCnCOFJBKOag9pTyLdxHDbu5H4K3aPw2G0xKIlN7q4cJiBopY1VqUMx4TKaRcFN6L6hkNF+MhtYSWQYE+hCz6/QooNF8zKL8RwebLMwm0pSCVezhSJXlhqF7xtN4FC3xTT/OXfs807zTlscUw==
                      Arc-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+8MjwRcmzbuQhJ0Juibu4wOuMcvGvQi2OsBoHy2iyEA=; b=VVfva2M/lHQUsTUoxpDFaxBu/28DZUBTpkGvdH0R5ONbGGTUZC+VEfdaBnWc+DLFfR/C0C8rx7rFfVTgl8gvEcvInmWYoumZfyLt38//na/tWnYGrAqPPrxshG2CpYFtE3ZaR4IVHwpEjJbVHCGYZta9Gts545yYkchMIQwgwH24LUO0FuNrx9p0/3fDBkvf+iDuuuFx1hX3Rp4iI45EzMxbJURUOOZS+tSZOPAUdSVoi/G5EJsX7o1VVSYel/8QVBrUNabYcj0x8O2neCr0Byhv/Ta+bH14NleRaF6+rlRoZqBj1LAlL+12aH5/Cn5safFKA5hrhDGY8KKPxumu6g==
                      Arc-Authentication-Resultsi=1; mx.microsoft.com 1; spf=fail (sender ip is 198.244.236.14) smtp.rcpttodomain=gms-worldwide.com smtp.mailfrom=airdynamics.org; dmarc=none action=none header.from=airdynamics.org; dkim=none (message not signed); arc=none (0)
                      Authentication-Resultsspf=pass (sender IP is 2a01:111:f403:2414::72f) smtp.mailfrom=airdynamics.org; dkim=pass (signature was verified) header.d=NETORG3171277.onmicrosoft.com;dmarc=bestguesspass action=none header.from=airdynamics.org;compauth=pass reason=109
                      Received-SpfFail (protection.outlook.com: domain of airdynamics.org does not designate 198.244.236.14 as permitted sender) receiver=protection.outlook.com; client-ip=198.244.236.14; helo=[198.244.236.14];
                      Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORG3171277.onmicrosoft.com; s=selector2-NETORG3171277-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+8MjwRcmzbuQhJ0Juibu4wOuMcvGvQi2OsBoHy2iyEA=; b=f4mSL6lkYTSE4bdVc2ndGrERz44yCrcwkcGePbe6WMwVXJGym1QLH/+jsb4NnlZJeZkCDkH6093577T7KPd5sCkvtbiSXDCDvfCsbRkHrGYoeXwLA81be1ByjEp9lwJnEs0QRD3xCCwYB9D673XB5SpCCe6pFve2+DX+ofqC6HM=
                      X-Ms-Exchange-Authentication-Resultsspf=fail (sender IP is 198.244.236.14) smtp.mailfrom=airdynamics.org; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=airdynamics.org;
                      Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17334775388140.09670360857542182"
                      MIME-Version1.0
                      FromGms-Worldwide SharePortal <contact@airdynamics.org>
                      ToNataliia Yuzefovych <n.yuzefovych@gms-worldwide.com>
                      SubjectGms Worldwide Complete via-Sign December 2024.
                      DateFri, 06 Dec 2024 08:56:02 +0000
                      Message-Id<173347536229.4560.16212871747113071565@airdynamics.org>
                      X-Accept-Languageen-us, en
                      Return-Pathcontact@airdynamics.org
                      X-Eopattributedmessage1
                      X-Ms-Traffictypediagnostic CY4PEPF0000EE36:EE_|BN0PR13MB5197:EE_|DU2PEPF00028CFD:EE_|PR3P189MB1001:EE_|AM9P189MB1700:EE_
                      X-Ms-Office365-Filtering-Correlation-Id 3800dc67-4e9d-4a25-3f8a-08dd15d3d38e
                      X-Ms-Exchange-Senderadcheck1
                      X-Ms-Exchange-Antispam-Relay0
                      X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|36860700013|376014|82310400026|61400799027|14122799013|32012699012;
                      X-Microsoft-Antispam-Message-Info-Original W4EknQMajQvj5mTYBpcIbLZBwzbjx8x85ApSYYADpu+CdPfu1Gc7GxGV+jrrEzGDEtn7Sq8DHE8nr/e6Lywexg55esnJAZOPvAFRo1Bw/O4tHXa8qn2yrPU6/QdhVIKDfg8O115E9HEznfaexUqM8nqOTToiM76A/EfsAfvf2to7qyrxt+e9PPG7a6nO1dcCpLIa4/IlUhv+HmKxE4wxZNGd/ZMBb2vT0Zg+RLsht74ndmPjyOjsRQcUbzpgtXNioOoN2YGN0QfMlWs0sgrJQY2T6UuFm/+sxcKMqB65aN+c9Sz1HP1A+i233agKQOL+2T6HBdr2+qDKy8ZBIEUqzf1nv4jJnufzmqHuRcGNTP1A/a2B4M8+R7XuXeoUrx84+HPJvnGjhimnhTjsuNb+IAe3Fb+b20PjqA1X7+ZBE99w4MoNr85xu8dOD6AsUxsS5Z07nSYLGJa3qBqZ2B50Md46Rcz3qIN9vRcghIM9zC1SsF56xafRL+TrkjZKh7zbyDqzPFvp3bdPLx4Ej6XphYewlrAKVNSQ645iHeToCNJczvfvKikmEOZOVUC/2ciSKiHBchhU0XdWdRffk3HA6Tybj0sf65zKoIru64Jx6rIZHrALKKHgktuQnGsTmg4jtQGbSzAM42M42cdSOiGYyllUzjo3umZ0TVGT1DknwKY+m0eX676oQY9mhL5X8tCe5GBmKBD3kO6sqEWcKelGbKHiiPD1FZNJq2hcZs+llCr8Fzd5U+cv2zBcdLlUQYmgfi7cQeQUNueTGviDtHtn07gldO69SIyCdA14PiolMTFRnNm/ckcDPXzc5M0mFMVISSUeZ0PtaMLtklzaSACTb/DzY2Gfiggvk79qjlCaf1nhQ5N6gkPSQxKcG0cuCmLBI85B/lEkhbaNw3tBRY2NycZkaPSX4Y0J0Z+iMWkr+sFsd1JB/4QXEaaQUtde/kESX6wBQM7+MU3NQiKTYh72pVwl7OUlfGcu6PK+zxy3UFEH1Me+nzV9ea+wsbIaudPVSLlt70YB288pts5NG7ll8zoDYTTWt0nFOmg2uKSNUVdSw/SBXimaDuW/uTtj/rfN2Rym3rLXsm9UIFtNdBMdVhRSkEPwEArHhaHVtEO2PgdifmfkysZsuXHZsqGUnwnLVmO9OuT4cfcM9ydpDjQRYKP3FVXPoq5e/zewkoDTcBI=
                      X-Forefront-Antispam-Report-Untrusted CIP:198.244.236.14;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[198.244.236.14];PTR:ip14.ip-198-244-236.eu;CAT:NONE;SFS:(13230040)(36860700013)(376014)(82310400026)(61400799027)(14122799013)(32012699012);DIR:OUT;SFP:1102;
                      X-Ms-Exchange-Transport-CrosstenantheadersstampedPR3P189MB1001
                      X-Ms-Exchange-Organization-Expirationstarttime06 Dec 2024 08:56:08.8076 (UTC)
                      X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                      X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                      X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                      X-Ms-Exchange-Organization-Network-Message-Id 3800dc67-4e9d-4a25-3f8a-08dd15d3d38e
                      X-Eoptenantattributedmessageb257b72a-b83c-4005-915b-ce5ce92eaad2:0
                      X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                      X-Ms-Exchange-Transport-Crosstenantheadersstripped DU2PEPF00028CFD.eurprd03.prod.outlook.com
                      X-Ms-Exchange-Transport-Crosstenantheaderspromoted DU2PEPF00028CFD.eurprd03.prod.outlook.com
                      X-Ms-PublictraffictypeEmail
                      X-Ms-Exchange-Organization-Authsource DU2PEPF00028CFD.eurprd03.prod.outlook.com
                      X-Ms-Exchange-Organization-AuthasAnonymous
                      X-Ms-Office365-Filtering-Correlation-Id-Prvs df430ab3-fc97-4d96-37fa-08dd15d3d0ec
                      X-Ms-Exchange-AtpmessagepropertiesSA|SL
                      X-Ms-Exchange-Organization-Scl1
                      X-Microsoft-Antispam BCL:0;ARA:13230040|35042699022|12062699021|14122799013|32012699012|43540500003;
                      X-Forefront-Antispam-Report CIP:2a01:111:f403:2414::72f;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM11-BN8-obe.outbound.protection.outlook.com;PTR:mail-bn8nam11on2072f.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(35042699022)(12062699021)(14122799013)(32012699012)(43540500003);DIR:INB;
                      X-Ms-Exchange-Crosstenant-Originalarrivaltime06 Dec 2024 08:56:08.6201 (UTC)
                      X-Ms-Exchange-Crosstenant-Network-Message-Id 3800dc67-4e9d-4a25-3f8a-08dd15d3d38e
                      X-Ms-Exchange-Crosstenant-Idb257b72a-b83c-4005-915b-ce5ce92eaad2
                      X-Ms-Exchange-Crosstenant-Originalattributedtenantconnectingip TenantId=4f18dc2f-50c6-4a71-a152-b9378e9a8cf0;Ip=[198.244.236.14];Helo=[[198.244.236.14]]
                      X-Ms-Exchange-Crosstenant-Authsource DU2PEPF00028CFD.eurprd03.prod.outlook.com
                      X-Ms-Exchange-Crosstenant-AuthasAnonymous
                      X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                      X-Ms-Exchange-Transport-Endtoendlatency00:01:36.4602040
                      X-Ms-Exchange-Processed-By-Bccfoldering15.20.8230.010
                      X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                      X-Microsoft-Antispam-Message-Info lZ2H6BWbbC2m/Mymr87V3SKQImyyalMg0UDasbhDCgupbv0x+aAPhYgH9w3yTGFEspXmTVVl54eoByvHfKxySiTZsSEn/xkDfV2k5SRVjS5/U1z60JGyE3TF3BzLPJzHOzpwKsHcfvj//2OZx2QHa2vquvUEWWg+6T7ViZkUlqFopTSaqhu1O2g75UiIvGFGKBqFNrM1oAf+6jWsPLcDiiQIYkdfHwzHg1Ns4XT+xxNREQiz2RS7PDP8KhIw1/CdTPgzRaI8hmwTyOSXPQkvRn2G+5LkqCBupa/QWE0PvJTDP4FBmHfeDPGIGamxgIP9I1+fiPCj6DdMH8sU3Uav/PV3liDUMhwlyoHk55eJBkxJ2UswsjU1m3jsnlRR4AzQ0NXIZalWS5fdXojTh/7wTK6U94xjt/Gfc1D1QYIcGKtotJJqz6EWDqxDSMfQD3VMiiWrD7ZPFc2R1QaM7rjmAlGZGXVjch/fPh+bMpcq8B0EpJXdLuJc8AbBrdemaVQsnUqjG9SWlDtnvGGt0THB7RBhlhjaWh8qrHzywpBFz4BFih3gHqktoqT5Fn6XFSjgGvSJTkrglwQoPiB0Xr33FaD2+DuWSqxDsDmbXLfXI/3Wdfl4AJulBvb4j/tMeORl0G7vr2x6L23IEk2CjH7x/s32aD+wREEr4BEPHOB8LomkkJionQn4KI0n59ezUdJCjBrDag/bq646UjDlLKzQtekqwUulsqTVmSxJIniVEnO7ofA1aBfboqdYudzMMyS4bUlhW01TC+Zo7a/5CyJhFrnAzPtp/4ARYUqzhwDAwTgxJKggasv01O8SCTb3vOaSMxtpH7Z/ChU07caX6Fo+4NRKgKzD+JSRAQO188Es0PGC1hl8r4qb50tgJO5NALwr366cFANVMKBULYQUcEBfO1CSCvewOLI5JcWS6JPD2rjz3rVzzqZ29QkiKjp1bawQyCg/tSc+uwDMNvRgV9fVfKimr8zyQZBnUgthv0m1SP1IdG5vexfoVxC5/po7rTraw+1mxQSyhKg2BGSQ3tq915oiRQMb8vjH71/So+STpjGzWWMiamwWBtdSAghzJLTUIEovjl9jm9MuiIIGGHumFBTlUb7pwKc88R8YA/QAi7WWfeCk0Vowytum+zxWR5dzsK8mmeMHeZUBSup4oRwDjsO7TFYcbaHKVClIdBnLgtmrtu8+j7h1uLpGydpvAw+7r8XRn95Dy2/4Foutf6zTrekM6pm7bvXFg16k6qIpmSzr3uphPyWJeyP4Hlz8+OUiaH0hZIdj1lbsqrep9o4r0+b+BSLQjYbmDOKCEOjCKZeRd5FFHzsbq/OdiN5hDnesn4Lfco1u47GHWNHUSJm/VKdOQTiHWY+K61bSTdSZ2HH0iQDHvbfnt9lELPrPNwfWaxH7HXnsflXM0LZ+wssa555uOBNcds3fTV8DJWlEafN2lB5m55bGMfP2nymk74JVL13KvhqW9u9wafeY3NCrUvjTwVbOBV9m4/zOxrd/T8hTEJoccbMpJaZZ1qq5NNFlSpU++jq2dnsZBqgENVGGLYsF9nBcWtet5eQ1YHemHi9UEWaZ1bAwYpfVOawQ6t3nAUPZGDHYQ+6t41fa5IfLKANYE4LmXNEmiEAG2n+qA5lQg2otLO43jZG6iv7fkoMwAWsqaLzcRWTFnE+iw9IEfs1lbq8mnNW/k/tGvIr+Mk1Mal1IBBDUM7dKyimmzhS0ZqTzWchZ183lictCvP62/nvEgLvIv9ij7IMePbzom2r1u/7tOXri0sAiUIz17u3TQUS58DdeSGQQIfpKYOAV56YS8Msdmsj34pp0CoDUv6+krlU8xkz6SY3bQ8KtwJu4p5VawTZnGwdPptWSgn1mDjLn+J0OfBGAANgIxbsNrnXVG9y5IHqgAr3v1DUEDMbmbOEP5UgBqV1sTVov6+Ek1BosMMCpeuqW5l2O4iIOM07cTtxSuVdiMH2nQVm5vzX7ExlNn2YZR/SHABoecEQTVxuo1plnTLZUJvCkQAfkuBJZ1OKb3nCWh2EaOOr8j97wtDpbBeehx8FP5scxj8ns7i58WACLoUIq/xx+ytJUQ0ShAPfwgQWAfrF2lpAp9kYYxpxy2SGg/jKTdGY9h3J7SzCauP0+lG++QQyITLfS+rA=
                      Content-Transfer-Encoding7bit

                      File Icon

                      Icon Hash:46070c0a8e0c67d6