Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.eml

Overview

General Information

Sample name:Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.eml
Analysis ID:1570439
MD5:966cbbc356af609769b24060a87226f0
SHA1:786ca30761477ef989709771e87be895d0b9b328
SHA256:b5dfb79bdf9100bced6b00c3b0161777b38d9b5205e8e577b86a12798e9412f6
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 3520 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6608 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "76E0BB99-4E9D-4B8C-B000-23547E0EB8B1" "D34E583B-D1E8-44A8-B8E9-DFD686DE3C86" "3520" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 7052 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\47E6OQ0X\Angie Signature Required.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6344 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6784 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1568,i,8033446372270054696,1764106255250098328,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 3820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://llysfaenvillagehall.com/m/?c3Y9bzM2NV8xX3NwJnJhbmQ9UVc1aE1FOD0mdWlkPVVTRVIwNDExMjAyNFUwMzExMDQxMw=#angie@colhca.net MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 7376 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=2288,i,14906487210756300901,11267200120880588743,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3520, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\47E6OQ0X\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3520, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: Page contains button: 'SCAN BARCODE TO REVIEW DOCUMENT' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains QR code
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: Suspicious sender domain 'gmobb.jp' attempting to impersonate HR communications. Deceptive subject line and filename suggesting urgent employee handbook requiring authentication. Contains suspicious PDF attachment with 'Signature Required' which is a common phishing tactic
Source: EmailClassification: Credential Stealer
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.30.17.174:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.30.17.174:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.147.2:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.158.169:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.2
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.17.174
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.204
Source: global trafficDNS traffic detected: DNS query: llysfaenvillagehall.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.30.17.174:443 -> 192.168.2.17:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.30.17.174:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.147.2:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.158.169:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: classification engineClassification label: mal48.winEML@35/71@5/165
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241206T1952480493-3520.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "76E0BB99-4E9D-4B8C-B000-23547E0EB8B1" "D34E583B-D1E8-44A8-B8E9-DFD686DE3C86" "3520" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "76E0BB99-4E9D-4B8C-B000-23547E0EB8B1" "D34E583B-D1E8-44A8-B8E9-DFD686DE3C86" "3520" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\47E6OQ0X\Angie Signature Required.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1568,i,8033446372270054696,1764106255250098328,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://llysfaenvillagehall.com/m/?c3Y9bzM2NV8xX3NwJnJhbmQ9UVc1aE1FOD0mdWlkPVVTRVIwNDExMjAyNFUwMzExMDQxMw=#angie@colhca.net
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=2288,i,14906487210756300901,11267200120880588743,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 635558F07596D8CC37B18213D57EEAAB
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\47E6OQ0X\Angie Signature Required.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1604 --field-trial-handle=1568,i,8033446372270054696,1764106255250098328,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=2288,i,14906487210756300901,11267200120880588743,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
llysfaenvillagehall.com
192.185.35.240
truefalse
    		unknown
    www.google.com
    		142.250.181.68
    		truefalse
      		high
      default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
      		217.20.58.100
      		truefalse
        		high
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://llysfaenvillagehall.com/m/?c3Y9bzM2NV8xX3NwJnJhbmQ9UVc1aE1FOD0mdWlkPVVTRVIwNDExMjAyNFUwMzExMDQxMw=#angie@colhca.netfalse
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            52.113.194.132
            		unknownUnited States
            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            184.30.16.138
            		unknownUnited States
            		16625AKAMAI-ASUSfalse
            1.1.1.1
            		unknownAustralia
            		13335CLOUDFLARENETUSfalse
            172.217.17.35
            		unknownUnited States
            		15169GOOGLEUSfalse
            172.217.17.46
            		unknownUnited States
            		15169GOOGLEUSfalse
            23.32.238.18
            		unknownUnited States
            		2828XO-AS15USfalse
            20.189.173.1
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            23.56.162.204
            		unknownUnited States
            		16625AKAMAI-ASUSfalse
            192.185.35.240
            		llysfaenvillagehall.comUnited States
            		46606UNIFIEDLAYER-AS-1USfalse
            162.159.61.3
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            52.109.89.19
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            172.217.21.35
            		unknownUnited States
            		15169GOOGLEUSfalse
            142.250.181.68
            		www.google.comUnited States
            		15169GOOGLEUSfalse
            64.233.162.84
            		unknownUnited States
            		15169GOOGLEUSfalse
            23.195.39.65
            		unknownUnited States
            		20940AKAMAI-ASN1EUfalse
            52.109.76.144
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            18.213.11.84
            		unknownUnited States
            		14618AMAZON-AESUSfalse

            Private

            IP
            192.168.2.17
            192.168.2.18

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1570439
            Start date and time:2024-12-07 01:52:17 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:25
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            Analysis Mode:stream
            Analysis stop reason:Timeout
            Sample name:Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.eml
            Detection:MAL
            Classification:mal48.winEML@35/71@5/165
            Cookbook Comments:
            • Found application associated with file extension: .eml

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe
            • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.89.19, 192.229.221.95, 20.189.173.1, 52.109.76.144, 172.217.21.35, 172.217.17.46, 64.233.162.84, 184.30.16.138
            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, onedscolprdwus00.westus.cloudapp.azure.com, neu-azsc-000.odc.officeapps.live.com, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, weu-azsc-000.roaming.officeapps.live.com, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com, ecs.office.com, accounts.google.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, clients.l.google.com, geo2.adobe.com, mobile.events.data.trafficmanager.net, prod.odcsm1.live.com.akadns.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.
            • Report size getting too big, too many NtSetValueKey calls found.
            • VT rate limit hit for: llysfaenvillagehall.com

            Created / dropped Files

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.171024406802694
            Encrypted:false
            SSDEEP:
            MD5:1BF2012C7CCC701AE335374257C25ECF
            SHA1:04397C170A640F3FC88684576783BE25A7F6B544
            SHA-256:EBA07FAAF670099DA886C8B3EBF12D4ABCF356B50CD20EC43F42804D4D7C1D73
            SHA-512:8BB7BD54471979F6602A78A8EA1F66D10BBCAB446783FB765F742607024EC761FF454C4E006254DD3238395031CD57BAA6D4F15DBD6A2799CBC16853448B273B
            Malicious:false
            Reputation:unknown
            Preview:2024/12/06-19:53:01.921 16a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/06-19:53:01.924 16a0 Recovering log #3.2024/12/06-19:53:01.925 16a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):335
            Entropy (8bit):5.19238140528762
            Encrypted:false
            SSDEEP:
            MD5:16E5029F5A087F87313AE5F374D12A4E
            SHA1:4B97A298C7593AB45968A0B66E9951ED86941216
            SHA-256:EB29807AB650EE84F9BDF53AAC7CA95D3AC93E4589AA039C81638BBBAC7E8205
            SHA-512:97EC4DD6AB229B10583D61E8D86ED54C55605ACCB7218C389C0B8A1851883B5301349E4CC44912F9F97AC213FC4B154DA4EBA4CB4D9C8FDA7A959B6D6F5771E0
            Malicious:false
            Reputation:unknown
            Preview:2024/12/06-19:53:01.761 224 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/06-19:53:01.765 224 Recovering log #3.2024/12/06-19:53:01.766 224 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
            SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
            SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
            SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
            Malicious:false
            Reputation:unknown
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF67a246.TMP (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
            SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
            SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
            SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
            Malicious:false
            Reputation:unknown
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c6e7d8c9-0700-4ae3-a57f-5a594875602d.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:modified
            Size (bytes):384
            Entropy (8bit):4.932552339462053
            Encrypted:false
            SSDEEP:
            MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
            SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
            SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
            SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
            Malicious:false
            Reputation:unknown
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\eb2b2d5e-df48-4726-acea-36aa2eadf5fd.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):476
            Entropy (8bit):4.9792384271182275
            Encrypted:false
            SSDEEP:
            MD5:A90C2D265F1F9F55A94450F8CC985271
            SHA1:A02A115A1E96EF0FE015FC88AEA7126D2A8982AF
            SHA-256:76906DDA426449535FBE40905C258E0A0E65C5CFEC975C1D5DC681B4DB7A8BDA
            SHA-512:B385F53A0ADADAB32AE24DA79E832DEFFCAD12E3B73EE7491340F2AA58CB002F8A0384FD32CD9053203EC17AD7B30E7BC13E1C7DEDA2085B155F95A5395BA293
            Malicious:false
            Reputation:unknown
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378092793434305","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":629596},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):6495
            Entropy (8bit):5.2475333602783225
            Encrypted:false
            SSDEEP:
            MD5:003D7774494538DBCD5EDCE80E810F66
            SHA1:2B01D68BFA1A17C9C480E2C8790AE8F1E4DBE857
            SHA-256:899173A1395D2ABCE714247C16FA2F6CA2E796A759E841A9A76F432332DCB334
            SHA-512:2DF7A1F3397BB0CEAF802B8126242E059C7735F6A2A01C743C832F4EBB1B72AD6C3A44157BC293557ADA1876D0E8329BCB2BBDC16B55E3A61AECBD61F9B4D6BB
            Malicious:false
            Reputation:unknown
            Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):323
            Entropy (8bit):5.177331908355165
            Encrypted:false
            SSDEEP:
            MD5:0087A009C553D24BFBE782CEA76C3DA2
            SHA1:FE81BFB9BA5A41F7565DC91120F7D64F87AA2061
            SHA-256:F2A49BF26ECB186FE346D7FF2868A11A0AAA5038AC78179CBBC4D191D89330B4
            SHA-512:4928B9A050DF648C15D60A30DC17267E015EF83E1E459F1E3BA8B0C7D72556EA3A02F322648A764486E9B1DBB433E7FAAFA3B5DE4F1D2CCCAA9F58CC3D9526E8
            Malicious:false
            Reputation:unknown
            Preview:2024/12/06-19:53:01.954 224 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/06-19:53:01.956 224 Recovering log #3.2024/12/06-19:53:01.962 224 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:modified
            Size (bytes):54
            Entropy (8bit):4.330927261615672
            Encrypted:false
            SSDEEP:
            MD5:7ABA6645A569BD105937F896E4B82C14
            SHA1:BD2A376EDEDCE31AE62E22138883BFEA4E619814
            SHA-256:A040400533446C9493F66E445B4162EA8C613E9FD8B49C0FC4D955ECE925E994
            SHA-512:25DC2FEFA9221CB4C8366D9BC118B4BDC30C1704F1AB3ACB9B9FA9DEDCBDD3A702EEF0A3655C7E79ED1DD6615A9CDCCAC3C4E370A571BE12034A9A50C68E92B1
            Malicious:false
            Reputation:unknown
            Preview:.f../................22_11|360x240|60........9.A...9yB

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):285
            Entropy (8bit):5.176884631753771
            Encrypted:false
            SSDEEP:
            MD5:A88CA1625AD2359859FC160C3BDF1F4E
            SHA1:DF6982A7FFD581E537861DE60505796647AFF842
            SHA-256:84E0E5C4AC29109E4415981B2E80C5937D667985E37A3A6AD177BE92CAA3E995
            SHA-512:11A4AF68EE001C24460EDA4F0CCBA2EA7BB2FB7C9143C957E2A78D5110F2A8047AFF447400461792F0EFF5A12A839F3C4BDEE48CDE9F6D7773EA67144BFD7B4F
            Malicious:false
            Reputation:unknown
            Preview:2024/12/06-19:54:31.620 1c10 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db since it was missing..2024/12/06-19:54:31.632 1c10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db/MANIFEST-000001.

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):126
            Entropy (8bit):3.6123534208443075
            Encrypted:false
            SSDEEP:
            MD5:A05963DD9E2C7C3F13C18A9245AD5934
            SHA1:15A87493591860C6C22499DF3A705ACB3CB466BD
            SHA-256:F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
            SHA-512:E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2
            Malicious:false
            Reputation:unknown
            Preview:.h.6.................__global... .t...................__global... ..7..................22_......u...................22_.....

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):303
            Entropy (8bit):5.1599942647795265
            Encrypted:false
            SSDEEP:
            MD5:BD96B6AA7CF175E746D0C99CEADF43DB
            SHA1:B42F722D36233C181573C553082B3DC56F68941E
            SHA-256:085FDBAB01CE329E59C620B0133CD7AE977A30A827737ABBCC5EC1F253CFCE70
            SHA-512:07BD5A4960F597F0B8AB661FB07C8372893ED4664A05611D5528F98B28A660A52FE2639DB172048279A6B70A52CD9AB6AD0C39C0F8ED7CE7A5FE098AE8E3579D
            Malicious:false
            Reputation:unknown
            Preview:2024/12/06-19:54:31.603 1c10 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata since it was missing..2024/12/06-19:54:31.617 1c10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata/MANIFEST-000001.

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241207005305Z-168.bmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
            Category:dropped
            Size (bytes):65110
            Entropy (8bit):1.987172355194065
            Encrypted:false
            SSDEEP:
            MD5:888C78050F1DC84066C0045035885EFF
            SHA1:9B121A2E70CD39710F0DD5FAD6F1648060E364F7
            SHA-256:3F8FFA3B21336C61E05723D40D0563DDA021495F9D71AC70A42A49E4AD8FE16B
            SHA-512:25F741474EBD88E3E11C28D0E273D5021528B886A1E03AD67541AB0DB6D660A2789BB171C2D03F1E7509533D2AAB9ACF195A2E5B7F5B8DDD7A727A161104B2C5
            Malicious:false
            Reputation:unknown
            Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
            Category:dropped
            Size (bytes):86016
            Entropy (8bit):4.44496130039023
            Encrypted:false
            SSDEEP:
            MD5:E95BE54E1931DE375DFD7522DDA10AB9
            SHA1:51A102E29558A8D2F97CB00D654FFF8DE8706CAE
            SHA-256:6A3E86CB1A4D2E62914680AE081C41748FA8F628F22ABBD8AC1F015B97C57746
            SHA-512:39AD146F672B634FD4C06BFE602450A18D2E991FA12D5E05B16307A9808B75AF05B5D8A391E485A9984CAFFD41867AF7D2C5F474137DC29904A833DCF21FBB56
            Malicious:false
            Reputation:unknown
            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):3.7651373063286346
            Encrypted:false
            SSDEEP:
            MD5:BCE928FBCF847C8AC528290D14B6FCA1
            SHA1:BE02CB811D01D1FC3C0A5F58CF108CF17BB4CA16
            SHA-256:D82731E804E19844A079879ECDDB2CB0815A977343624216A77CA3C79A04959A
            SHA-512:721288CB237073C914E85C178D983A4F6951EFD5C105923931111562DB27FBCAAA2E6C8B2DE3E704E3DE807FA1F1FE3D75519B8155E3091542E62D2AE313E5F3
            Malicious:false
            Reputation:unknown
            Preview:.... .c.....3/g................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Certificate, Version=3
            Category:dropped
            Size (bytes):1391
            Entropy (8bit):7.705940075877404
            Encrypted:false
            SSDEEP:
            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
            Malicious:false
            Reputation:unknown
            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
            Category:dropped
            Size (bytes):71954
            Entropy (8bit):7.996617769952133
            Encrypted:true
            SSDEEP:
            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
            Malicious:false
            Reputation:unknown
            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):192
            Entropy (8bit):2.7425532007658724
            Encrypted:false
            SSDEEP:
            MD5:24AD168BA08CB8396B2EA69C59901E12
            SHA1:74EE1DA3E5C67B32607569D224FE9087D7649E12
            SHA-256:64D0BF45BDBD2087002BAC1666C51FA2D7D1285631C576207E0B689E0C3E37BA
            SHA-512:62367589C873A35516F6F3036B4F5C06597849E7BF38B7B5AD8400B14A34E83DC969F361A6EF15E8565C21221545625BA6867781015BAC495E384A939F65A272
            Malicious:false
            Reputation:unknown
            Preview:p...... ...........cBH..(....................................................... ..........W....i...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):328
            Entropy (8bit):3.1318914769396753
            Encrypted:false
            SSDEEP:
            MD5:CC115F185E73EBD60C60473CEAEB11D8
            SHA1:4655D58F4AE1FC28D265A5FADAD985269DF3F839
            SHA-256:36BA02A50EBC6F0578A3ABCE38A99ACDFECC9BE2CB8014225035B06FB885671A
            SHA-512:13AEAEDF109FBADDC348373D3C0C35D98D59ABF496392B260C94A273EC2BC62522F3204C04160AAA60E6E8162D7430DD152E21853C17DA3F9A9DB68FD5D848CA
            Malicious:false
            Reputation:unknown
            Preview:p...... ........]..vBH..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.331792042403258
            Encrypted:false
            SSDEEP:
            MD5:96EF11F894F488CD371D311BD439D33F
            SHA1:28ACB4785FC0E0E71376AD5E3A2478DAAD1C9AF7
            SHA-256:FF8EC7E1D33013D150603F878EB4E144778D941AE58E23D7B8DA5604E46AB735
            SHA-512:1C820B22A8175505756F905B630C1F6DCEB2C962FCFCCB0FFDE21280862CC5F72EC1905D33EDB6CB23C1F4B895EDAD0184FA9DB7ACA2FCB9B9DAFD2C86177259
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.280122427818912
            Encrypted:false
            SSDEEP:
            MD5:7073C5EA8716541EA22DAA9CA2AFAEF6
            SHA1:32B2D339EB6CFF72721A94A29FCF49F735BDF10B
            SHA-256:D5A8A4144B4EECFA07E29E8798BDF10518917709E24962AFEB49CF73F14F88BD
            SHA-512:92C11013D093947AD6B6C117C5F9E4C4797CCFDB03D37B4165E703AE02D472AB9DF9DC3BDF5A201B1D47FB32973797E99DF41DCECCABF39F443498B42DE82B76
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.257883498190738
            Encrypted:false
            SSDEEP:
            MD5:1B9C1CBBE908643593BC624F63F6402F
            SHA1:A065C6B96F45E69985781CBDA3B026257CA17508
            SHA-256:49296B7F81DB4C51928517FACF878F36CA45D78A281E8E3D3092B3A84A47D46E
            SHA-512:BAAFDB3B67E4C630316E39D9972F258F002613BA4E2C28EC307C4C80CCB0B682ADFD3BDB467466C0D147986DB5417A2A04A34326916D14ABB5E67B1F3D8E8766
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):285
            Entropy (8bit):5.316780759713641
            Encrypted:false
            SSDEEP:
            MD5:0A9151CB3FDA8763A5CED6EBA0B43611
            SHA1:44374FB3E7A307DCF414DDB03302B6A8195C3C8B
            SHA-256:48C694685BD875D19C312FF4748093D884821B0A704A5C967FCD2DAA851EBAFF
            SHA-512:44B54F207E9C9BD5CC11BB09F1065588719BC16E74677B459AAB4281D353FF0E8110BD33D479C6BC0BBFBFFBE4070F1D0B271CE469B674EAEC95E6D3DC1D5E5D
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1123
            Entropy (8bit):5.689067108232465
            Encrypted:false
            SSDEEP:
            MD5:19D68533A4A9A709AC386C65E5A4BE52
            SHA1:201C2C909AA628E5D80DB8695F2C8A2420F8C1AB
            SHA-256:F745DCBADBC1FCCFF57BFFBE3D29B33972F298A6D62A54277EA6370304ADEA57
            SHA-512:462FF43D2CC808EF72AC4DC8C99AD2E1AB7D6BCBB5A4548981D36918792A94B4FAD2E29BF620DD1AAC625C27203B9DA6CAD312492625BE3D2B7564EB9F080B0B
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1122
            Entropy (8bit):5.68250381377687
            Encrypted:false
            SSDEEP:
            MD5:0AE65E1E415376765E6CB714CED7EE0D
            SHA1:355600460D93E1BCD518DFF7B05A9A1110AD5CE1
            SHA-256:970E754A5422F03D6DC1C1E24B375ADBA96A5C70BE80AE655666A1CF815E2F23
            SHA-512:236297C14A66E552671AA74ABEFB70A7F94352D88B560B845591EF17C04D4C05EEF19DF6BE573E1F5064BDD64102A1B943BBC33A7056EE247C30B681E8825C33
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.266650050140274
            Encrypted:false
            SSDEEP:
            MD5:D6C773CC961CB54095C0791404ACF8A6
            SHA1:4CE8EDD9944B1557A486DCD0DC5CE12791BAA973
            SHA-256:34AB622DBA21E8D191E3340E068AC4882007780C5A6F3FC8DA0DC40F3450F995
            SHA-512:C08C4287B77285D406A5061D338E7B1F395D79093BB19F3B388FB24B1FE0C9FB35E9886F6E9A948D6C70D0FB6A97574E4CD3D4DFE779B81DDF82D6AF4FCC40B6
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1102
            Entropy (8bit):5.668746421650609
            Encrypted:false
            SSDEEP:
            MD5:3363264E6310ECE02FB5C3CCBE27C908
            SHA1:A6E1D72D34B802FAA713094FD02294E5FC6E68C2
            SHA-256:D76DA2643EBE37941497206A92826D6DE485D23964D11B22114B1F1E104E69C5
            SHA-512:FC6DE01247B956A357C368C38D5B844624288238BCDFB0BDEB68894F6409A71615FF174FE946BA22BF8CBC7B366965191EA071DCF0A36F42B1BE7E99DB50A98D
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1164
            Entropy (8bit):5.696451483590583
            Encrypted:false
            SSDEEP:
            MD5:C5334D8DC828CD6CECB1052CAAF3EDE1
            SHA1:F986751BA77FCF99C46CCC7FFF68FFD7F2045A32
            SHA-256:13E6CCBDF73FAEB444E75E683C710C985CAA5ABDDFCA0D786E01EFC21F6724A4
            SHA-512:5E76634A75FF10829E22DEEFF76A611449A8A25BCAFC9C6D6D6BB3F8C55492AB9DDCFD796D33EDEC42F8D2FA241377F7558A53DB4DFB106547C631DF6124AC13
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.2737528581240065
            Encrypted:false
            SSDEEP:
            MD5:84699E30F9D3091F467B8CCCD38C6315
            SHA1:89E79F8B4703AF8FAC1CE74EFA60FBDF5D82D316
            SHA-256:2C55DA5B7F78E14AA86E4E67BFC733AD9C4E2BF0E4F258A4AA3CEBC45F1DF6C9
            SHA-512:418953EDDB1352A8B349D0A0B6E19C142DD13BFE7E3CCFCEFFD1DC33D82F31277CBDE07ED4FD2F5DA9A7D8232F0C7F5F082EF12FCD364C080EF9B464C8274988
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):284
            Entropy (8bit):5.259640124306283
            Encrypted:false
            SSDEEP:
            MD5:5D58FAE920250C8B846BE6E6DF78EE0D
            SHA1:4F2B9CA6666F972AAA67C6515CA960AB93A7BB43
            SHA-256:C4A3AE9C067136EFD41F8A3FFE9D4B81D0A3FF9FC7BA59DA50C174B37BE641EC
            SHA-512:C75191DF3E6740B0F4EA5651074963A061B9515AE0B16D481B7DF69BDED149F777E761EF513A793C92A3A188627A303544652CCE0C884B1FD05AFCD269C824D9
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.257480348525539
            Encrypted:false
            SSDEEP:
            MD5:912A25605DD44504ED1E832579EC3059
            SHA1:552388FC481D036617C67F99ACEB96BAFFD57C04
            SHA-256:ED4CCDCBC8364D1BE1AF1BAB078AC0B384974CC5739372AF108B9EBF469104AF
            SHA-512:5712C0BB6510AFB4804C1781A7468A7F0A3AE19FC6AA9FFC3E86A198567028EC812E31A7D8BDB6AC819EE24F1D53973B924857078A24BED4BBB5652946A6B9E7
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):287
            Entropy (8bit):5.258140518078835
            Encrypted:false
            SSDEEP:
            MD5:7074AC107D2C275A54072CB5A4700C81
            SHA1:3682F624F342835C5822D2A726F71F8F5840F4A5
            SHA-256:0831B4E13EC588399EA6D935F4282D3BED429F07FC491B66B8A31EA4A20AD870
            SHA-512:B56B530EDAEA6F946FC4DAD96469CE2AE35C72DB9FAF90CF7EA8C55EB7E74392F8671F2B2F070630EE77832F83A02EF158543036C3E95BF4EE384C8AD5ABDB77
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):1090
            Entropy (8bit):5.665717340277444
            Encrypted:false
            SSDEEP:
            MD5:138FDBBE940C0787C6DC64557B9F3933
            SHA1:664945F0601473B8144EA4478D508AF2FFBD9173
            SHA-256:7886C0B7BBAE49CAF9027BD779DDA033F632B4540B8F18FC354B988BE3A6B21E
            SHA-512:88BDFE954477AAEBE597F6176C1119E1680B7A0F2F29D2C4FFB750800ADC29ED18A2F8C49C050FC072DFBCC3362834BF61095F3B76AFFF62C662BC123329B3F2
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):286
            Entropy (8bit):5.233484120435293
            Encrypted:false
            SSDEEP:
            MD5:296B0EDE97810F8345F99277F1F28CE4
            SHA1:E2E6783A55F585A7571CA8D14E83FB1AEFE409A4
            SHA-256:5A98B23183FE81A33E3E168AABA3330AF3196F8B1092E9F9D17B20DED8491CED
            SHA-512:BF6A8CFC38FDF3B2F92A78CF46F6E3A8DF8A1AB8A6CEE1D96007F6F0765CEDCD8A4E1BB265D54B60458D4311B68EECA7D422024A3D8E2C943082E2D1E373399D
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):282
            Entropy (8bit):5.240209700041359
            Encrypted:false
            SSDEEP:
            MD5:F90FE7A7AFF2FC67863F9A72B68FCA18
            SHA1:BF7437D552DAE182D603D63A287AB0FF54B709E3
            SHA-256:767707C059EC74A6DD8A26A69B6113801744D63412A89B39D01D7F72D6DF76F2
            SHA-512:79CAA583919F157208EBBF469925761404C277ADB5B19451E37747EF01E4CB6B7CB9956B426680906CD90C88B7414FD2D1ABB10B2580F818546FC4AC33206735
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"94c93d34-0ed7-432c-915c-4c49d00780e1","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1733708741941,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):4
            Entropy (8bit):0.8112781244591328
            Encrypted:false
            SSDEEP:
            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
            Malicious:false
            Reputation:unknown
            Preview:....

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2817
            Entropy (8bit):5.129980229328586
            Encrypted:false
            SSDEEP:
            MD5:3E75229047BC29ECCC230F5CC8890485
            SHA1:C2CAD74C7D0FEBEF492D065F34CEAE4BAB0E0E72
            SHA-256:986F22078CF4DC594C6CFF1EA388D741D593C364E02BF0753990334C9E5065FA
            SHA-512:659C1CD1DDBA18264F3B443EA1E0EBE30CA397EB6C366D2D308BC748820282CEF51DDF58742C71FD71963E7B63CB891EEC53164FB709052365CE3AE68FE4D935
            Malicious:false
            Reputation:unknown
            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"7d5cd636b8671e69daad9202e03a0e9a","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1733532791000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"5a3ed3ede875c18f72f9adcc1e0d60a4","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1733532791000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"388662ac91e2ff05030184adc7381ff1","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1733532791000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"2503885dc2c413f4dfd69e73760b3fdf","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1733532791000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"93ca636f3fb272108c48bc69801b2e39","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1733532791000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"ef0a5c434e243cecfe5d4c461489d2b9","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):1.356313155388573
            Encrypted:false
            SSDEEP:
            MD5:9D75E68B10070DACA7E43E3C41A97A42
            SHA1:85CDCC78D2E7D5DC6880892509EB95BB0C6670FB
            SHA-256:DFCE89A2571A1464DAC75534479E701E937F6A528534C496BD6CE3DB98979BD5
            SHA-512:04D2EE91DBF10BCC54B1D7F0C23D4106FC5245B5C34DD7830554B665B3391A80C36BBE7F5362A2CCFD68DC8631A13A255F222EA5A9FECCEF0F2036BF0B223E70
            Malicious:false
            Reputation:unknown
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):1.8317224812534858
            Encrypted:false
            SSDEEP:
            MD5:10D1BD7A636ABBB758C54BB07F4576DA
            SHA1:D8532061EC4C067F166EDF620CDD7A71D13998DB
            SHA-256:71C151C22DD6D41DA56F0FD8BC3F8A96C112BB8BB787E757D1E200147A36445D
            SHA-512:52BCB16B2B55EB764A57859769D7480C33DF169718C1B8409A5C17156C9FD87B8F7AC2A8E6172C29DE7046496503A9A86ED2C6807BEA0EBF1A82A12387C082CB
            Malicious:false
            Reputation:unknown
            Preview:.... .c........W......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):66726
            Entropy (8bit):5.392739213842091
            Encrypted:false
            SSDEEP:
            MD5:4AD99DD978950DE231709B83EE82374E
            SHA1:356039831F7ECA805E27DD34D7FF2B5800F52D7D
            SHA-256:6F606CC9D944FCCFF239E706B74E3DF26393F66AF90C02507194B48895764633
            SHA-512:C6A0D25D0BB67F6E3A914895480BBB252EBE35A493903BE27E34C673C8CD85DDEE8FF46F5FD00F7ABA38756269747F79D0FADC293B3B0842471DDC4BD5F45219
            Malicious:false
            Reputation:unknown
            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

            C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):231348
            Entropy (8bit):4.386468326536044
            Encrypted:false
            SSDEEP:
            MD5:9A38E84C027EA5992387C028171409AD
            SHA1:A2E90EEC070ABB15D0288C09922EF2231A91B83F
            SHA-256:873423979470004564F7B9FEDC10873DFAD738A4901544895B0657AB49C6CA80
            SHA-512:B827AC7C65F1C9B774EB4C009EE2E3670951ADF934A463520FCACACE8D3AC59704261D20B7FBDEA56774F16E7C4AC9167D30BA97DAFE3D5330117C4693153518
            Malicious:false
            Reputation:unknown
            Preview:TH02...... ....KBH......SM01X...,....3.KBH..........IPM.Activity...........h...............h............H..h.......;..I...h.........8 .H..h\tor ...AppD...h8...0...H......h./".. ........h........_`.k...h../"@...I.+w...h....H...8..k...0....T...............d.........2h...............k..I...........!h.............. hH.......`.....#h....8.........$h.8 .....8....."h.&.......#....'h..............1h./"<.........0h....4.....k../h....h......kH..hX. .p........-h .............+h{./"....................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

            C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
            Category:modified
            Size (bytes):1869
            Entropy (8bit):5.087389253725255
            Encrypted:false
            SSDEEP:
            MD5:37C86708BF9F1C3EF8EEAD6F4DC667A4
            SHA1:0F9235823949C6DF846F0546428211BF77D64D8A
            SHA-256:E84945F5C4A703D2EEA25084A9D97381D93674A090013648AFD7C9F1D785B3FA
            SHA-512:C44953946602E3D169142A028B21D35590504DD8687B696CF5D586B2EF12817C4D5F66937285C73FF3D592217FE1E0B3E0F2FCC9EA3019DB379E7AEE7095C7CC
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-12-07T00:52:49Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T09:55:52Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:55:52Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215426</Id><LAT>2023-10-06T09:55:52Z</LAT><key>37262344671.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-06T09:55:52Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:55:52Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_

            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):0.04587332210802959
            Encrypted:false
            SSDEEP:
            MD5:34A30F1CE3C80C50688DF33D8B747C07
            SHA1:4B7B87F840DFAED11A83D5329A21138BE7AE881E
            SHA-256:F9B050B56558AB77570E0B8D59D14B8D4765B91DE4BE599A3EDC5AADF490BE00
            SHA-512:E2E05E08ADAAC8FD372A20E37CEAE436D61A9FA353F58CF34CB74A41909FCD8EF442B635B51F3B334FB66B7688B45EDF352F85E1962BCA6B3D39A0203476AA0E
            Malicious:false
            Reputation:unknown
            Preview:..-.....................9.l.\.......Y..u...v.?...-.....................9.l.\.......Y..u...v.?.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:SQLite Write-Ahead Log, version 3007000
            Category:dropped
            Size (bytes):49472
            Entropy (8bit):0.4846464391757865
            Encrypted:false
            SSDEEP:
            MD5:2D80AFF7B9091A53A58526BE339A6039
            SHA1:A2780472437DA2B4F164BCED31D4421D8BD56E9A
            SHA-256:9AA336C2231D3EF99A2B319DD4FA7D2BEAD783EF55F8F64F14E2A574E78665AB
            SHA-512:9102E2F10D2CFB074C6FF43B124FF66C50CA3E3BE1EF24B72E485C34C76246F60B9873B4A2E4BAF0278226811BDF2EEFDC109E6674A2A526726CF10B0717FD2F
            Malicious:false
            Reputation:unknown
            Preview:7....-...............Y........M.............Y..d.v.-3Z.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\BEC6AF21.dat

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 1024x346, components 3
            Category:dropped
            Size (bytes):134856
            Entropy (8bit):7.829111030220481
            Encrypted:false
            SSDEEP:
            MD5:8CC1C9E3A2B7A4825EE61E6E14D21223
            SHA1:0242CE3DC70E4B9A76F1C063C4B206C1EBDEA17C
            SHA-256:273D44A8AC029E8F112CC161A2148FA1BD422F32AF98A4CBDCE55B13AD38E7A9
            SHA-512:D0B80F9F895BAC5AB67F10BF8F667100093E4F8AD8A242BBB31FCB4AB7ADC8DDD729BDE796B3D6368318B282705CCD391F652A7247CEC91F8861FF59D164F8E1
            Malicious:false
            Reputation:unknown
            Preview:......JFIF.....x.x.....C....................................................................C.......................................................................Z...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(............._.?e.....K.....x_..........,.......Z..$.....n.....}.B.......o.-Y$.&.R4..Y.HSZ.<-......(a.5Z..j.&.M.....J....Q...g...|<%'..z.Q...R..pNz..Ey..o...?g.~:...{.....2.i....x............M....7.4.k.......t.*..L....q........?..M........~..........R....<1.*.[.u?..f.N.....iw.._b.,,.._7....I"B>....*....:.3..[...|..R.bj........)...]%/u.iQR...ta..4.5Bx.<+

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\47E6OQ0X\Angie Signature Required (002).pdf:Zone.Identifier

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:ASCII text, with CRLF line terminators
            Category:modified
            Size (bytes):26
            Entropy (8bit):3.95006375643621
            Encrypted:false
            SSDEEP:
            MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
            SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
            SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
            SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
            Malicious:false
            Reputation:unknown
            Preview:[ZoneTransfer]..ZoneId=3..

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\47E6OQ0X\Angie Signature Required.pdf

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:PDF document, version 1.4, 2 pages
            Category:dropped
            Size (bytes):40722
            Entropy (8bit):7.7600330572150495
            Encrypted:false
            SSDEEP:
            MD5:F7D239EBD51A1CDCDBD488A58ECA2D3E
            SHA1:8E4597C11892F4B3187E5D004A6E9EE86FE773F6
            SHA-256:2284597A5603FBB911355AC76177D40A3F540F1CD661A7AA48717173DD7860BB
            SHA-512:F06F43C26EC7ADE6DDCBA99131D66FA67FDA3AE6B45FC7ECCD4C5885D1379393F0004B73615BD7243DFDE5CCB9F94E2710B2A42A24CE5CB86B7260392CA71E1C
            Malicious:false
            Reputation:unknown
            Preview:%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241206145717-05'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endobj.4 0 obj.[/Pattern /DeviceRGB].endobj.6 0 obj.<<./Type /XObject./Subtype /Image./Width 108./Height 24./BitsPerComponent 8./ColorSpace /DeviceGray./Length 7 0 R./Filter /FlateDecode.>>.stream.x..Q.. .@#..H@B%T..*!....J..J@..rI`.nng...}..ff..I^C..C..._..X.JD\.Y..f......^.;$....Y..RU...&..+m...,n.D...M.1{...x..<.".....*...j[..L$. .D.d .A6..TZ-....E*.:... .*.A..2w'.%]....j.Al.....<e-E..I..Ze..d,...~.._.g...7.U.s^/.ZY.s...`Q...,..6m.S...]s%..K.Z..*.!.5....{.....yh....XR.j........mZ.G|=.,k....j..W...gO\....6.J.W.^/.Q..Z0.Q.u..K,m`7.....;.k.&....&9.....t.l.|.%Oa..... ..UC.x8.W..V..........8..y.w...k..b....dW..."dJ/Y.,..../....endstream.endobj.7 0 obj.455.endobj.8 0 obj.<<./Type /XObject./Subtype /Image./Width 108./Height

            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B9F37439-BC13-4A69-935D-867E8C4A1F55}.tmp

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):1536
            Entropy (8bit):0.8145857756033096
            Encrypted:false
            SSDEEP:
            MD5:4ADAB48707CD94AFD36796041FA7194E
            SHA1:3C8FBC96DD5F4F1AC1FBDFEC2470503947EEE188
            SHA-256:295AB01DB64F399A283F35FE734B8A95581E5B943298B5B541C1D83D9BE7FBFA
            SHA-512:0BF1340D1D2B4ADEF9E01A5516E2777C44C623D349AC2157D3B5AAEC3AC409299F538247021FD063931BC18B231B5CF6D66001BD81145634429F28F2ADBC40A3
            Malicious:false
            Reputation:unknown
            Preview:....E.x.t.e.r.n.a.l. .S.e.n.d.e.r.:.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................&...*..................................................................................................................................................................................................................................................................................................................................................................................................................................................................-D..M................

            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1733532768718508500_32F85A66-9557-49BF-A935-258B14738671.log

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:ASCII text, with very long lines (28774), with CRLF line terminators
            Category:dropped
            Size (bytes):20971520
            Entropy (8bit):0.16145081847451306
            Encrypted:false
            SSDEEP:
            MD5:141B31B7DBBD7EA297E7A3723B2C7888
            SHA1:3BBF2FCE6804DAEBD04AEC5BC0F5E2E862FC9689
            SHA-256:43CD684518813A0C497FE9B68C94AE784EB7D5C22A56169062822B638A98F081
            SHA-512:4A4FCA1F5EB0543AB6986818E8A3F00BF333D58988F1735922608C9C2F9FF56C2EA537D60D7B9BFC792756E4353992D3E4AE4579A7468F5AEC32B3DC001D2EF3
            Malicious:false
            Reputation:unknown
            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/07/2024 00:52:48.747.OUTLOOK (0xDC0).0x1544.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2024-12-07T00:52:48.747Z","Contract":"Office.System.Activity","Activity.CV":"Zlr4MleVv0mpNSWLFHOGcQ.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...12/07/2024 00:52:48.779.OUTLOOK (0xDC0).0x1544.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2024-12-07T00:52:48.779Z","Contract":"Office.System.Activity","Activity.CV":"Zlr4MleVv0mpNSWLFHOGcQ.4.12","Activity.Duration":10633,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVe

            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1733532768719267900_32F85A66-9557-49BF-A935-258B14738671.log

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):20971520
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\MSI6925c.LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):246
            Entropy (8bit):3.5390718303530573
            Encrypted:false
            SSDEEP:
            MD5:3DB35DEBE14F7887609BBE4CBEAE270A
            SHA1:7790F62FC1ED7CFC4AB4FD3E5ABDCA7F1862DA72
            SHA-256:EE8D2B82BA32112066322352CF06342FC8D2CB3CDF4FEB0594B964DC121B22BD
            SHA-512:C9DB50F572D7E000723EE9B86D245FC1494F8BE36558E19DBE3E45A7C1673504575D637A54AB7B68A59D012454BD154C702A1672B85D5A0C58C3F801D2FB865B
            Malicious:false
            Reputation:unknown
            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.6./.1.2./.2.0.2.4. . .1.9.:.5.3.:.0.9. .=.=.=.....

            C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241206T1952480493-3520.etl

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:modified
            Size (bytes):106496
            Entropy (8bit):4.479885641902408
            Encrypted:false
            SSDEEP:
            MD5:20237D1F98F7B9419259D5851054CA23
            SHA1:67CF731A4D52BFA1E5432A13E2D3C0C366E5F0E9
            SHA-256:B0AA1517619AB84600F81C768AA411DDBC2EE41E76C36735156C8AC9D5B13C65
            SHA-512:8452CF2A13B79E84A2ADA611E906B87BD91BF5BE06348A5C5A0E506D9CCF43C0E1799AD711382E18DBAFDE6424EDEB25756BD0E0DC67F75A3CDFA2775FF406EF
            Malicious:false
            Reputation:unknown
            Preview:............................................................................b...D........:.UBH..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................P....Y...........:.UBH..........v.2._.O.U.T.L.O.O.K.:.d.c.0.:.a.2.5.7.f.9.5.f.1.8.f.5.4.8.4.9.9.5.7.5.a.9.5.0.f.d.4.2.4.7.b.0...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.2.0.6.T.1.9.5.2.4.8.0.4.9.3.-.3.5.2.0...e.t.l.............P.P.D.........UBH..................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-06 19-53-03-990.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393)
            Category:dropped
            Size (bytes):16525
            Entropy (8bit):5.359827924713262
            Encrypted:false
            SSDEEP:
            MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
            SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
            SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
            SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
            Malicious:false
            Reputation:unknown
            Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393), with CRLF line terminators
            Category:dropped
            Size (bytes):15114
            Entropy (8bit):5.360769642312188
            Encrypted:false
            SSDEEP:
            MD5:78AB5197417134F6C54621E81B5B31F0
            SHA1:853E66D3826B36DBB9D075E3C380F603852D76DD
            SHA-256:64EAF241E41FCFF2B9057DE13CC4C77EE19F6F6146C0ACFF56E919FB24952215
            SHA-512:E5B1F09CB17BD9832C37AC0D5A3B18941F8D39C48690206388D2E4115001EE99E6A88D3138F3E859F8BA8AEA65E3A7011B8A117B42C8DEF1D188F292C1C953E3
            Malicious:false
            Reputation:unknown
            Preview:SessionID=325a43b2-731e-470a-95fe-1a6f95b6dffc.1733532784002 Timestamp=2024-12-06T19:53:04:002-0500 ThreadID=6324 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=325a43b2-731e-470a-95fe-1a6f95b6dffc.1733532784002 Timestamp=2024-12-06T19:53:04:005-0500 ThreadID=6324 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=325a43b2-731e-470a-95fe-1a6f95b6dffc.1733532784002 Timestamp=2024-12-06T19:53:04:006-0500 ThreadID=6324 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=325a43b2-731e-470a-95fe-1a6f95b6dffc.1733532784002 Timestamp=2024-12-06T19:53:04:006-0500 ThreadID=6324 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=325a43b2-731e-470a-95fe-1a6f95b6dffc.1733532784002 Timestamp=2024-12-06T19:53:04:007-0500 ThreadID=6324 Component=ngl-lib_NglAppLib Description="SetConf

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):35721
            Entropy (8bit):5.423625887323019
            Encrypted:false
            SSDEEP:
            MD5:810C0F99C2ABD960653729230935D8C7
            SHA1:E9553673286E3ACFB2729BFEF2B2066727BBE4C7
            SHA-256:92212313999A926651E22739E3F9543C286347A1295169E82C6107E1D5D2B800
            SHA-512:3A07768E160E0849F60FCD234D5865246022E1D0A774C6FAAF9C3BD926D0B1B305985B11C60F8379ED926C752D4ED7E9C7015AD30D9A92514CCFE2EAF1084A79
            Malicious:false
            Reputation:unknown
            Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

            C:\Users\user\AppData\Local\Temp\acrocef_low\1e9a8653-1cf6-4074-b4ce-babdc2d662c5.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
            Category:dropped
            Size (bytes):543911
            Entropy (8bit):7.977303608379539
            Encrypted:false
            SSDEEP:
            MD5:5B21A6981E55EF9576D169BBED44BCDB
            SHA1:B3A14100B7E7C2C01D61B010A54937952D111E20
            SHA-256:9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E
            SHA-512:FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1
            Malicious:false
            Reputation:unknown
            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

            C:\Users\user\AppData\Local\Temp\acrocef_low\75332ba9-af1a-4d1c-8fc5-6b0b3be6c75e.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
            Category:dropped
            Size (bytes):386528
            Entropy (8bit):7.9736851559892425
            Encrypted:false
            SSDEEP:
            MD5:5C48B0AD2FEF800949466AE872E1F1E2
            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
            Malicious:false
            Reputation:unknown
            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

            C:\Users\user\AppData\Local\Temp\acrocef_low\7e8ad2a3-f076-4ba8-aa26-82c82ebac056.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
            Category:dropped
            Size (bytes):758601
            Entropy (8bit):7.98639316555857
            Encrypted:false
            SSDEEP:
            MD5:59EE5E2FB56A099CAA8EDFD7AF821ED6
            SHA1:F5DC4F876768D57B69EC894ADE0A66E813BFED92
            SHA-256:E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75
            SHA-512:77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE
            Malicious:false
            Reputation:unknown
            Preview:...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=*.R........4..(WCMQ..u]]R...R......5.*..N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]|..7;.5....^..7(.E..@..s...2..}..j....*...t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...z*Bs|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5|:bj[.._R{gi...^

            C:\Users\user\AppData\Local\Temp\acrocef_low\9e9c354b-47f1-4d9d-a2e4-d76870989dbd.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
            Category:dropped
            Size (bytes):1407294
            Entropy (8bit):7.97605879016224
            Encrypted:false
            SSDEEP:
            MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
            SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
            SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
            SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
            Malicious:false
            Reputation:unknown
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\dcba733b-f2d5-4585-a6c3-a4ce825c75ef.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
            Category:dropped
            Size (bytes):1419751
            Entropy (8bit):7.976496077007677
            Encrypted:false
            SSDEEP:
            MD5:F6CACB4A8F3328CA8C06812420C0337E
            SHA1:184589C5954FE73E4DF5569A0D0E2F85189917DF
            SHA-256:91E9A938AF33129F4DD910E38980BEAC9C64982E76458D75B92CB03B0FBCDFD6
            SHA-512:78D790967B665A9EC54C92ECB89336A67D8ED7B385B25AC465A28F31BF88D7DFC1A2FAE4791BEE33E48CE5EF783C1C9169D1C905E9CFCA090FF54C71335FA0A0
            Malicious:false
            Reputation:unknown
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\olk96AD.tmp

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):3784
            Entropy (8bit):7.607299220392757
            Encrypted:false
            SSDEEP:
            MD5:AF7F7F62E5ECD3229A241D88DA451344
            SHA1:7D775348CD5D58DE5D7728228EF1150548FE9966
            SHA-256:3AB591FF6FA3061B16D40696DEDC76CBDE2B1683374392BC81E711AB57648E62
            SHA-512:C57531235DD8F5D9D58EFCDD2CABF850056171D7F6854839E51681EFC236BF55197278262C430C64CC6F085716EB3B3EB39DC31B651BEA8283B0AE5A0B037994
            Malicious:false
            Reputation:unknown
            Preview:..Y.M...j+.k..DhZ....t;........?...[..|O.}.x..7......../....._..K./.O.M.u..:V.3X.5...4..5.....N.4.(Yh~...M.....O.k..!..>+......g...C...6............S..%...4.sH..+.%.4.k=BYn..S..y|..x.\.3...L.4.."..v./S..%..2l.n..Hf...4*.6.Yr..K..d'....../.F.)c}..~!......J<..S1.b.Fx':.e.9uzs.[._............E~..-...._.<}.|(...).3.'.....?.....|P..].........?.~....5O..g.lt.+.....S........._[.J..m.......St.Q...}....U.>......3....k}0.".$f....7..G&c..i.$.w....O..;.u..>5....&................e.l.......:5.w...~.g.|7.h.ym.ui..t..N........5=T_~;I..|*.......SM...$........~.4.Q..?.]W.o./.^+.....\.G.t...mnu-...F..X......t...+K.m..Y.OB..o.I.#...F.p......R.8V..U.../.O.:...Rti.N1....#W....C..l...IO.*..q~+.F.Z4e.P.<N*.0...".j..V....c.../....F.....5.k.W.......yot..Z.....Sx..&.kk.O^:...V.}.Q...FfYm...d.....@....Y.R......^...?e.....~....O..g..|g...i...4.....x..D.m...<W.Z_@.7..>.o$.e.6..\j_......s.y..5..|C.^..S...o.p.Y.J....h....[...]/Ox..E.<o}c.Ae...{.qa.h.4:..tIu.\hzD

            C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):30
            Entropy (8bit):1.2389205950315936
            Encrypted:false
            SSDEEP:
            MD5:D4E1BFB3D5A7462EB68ED4277E08CB7A
            SHA1:9D12B368222BA97441D39F32B8A1167C54655A0E
            SHA-256:0EDB65A7B014F6CDC08ADA9086C933D0D6AA5F3E803A74ABE337850D785FA8E5
            SHA-512:C2AA49F611124B6111409C6373B3E75E6E3D30130065FB70EED5D01CF51F54958AF068157DFCB7D57424C6965CC0A83A73D54A90D285BDB9CE931FDAB788F1E5
            Malicious:false
            Reputation:unknown
            Preview:....b.........................

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 23:53:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2677
            Entropy (8bit):3.9944261560409857
            Encrypted:false
            SSDEEP:
            MD5:61B2F4769CC895B46D601BB0553D2E64
            SHA1:280FB0662AE4820855CC308854C7B3ACB73E38D1
            SHA-256:7E6162DC572360C8EBFE8FE6F31FFD0893457C8EB8027E047124514A2AAA0F58
            SHA-512:50954B2DE9F66DE67B54C0D9BDCCD7A66D217A8EEBD116528FDA69BED1CC792F078AE3153B75A8FDD52F15FD6C6EA41C24DB6DA348BBFEC20C0D2584004DCD20
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....o^`BH......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 23:53:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2679
            Entropy (8bit):4.010268091531587
            Encrypted:false
            SSDEEP:
            MD5:59BDE900D3EF6A67D0CF6DAC7310A95F
            SHA1:86DAE6992D68762DABF5CF6DFE753A2EC1371223
            SHA-256:85867FA9E34EF7138DB7CCF393ACCFA73AC7F5D3805E7F6BE1BB4C4375CC9172
            SHA-512:317263A7F2C7281C13DB2F013EC0631DF51A1CFCD69F90B32B7AC019065B2AF09B912816B29856B1B6B0A8633AAFCE7BC6DFDEB3CC4C6C95729AD13EA633E32F
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,......O`BH......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2693
            Entropy (8bit):4.019156141935702
            Encrypted:false
            SSDEEP:
            MD5:66B7851157D3C4A7956F236C7294E8A4
            SHA1:5A0BEDF3736769EA9924503AFBC691017023EEB8
            SHA-256:FED9B4B5F83B4B954C98677A7DF2AB9A97F3888F77A091646C4BE4CB15787455
            SHA-512:6075C9A5C5CEEBA1515B1511D6B6FF4EBDCF32F0BEE1C9B0B858E41E2250F9B62B7D21DA67CFCFAF466E624964FE865808B999DEC7F6512D672A0EE71AC31C2D
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 23:53:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):4.0097855802714575
            Encrypted:false
            SSDEEP:
            MD5:40B35E63C192134F6806E65B6730313C
            SHA1:AF939B6B01578AB9D8C524B507BCF3FD639173A1
            SHA-256:F30F2F3744DD77B7E7CFE4FBCF681650241E2490532CE044D07E34E5BE1E075A
            SHA-512:EB6F181D283FC67224E01BA3314FA0F0273FD6A8BE738A77B7FC40F808C55CF683D49605502FF0BA0323DD5D21A824BBF0BE7CD43E655ABEF831CFC7744D99A1
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,....J.I`BH......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 23:53:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2681
            Entropy (8bit):3.995968931592275
            Encrypted:false
            SSDEEP:
            MD5:CD9E131852EA07C843FF3C9239686D4C
            SHA1:35C130FE93163BFCCBB6BFB3FB16AAE478C2743B
            SHA-256:A8E8BB34E82BF846487266130BF0B41F80D63BC3626FA4EE93F466FDC432A49C
            SHA-512:AE76C08BD7DEF35870E370BD2C513F9B8038168EF45EAD6DF610008ABDA68782EA8B15F3542059E4B51431F3B427584D0F335AC74F24DE118074522A1CE51BE9
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,....:.X`BH......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Dec 6 23:53:05 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
            Category:dropped
            Size (bytes):2683
            Entropy (8bit):4.009157201180233
            Encrypted:false
            SSDEEP:
            MD5:996279398F4818834B47182BCA6D54B2
            SHA1:1CC5472896E5FD9A996AAD5B9ED30355CABE7099
            SHA-256:50CF2A70237896958B685DF48E8B376BA47FCB5928F98E697D5E95DB4160E9BB
            SHA-512:5322EE879733F7625999F5C75B87F45CCA614C0AD38411032B85D830CD968F42E59BDC4BA9AB6DD6531D86C9EDEDEC6BC13881FD33B615D9FDA76B9D377D4FA0
            Malicious:false
            Reputation:unknown
            Preview:L..................F.@.. ...$+.,......?`BH......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............*.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

            C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:Microsoft Outlook email folder (>=2003)
            Category:dropped
            Size (bytes):2302976
            Entropy (8bit):1.410635201977704
            Encrypted:false
            SSDEEP:
            MD5:8F02A22017526208CDC1CE3BF82E3583
            SHA1:5B658CBACFF31E82EDF1449BEFD715F8A2FC447F
            SHA-256:F1610272B4E2286B50F3040CB5FB855C069775F6E230883CAEF2DB60F61DC446
            SHA-512:B5F8E85D6FA5094181F94D9D07DD0D195F6E9511D0E0F1C799FEDBEA66C331E7C93599EAD466456D232398D06E821F19D5064096B9CCB377DB591F3F4A7FCD61
            Malicious:true
            Reputation:unknown
            Preview:!BDN.b.gSM......\..._...................^................@...........@...@...................................@...........................................................................$#......D...........................................................................................................................................................................................................................................................................................................................................9x...".....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):262144
            Entropy (8bit):7.291226304916534
            Encrypted:false
            SSDEEP:
            MD5:32373493F556FC24CF6B3A0187A49BA2
            SHA1:DAF3F4F4E1A7B38F6BDD50BB356E25A5139339FF
            SHA-256:1E2D71292EC6CCD99ACA68E97FB72B0208362C8A6C370305E374652ADD1642EF
            SHA-512:2661A7F067A372AD43C520B5AA0AB65768179FDBEE3E2DD69826505DA870EA21B550F359936BE14650CCF6E219E96BAF2ED7B399F2F594AC144926662C9CBD4B
            Malicious:true
            Reputation:unknown
            Preview:.y..0................~.UBH.......D............#...~.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................(..).D......(..0................~.UBH.......$............#.........................................................................................................................................................................................................................................................................................................................................................................................................

            Chrome Cache Entry: 187

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:very short file (no magic)
            Category:downloaded
            Size (bytes):1
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:68B329DA9893E34099C7D8AD5CB9C940
            SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
            SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
            SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
            Malicious:false
            Reputation:unknown
            URL:https://llysfaenvillagehall.com/m/?c3Y9bzM2NV8xX3NwJnJhbmQ9UVc1aE1FOD0mdWlkPVVTRVIwNDExMjAyNFUwMzExMDQxMw=
            Preview:.

            Chrome Cache Entry: 188

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, ASCII text
            Category:downloaded
            Size (bytes):746
            Entropy (8bit):5.001270384089173
            Encrypted:false
            SSDEEP:
            MD5:DBF8EC3DB1D4B93B848197591827939C
            SHA1:2E12F671D6101F52060133C32F8D359AF756F9B2
            SHA-256:63C52AA99CA361B59A27E7F51FE5FADFFEF99E671F8B4F9560FAB204219E0666
            SHA-512:6BE36399F1B84B3C1969A6498FF31F9CFBD3C660A6FE99CCD2A18339F9C62A68E810B93A7439DE71CA33F9831CAD37C43306415012541DD809928F5597ACCE83
            Malicious:false
            Reputation:unknown
            URL:https://llysfaenvillagehall.com/favicon.ico
            Preview:<!doctype html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta http-equiv="x-ua-compatible" content="ie=edge">. <title>404 Error</title>. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="robots" content="noindex, nofollow">. <style>. @media screen and (max-width:500px) {. body { font-size: .6em; } . }. </style>.</head>..<body style="text-align: center;">.. <h1 style="font-family: Georgia, serif; color: #4a4a4a; margin-top: 4em; line-height: 1.5;">. Sorry, this page doesn't exist.<br>Please check the URL or go back a page.. </h1>. . <h2 style=" font-family: Verdana, sans-serif; color: #7d7d7d; font-weight: 300;">. 404 Error. Page Not Found.. </h2>. .</body>..</html>.

            Static File Info

            General

            File type:RFC 822 mail, ASCII text, with very long lines (424), with CRLF line terminators
            Entropy (8bit):6.085571367527922
            TrID:
            • E-Mail message (Var. 5) (54515/1) 100.00%
            File name:Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.eml
            File size:265'290 bytes
            MD5:966cbbc356af609769b24060a87226f0
            SHA1:786ca30761477ef989709771e87be895d0b9b328
            SHA256:b5dfb79bdf9100bced6b00c3b0161777b38d9b5205e8e577b86a12798e9412f6
            SHA512:103404c41011d879357eba6854d71094b3e9ccee25fda611a3e20227a0cb400e1db9644f003e8f12a41318b57c82b972d258e75f3168dcfe5d1f492877198abf
            SSDEEP:6144:kZ4kR+3eeG8TvFvee7sKVRzX6mN3OpEqX9gB7BtHY+kCK:kZ4kR+3eeGT4sazxsXcRK
            TLSH:8A44F10AC8735E620BE296FB5E177AC278793AE311CD45F320BC5B83F0D2596E72550A
            File Content Preview:Received: from PH7PR13MB6462.namprd13.prod.outlook.com (2603:10b6:510:2ed::18).. by PH0PR13MB5615.namprd13.prod.outlook.com with HTTPS; Fri, 6 Dec 2024.. 20:04:24 +0000..ARC-Seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=AGAo1N

            Static Mail

            General

            Subject:Fw: 2025 Employee Handbook For all Colhca Employees Ref THEFUE
            From:Angie Oujiri <angie@onecircle.care>
            To:Support <support@mydatapath.com>
            Cc:
            BCC:
            Date:Fri, 06 Dec 2024 20:04:05 +0000
            Communications:
            • External Sender: Hello . I am thinking this is a risky email and very worried that people will click on this... Angie Oujiri, MAN, RN | COO 4100 Lexington Ave N, #150, Shoreview, MN 55126 P: 612.871.2474 | Cell: 763.245.1833 | F: 612.870.3874 www.circleoflifehc.com Honoring those we serve. Information contained in this e-mail transmission is the property of the sender's employer and is intended for the named recipient. If you are not the intended recipient, do not read, distribute, or reproduce this transmission. If you have received this e-mail transmission in error, please contact the sender. Disclaimer Regarding Uniform Electronic Transmissions Act (UETA) and Federal E-Sign (E-SIGN) Law: This communication is for discussion purposes only, and it does not create a contract or legally binding agreement. The UETA and E-SIGN do not apply to this communication. ________________________________
            • From: HR-Colhca-Authenticator-Required-access@m4.gmobb.jp <HR-Colhca-Authenticator-Required-access@m4.gmobb.jp> Sent: Friday, December 6, 2024 1:57 PM To: Angie Oujiri <angie@onecircle.care> Subject: 2025 Employee Handbook For all Colhca Employees Ref THEFUE [cid:1VCPFAMCNJ938DG93.JHYO]
            Attachments:
            • Angie Signature Required.pdf

            Headers

            Key Value
            Receivedfrom PH0PR19MB5504.namprd19.prod.outlook.com ([fe80::cbf1:878a:d4e4:bbc6]) by PH0PR19MB5504.namprd19.prod.outlook.com ([fe80::cbf1:878a:d4e4:bbc6%4]) with mapi id 15.20.8207.020; Fri, 6 Dec 2024 20:04:05 +0000
            ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xa5CoTZmS+8YoAKJ0wzO7GOCWTYqfgvCbtqLuNeMIlQPWqH3A4MRUqFK24TkCTqS2UuMT9t/MaJ3NKO4dLPH/5s2tp0BZZX1eiG/0Y5fgjwFziTQKDFjLXCQeMPNyWZ6nzOATCj0Njhu2sxaWL9joQx8Eo6m1uufV/KldG2gXafeJZ+LeJKIWysJjgTGVwdoyHgDwfkO9qMcx+Sbm8UdtCziv5Rax0XX3ZXWEa0phXUIz3xcdDDgx6B9a65/41TZP3EFdofoqos8nZ2V7um1P+P6h7ZNKhEZMOzZCrgI+sv2rdwrjtjwAQAQsTzeMWWi0T29zXzohG/mUKybM2dsLg==
            ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ISWUhV9QzNmGGxdRzHzndNTG1mAd+NBNan/nlG9CpNc=; b=C93Eq9o372xJbk4kuKBamOaQUFl6pVM7iV9mFi8Wy0/ffbo7upO24rhJWa9DFEMoB6U5JJ5qfX94eoLfGbKVWbhvMnaveRifuH8Ea9jGvNwYQ71OIKDm5dfijkFCLwC3p/xMH3pkbToc5LC3BIzBgolQ4vzZiceWgA9ZAqL7vIZIk149X8BUgLdGD2KuqKi0NM9iFtDFIhLB4KhVAACnvN0gyK3RnTer/O+IgBtufd3GUX0HEIopUfUMiR4E061+2r4wql5yD22UXU8JoZNBjnqheCzaKynX4dJG5dorj9k3vdEatw/zfSqx/T3EtX8RPSh0kI61Bavo6dJKGZ9GNA==
            ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=onecircle.care; dmarc=pass action=none header.from=onecircle.care; dkim=pass header.d=onecircle.care; arc=none
            Authentication-Resultsspf=fail (sender IP is 170.10.132.61) smtp.mailfrom=onecircle.care; dkim=fail (body hash did not verify) header.d=onecircle.care;dmarc=fail action=none header.from=onecircle.care;compauth=none reason=405
            Received-SPFFail (protection.outlook.com: domain of onecircle.care does not designate 170.10.132.61 as permitted sender) receiver=protection.outlook.com; client-ip=170.10.132.61; helo=us-smtp-inbound-delivery-1.mimecast.com;
            Authentication-Results-Originalrelay.mimecast.com; dkim=pass header.d=onecircle.care header.s=selector1 header.b=ZmYfARk0; arc=pass ("microsoft.com:s=arcselector10001:i=1"); dmarc=pass (policy=none) header.from=onecircle.care; spf=pass (relay.mimecast.com: domain of angie@onecircle.care designates 40.107.95.102 as permitted sender) smtp.mailfrom=angie@onecircle.care
            X-MC-Unique39YuFzkJMWClWJRkIZz8Fw-1
            X-Mimecast-MFC-AGG-ID39YuFzkJMWClWJRkIZz8Fw
            DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=onecircle.care; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ISWUhV9QzNmGGxdRzHzndNTG1mAd+NBNan/nlG9CpNc=; b=ZmYfARk0grZX3KXOiHlAzRumFsTfe4kqTX2EneILE3Coldm0cLe6DSo0tv1iVsFUfKFOyC4Gs+LR2ani/rV6s6qJip/d4Igc+mQPGbqXRo+2ACss1NmParzCY8K9MMmBwP5fM6q/kphHA0jIQavX+qLfWV5a7y6VmIPByv8hIMzGtoe+ADlXx/grDJCn2S7njzBZwDFFqeioF7VmKp8SvINIbcTxshvjbDG8fhjz4lEhJTG6EQE1ohCQ/UDHBLwnlwRPgydTEAeabdXQdQuYUhEis2U0TfCMCseWhIfm2NG6qXOcO6BqaZI1QZtlob9FCd1GopF/au2sH8T0qnnfmQ==
            FromAngie Oujiri <angie@onecircle.care>
            ToSupport <support@mydatapath.com>
            SubjectFw: 2025 Employee Handbook For all Colhca Employees Ref THEFUE
            Thread-Topic2025 Employee Handbook For all Colhca Employees Ref THEFUE
            Thread-IndexAQHbSBlYrE9gOpb2+0CL2r2q0PlI8LLZo5/E
            DateFri, 06 Dec 2024 20:04:05 +0000
            Message-ID<PH0PR19MB5504C9304EB0361CACA0225CD3312@PH0PR19MB5504.namprd19.prod.outlook.com>
            References<173351503688.18648.13990230132650174951@m4.gmobb.jp>
            In-Reply-To<173351503688.18648.13990230132650174951@m4.gmobb.jp>
            Accept-Languageen-us, en
            X-MS-Has-Attachyes
            X-MS-TNEF-Correlator
            msip_labels
            x-ms-traffictypediagnostic PH0PR19MB5504:EE_|DS0PR19MB8774:EE_|CO1PEPF000044F0:EE_|PH7PR13MB6462:EE_|PH0PR13MB5615:EE_
            X-MS-Office365-Filtering-Correlation-Id7c981cb7-96b9-4598-87c7-08dd16312931
            x-ms-exchange-senderadcheck1
            x-ms-exchange-antispam-relay0
            X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|376014|10070799003|1800799024|366016|8096899003|38070700018
            X-Microsoft-Antispam-Message-Info-Original YTTJ8973h1+oUoVB+98ApCw1Q93xyBw3oHUtXa+DAL3A0UeV0T8QbIdcfGz5pH7C/xzvO7qBw1zE837SCFfbs+JoZKDTofpfHj8DJ61S6wowi0rTXalxIBw3qmFsA0y5GB5NPNgcYzgDwpD6p+0i5L7sj3+mYTXhKtc4vWe6aEG7hxZ/0nV9bD5+XX+OZea2OEYIxUvfxBtEJ+NN2e2gwZLHvz1s+jnYES2jUVfcUcmG5ZhQ+bwtJFMk/wOzuKW7Ssezqep41tEhh4qj/Np/TjN6Vn54USUCZ1icaDRlKwK3CQvTPVGr4TbBgcZXgOwqXWfn8kPrdsWWuXvtS04GykKmSpcuu2NDLvAGN7eCxYmRElSbL4I4ZVfYgVAefUvETA7t8RfxmQYL8GXIwaqEKvdJDPQzBdO4NuwJ1nxQP/QlklWaZRraglk6LYOMNvHMWbyaXvj9xdVr/a8m6ccJZUn/2CONeW19dWgfQSaXmDESw73PwVGeDZ57EmudWd0wVsFmEeVIKJLa1vBEVFjSmV/FCDU9sPhPk5UT5v5Wv3Y0Z1V4B7xy0Q/AuLH1GlRxfcSZzo1UVsQpnWRRrPkuVIPT5pDnJpqCSWyGF6tlfMDd221IB+3UZ4H05fdRqqlEDHiw6W1mXe7gteyJ1sd/VEIEtvJ0Vl3JSAJCG8DN0XAifQMplS0VcZJE8465dRedHSb0/RYPKf7CRwCwYhiUwgowAPuEgS16YnTs16R6HBsdAxjLqYhHP8UcC51Mipp9XV+EjNLdtaelY3B3bkZJfaXfAcQu6WbsWLwZEty9nytdSp4kR+DnqgwfRmCanVtqlVtaHRpiZU2vsczIVNBiKElUH4sEmN9bNmvXGBwq0x3aQ14s1aj0H6trocAiJ+NxBzUHo+xw6hrg1RON48DnBVvUj1D1ihQlIaSGCSK0xtYqxA4gUgqL7KkWYwINH4zRA1HeyHt1LbO1ldaFfdyuEHox9aWh64fxj3ERiZUbR27KrqJFMQ/GOvog9xPodif6fNxqA1aQ5bXQY49+vu+7NtwpiyA2BFjxZdHHCjd1Xg9bhKYh8NLrpebgCIFeQjFZeo73KACknYzGTyudCMTamtKS64fphQd2JzM2qMnuTxjh0f8L0ddMYtnlRLZlVKehV5COqz5ZEbsnXh26SWBaUAvubxdZlABVJYlO6FiBBKU4AUXiEcIjRluK6zfAFLlFkh/tUtxQCafgZaM1HtnEgKReDQiL6lmM/qKEa3FHYhZihL/cUd/iTtahy12f/tEBkV+cjzS1s8+/tn+uuBJXTid3Omn7cQUMWZ9tz204jJ4=
            X-Forefront-Antispam-Report-Untrusted CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR19MB5504.namprd19.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(10070799003)(1800799024)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1102
            X-MS-Exchange-Transport-CrossTenantHeadersStampedPH7PR13MB6462
            X-Mimecast-Spam-Score0
            X-Mimecast-MFC-PROC-IDA7Nnf9y5mwHyIPq8FmezxDSSVUQqoxGT_9AXZl4iOus_1733515449
            X-Mimecast-Impersonation-ProtectPolicy=Default Impersonation Protect Definition;Similar Internal Domain=false;Similar Monitored External Domain=false;Custom External Domain=false;Mimecast External Domain=false;Newly Observed Domain=false;Internal User Name=false;Custom Display Name List=false;Reply-to Address Mismatch=false;Targeted Threat Dictionary=false;Mimecast Threat Dictionary=false;Custom Threat Dictionary=false
            Content-Languageen-US
            Content-Typemultipart/mixed; boundary="_006_PH0PR19MB5504C9304EB0361CACA0225CD3312PH0PR19MB5504namp_"
            Return-Pathangie@onecircle.care
            X-MS-Exchange-Organization-ExpirationStartTime06 Dec 2024 20:04:15.6798 (UTC)
            X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
            X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
            X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
            X-MS-Exchange-Organization-Network-Message-Id 7c981cb7-96b9-4598-87c7-08dd16312931
            X-EOPAttributedMessage0
            X-EOPTenantAttributedMessage9ef5d077-23c6-453f-94f9-7809c35a837f:0
            X-MS-Exchange-Organization-MessageDirectionalityIncoming
            X-MS-Exchange-Transport-CrossTenantHeadersStripped CO1PEPF000044F0.namprd05.prod.outlook.com
            X-MS-PublicTrafficTypeEmail
            X-MS-Exchange-Organization-AuthSource CO1PEPF000044F0.namprd05.prod.outlook.com
            X-MS-Exchange-Organization-AuthAsAnonymous
            X-MS-Office365-Filtering-Correlation-Id-Prvs b7e15f3b-d626-49f6-baf3-08dd16312343
            X-MS-Exchange-AtpMessagePropertiesSA|SL
            X-MS-Exchange-Organization-SCL-1
            X-Microsoft-Antispam BCL:0;ARA:13230040|31092699021|82310400026|35042699022|4076899003|8096899003;
            X-Forefront-Antispam-Report CIP:170.10.132.61;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:SKN;H:us-smtp-inbound-delivery-1.mimecast.com;PTR:us-smtp-inbound-delivery-1.mimecast.com;CAT:NONE;SFS:(13230040)(31092699021)(82310400026)(35042699022)(4076899003)(8096899003);DIR:INB;
            X-MS-Exchange-ForwardingLoop support@mydatapath.com;9ef5d077-23c6-453f-94f9-7809c35a837f
            X-MS-Exchange-CrossTenant-OriginalArrivalTime06 Dec 2024 20:04:15.3673 (UTC)
            X-MS-Exchange-CrossTenant-Network-Message-Id7c981cb7-96b9-4598-87c7-08dd16312931
            X-MS-Exchange-CrossTenant-Id9ef5d077-23c6-453f-94f9-7809c35a837f
            X-MS-Exchange-CrossTenant-AuthSourceCO1PEPF000044F0.namprd05.prod.outlook.com
            X-MS-Exchange-CrossTenant-AuthAsAnonymous
            X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
            X-MS-Exchange-Transport-EndToEndLatency00:00:09.4675955
            X-MS-Exchange-Processed-By-BccFoldering15.20.8230.010
            X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
            X-Microsoft-Antispam-Message-Info zT0+kwh5rhrf5oExvAxTiFYxF+hzIAZxT0CtA0W8FAg81tUwLRs5QXdwfXrWOxJ4K72CSFGZbpIida2U5KgbmtBR4TOgivJ6YXtA4CW8fvmW38p8MXfqCDmCwYABVbYkCbZWDqL1u0iweGxlCsDXXLfqBMG5eaCcAsh5J1xbqoBF1Phh4QiLPficCr+aflTXzstWSzn77xSj2WtYl9IeJJcmVgj233ioUxGVLjBXO6BYk7XjdIPsZMfh+vge5qVTLQ04uXsu31FMHOduDYzgvuazk153lhl77KtkzXmh5XR6Ht+oddDKx1zsSKY0Ni4bDXYuVFM7LC3gbjdU/cX0Q3FxE6aXxYmG3FJ132X9jg0ccfuUAET/Wt52CKa1RUTepJrmREX85JC/M74UXEcD1kzAmttc4RXMTsMpG9T4jBgDp5RBVfFuop/cruxieBvujm9IJhWXqYjiuJXXEgBdn9CDO+hzbbOLQ71wzlKGqK1G5G2htu13svsK7JIO7tDI383F1NWwNydo3Xp80ERgDajUxStjZuWBoTEP4rTUzk0WDFAJd4Vny/XnxVOFefU1VOFawfh7p/Pdguk0Bu5KohdnUWjpjwtk4h3/pKUmmiY8ngkvb6m0kxeBZucPzLr7uYEiXRyHz8wFrDAI2OnQ98qllWYP2Iyo0EcNQa00ranl/4Hp2+CUNgu5tHnQTIQX3cKS75h2gUM4TIm3Dj1xo8WiyTbyIoFRXMjDpNF46ILgU98RGzbKJUHmYLi6AVtW+TEdHcbEbGnNiRva3dhFXjIS6uMKHYM8WPn6v0j8rZtBS6+XYBnWJPxVZvALNXJcyCNpDhKwL91eCfW++bp9UTtf9dU9tQ6iogDfLIs3wlyAQnCH81lmmqmPLHaHjqaycLuQEC9yj6ZF1VR1Y49+sKNQn3oV4vE9rjDLtNWM4yQSJSzxDhgroT2jaNWKEJKbztkyHLV5lpBsNFrjthZogjZ2ePODPp44Df24IYXgbkbxhFEQt8DQ7Y4hx6sPytejUlqWNy10jLv9BWqBhRuNbd0MeFs+B5ou25/JAnpnWxLHeezNcZW2AUynlMisvQFQ1vSW9zVXZjHGRWUOZC5WSAFWkzQrXhdoEBOBLHObF89W+IfSUSR6uFoasz5SwwEO7d3loEdfHRnsf3wSt8hM9CdWx+j+sMPsV+pISb5k8b9VjICDgwlyzEwvytjfHQFQ+PdwO4ZTgGSfQda8Mw3oGt11mJdFPHc4utgVVxEmjUgzKOg5pt53mo5u/O4rTgfP1UixTzSNkJa7UZVWklSZ7D9U7K/0ztiQFxyihhN6MVwQGbEKycicO53AP4Sf9wWw6kyaFMMH/0c+4kzyXFxbapcg+Q6PD6NPEaud7EH6NnOakDaaYdAVInJujKj4vT/7r5eY+cY3lahsyqBjh6TzDI2f56V12Oqf9uXtJ+EQiqd92CBizxTedj0JKeD0bpxrqa3lbzqeZnh3qNNjFmJiIcCKFUBFpJ0uy5LUkP1YdfpQmmyQhGlnurE56XBeHKLtbSMjkCo/WLGmIMpeEWsDk3jbzYKjvx4iFlyBKvK809wO554xPDhLZQ5HD2Uborp1xoBBW0gSqzBcYkxQHrSjMLtKbMRKQfHtpAPCFW9Sc9K4/lvboMegEoNXT7Q/FYK4lEMzztdO3rAG+En+9UFDju8da6d8PSPSz3sobuSNFS0LM11nSWHwBF6pI7+l2h4yR97Es7Ez8s1lWOrxIl67f+lIq8880489e1yWyRdLptMr5/kKk5F4Pm6ZYef+SgVyrzqVmDY7alQY5h8yHGRVRoGqsaKf7BJR4igBrwvuGisH63iaF3Ygvr+4lcnO0+6IvdDBzeV3kOxhcbO4y27lOs9mO9tYC6nWt30qB1pAD2K4/Fp6lYCZ4xx1bLZN+ZJD
            MIME-Version1.0

            File Icon

            Icon Hash:46070c0a8e0c67d6