Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.eml

Overview

General Information

Sample name:427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.eml
Analysis ID:1573641
MD5:b1c855f0a9a7684c44045f1450d8932b
SHA1:e0e97af137c37aceb30a6b0cac3b03ebf5fcccf4
SHA256:02f13762ef566ac00f5a201d45e029e0c172ed2ee56d639f872570981db46f30
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 380 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1552 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5B4D6A9E-AF61-440F-A186-0DCCD729B64C" "565D9E8E-F581-4076-9A72-C1083A2A6CBB" "380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6408 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.co.ve/url?6q=56svojeJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fdrschueda.com.br%2fyoya/e4sihnv3nldji/YW50b25pby5wb3pvQGFob3JyYW1hcy5jb20= $$$ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 1912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1948,i,1630521406922681041,9318030219833764443,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • Acrobat.exe (PID: 6756 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HJD5YNTI\jkfmii.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 684 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6880 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1932 --field-trial-handle=1584,i,17075430361318498351,14227155871090783106,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 380, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HJD5YNTI\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 380, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Email contains prominent button: 'keep my password'
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email contains a suspicious link with a non-matching domain (google.co.ve) that redirects to an unrelated website (drschueda.com.br), which is a common tactic in phishing attempts.. The sender's email address (ahorramas_ahorramas_ahorramas_vdat@livwellasia.com) does not match the legitimate domain of the company (ahorramas.com), indicating potential spoofing.. The email uses urgency by stating that the password will expire today, which is a common phishing tactic to prompt immediate action without careful consideration.
Source: EmailClassification: Credential Stealer
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownTCP traffic detected without corresponding DNS query: 52.6.155.20
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: google.co.ve
Source: global trafficDNS traffic detected: DNS query: www.google.co.ve
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: drschueda.com.br
Source: global trafficDNS traffic detected: DNS query: jddbdjhdjhfdjbdjbdjd.ztpccg.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: mal48.winEML@38/79@13/116
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241212T0634320578-380.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5B4D6A9E-AF61-440F-A186-0DCCD729B64C" "565D9E8E-F581-4076-9A72-C1083A2A6CBB" "380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5B4D6A9E-AF61-440F-A186-0DCCD729B64C" "565D9E8E-F581-4076-9A72-C1083A2A6CBB" "380" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.co.ve/url?6q=56svojeJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fdrschueda.com.br%2fyoya/e4sihnv3nldji/YW50b25pby5wb3pvQGFob3JyYW1hcy5jb20= $$$
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1948,i,1630521406922681041,9318030219833764443,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.co.ve/url?6q=56svojeJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fdrschueda.com.br%2fyoya/e4sihnv3nldji/YW50b25pby5wb3pvQGFob3JyYW1hcy5jb20= $$$
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1948,i,1630521406922681041,9318030219833764443,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HJD5YNTI\jkfmii.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1932 --field-trial-handle=1584,i,17075430361318498351,14227155871090783106,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding D1F084BB15D5DB0105306B466698A6E0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HJD5YNTI\jkfmii.pdf"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding D1F084BB15D5DB0105306B466698A6E0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1932 --field-trial-handle=1584,i,17075430361318498351,14227155871090783106,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.co.ve
172.217.19.195
truefalse
    		unknown
    drschueda.com.br
    		191.252.144.65
    		truetrue
      		unknown
      www.google.com
      		142.250.181.100
      		truefalse
        		high
        www.google.co.ve
        		216.58.208.227
        		truefalse
          		unknown
          jddbdjhdjhfdjbdjbdjd.ztpccg.com
          		209.38.247.52
          		truefalse
            		unknown
            x1.i.lencr.org
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://drschueda.com.br/yoya/e4sihnv3nldji/YW50b25pby5wb3pvQGFob3JyYW1hcy5jb20=%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9Afalse
                		unknown
                https://jddbdjhdjhfdjbdjbdjd.ztpccg.com/?cc=YW50b25pby5wb3pvQGFob3JyYW1hcy5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9Afalse
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  191.252.144.65
                  		drschueda.com.brBrazil
                  		27715LocawebServicosdeInternetSABRtrue
                  23.32.238.152
                  		unknownUnited States
                  		2828XO-AS15USfalse
                  216.58.208.227
                  		www.google.co.veUnited States
                  		15169GOOGLEUSfalse
                  52.111.252.17
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  23.218.208.109
                  		unknownUnited States
                  		6453AS6453USfalse
                  23.195.61.56
                  		unknownUnited States
                  		16625AKAMAI-ASUSfalse
                  162.159.61.3
                  		unknownUnited States
                  		13335CLOUDFLARENETUSfalse
                  172.217.19.195
                  		google.co.veUnited States
                  		15169GOOGLEUSfalse
                  23.218.208.137
                  		unknownUnited States
                  		6453AS6453USfalse
                  52.6.155.20
                  		unknownUnited States
                  		14618AMAZON-AESUSfalse
                  2.19.198.56
                  		unknownEuropean Union
                  		16625AKAMAI-ASUSfalse
                  52.113.194.132
                  		unknownUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  54.224.241.105
                  		unknownUnited States
                  		14618AMAZON-AESUSfalse
                  1.1.1.1
                  		unknownAustralia
                  		13335CLOUDFLARENETUSfalse
                  209.38.247.52
                  		jddbdjhdjhfdjbdjbdjd.ztpccg.comUnited States
                  		7018ATT-INTERNET4USfalse
                  172.217.17.78
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  23.32.238.240
                  		unknownUnited States
                  		2828XO-AS15USfalse
                  142.250.181.100
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  23.47.168.24
                  		unknownUnited States
                  		16625AKAMAI-ASUSfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  52.109.28.47
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  52.182.143.210
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  52.109.28.46
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  142.250.181.99
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  64.233.163.84
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  52.109.76.144
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                  Private

                  IP
                  192.168.2.17
                  192.168.2.16

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1573641
                  Start date and time:2024-12-12 12:33:49 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:29
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Sample name:427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.eml
                  Detection:MAL
                  Classification:mal48.winEML@38/79@13/116
                  Cookbook Comments:
                  • Found application associated with file extension: .eml

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe, TextInputHost.exe
                  • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 23.218.208.109, 52.109.28.47, 40.126.53.9, 20.190.181.5, 40.126.53.15, 40.126.53.11, 40.126.53.13, 40.126.53.7, 20.190.181.0, 40.126.53.18, 2.19.198.56
                  • Excluded domains from analysis (whitelisted): omex.cdn.office.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, a1864.dscd.akamai.net, ecs.office.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, www.tm.v4.a.prd.aadg.trafficmanager.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, login.msa.msidentity.com, uks-azsc-000.roaming.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • Report size getting too big, too many NtSetValueKey calls found.
                  • VT rate limit hit for: 427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.eml

                  Created / dropped Files

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):294
                  Entropy (8bit):5.164988451238293
                  Encrypted:false
                  SSDEEP:
                  MD5:ACF774FF71907CD142FA8E1919F378EF
                  SHA1:A8D370AA7EA38B12A4E68F0D4A5E581511D2C29D
                  SHA-256:B965580813DB0F1A65B83897396EBEAB391B8344EBE72D74638598CC915D5F67
                  SHA-512:3C5B2E435E75146B59AEA0C0A94A174970F078CDC84FA358B6266AB7C984980C48939D42F715DEC3571921DD3B7441B6BEAB4695EB4AC389560599AE790EA2CE
                  Malicious:false
                  Reputation:unknown
                  Preview:2024/12/12-06:36:11.978 12ec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/12-06:36:11.981 12ec Recovering log #3.2024/12/12-06:36:11.981 12ec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):335
                  Entropy (8bit):5.165890266296823
                  Encrypted:false
                  SSDEEP:
                  MD5:145BE4A93349D1200A8576C5AE2F90AB
                  SHA1:C627E763D553D6056B149CBA6DD99114EAFFE8D8
                  SHA-256:8DDBE101319A7AF58D4EE54C9E5DCF744FF6CE9F7A91FF44DB4042AE45E8A918
                  SHA-512:447F331450D57BA524B853A1110FDC0C8CC6E3884038B6D8554BE63B463C1807590BEDE8B1510006312E3EB5D55B6F0A041D1537EA5823DB6315C75933A5F51D
                  Malicious:false
                  Reputation:unknown
                  Preview:2024/12/12-06:36:11.878 670 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/12-06:36:11.881 670 Recovering log #3.2024/12/12-06:36:11.882 670 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\391e48d7-72f1-4e67-a232-6cd0e8fd7058.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:JSON data
                  Category:modified
                  Size (bytes):476
                  Entropy (8bit):4.96848335258301
                  Encrypted:false
                  SSDEEP:
                  MD5:04AAC248E03A6DE899BF8D792CFF74C0
                  SHA1:96132F7AB390BA4AA323F9F0B8E5FB0B6D2B78F6
                  SHA-256:E67E091BCDBE6CB5A9DC603D3A6759DD889B12B943BF8D45FBACA3147F4B8195
                  SHA-512:BBD62B1D9A165CB6DFF1B0EA42C84F2D1DA94961EDDEAD6F8BE84F87C31F351D1869BF6A3AFC2004092D37B21FAE8EE5960D07DE530706FE814B0DF619E8A531
                  Malicious:false
                  Reputation:unknown
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378563384053573","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":630550},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                  SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                  SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                  SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                  Malicious:false
                  Reputation:unknown
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF472977.TMP (copy)

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                  SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                  SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                  SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                  Malicious:false
                  Reputation:unknown
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c7a1737a-bc3b-4701-8ae2-6237c5f13b67.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):384
                  Entropy (8bit):4.932552339462053
                  Encrypted:false
                  SSDEEP:
                  MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                  SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                  SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                  SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                  Malicious:false
                  Reputation:unknown
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):6905
                  Entropy (8bit):5.24126786459999
                  Encrypted:false
                  SSDEEP:
                  MD5:43F05D13130B0FF64CF9092B78BB7A8A
                  SHA1:C91D21402627750B28C9DC3A0C88D57073CF9D86
                  SHA-256:DFDDE26C4E197362D9541F7BAFBACBDAA8BA5CC2241439174BC6372418E68204
                  SHA-512:F16F33F3946B4E8C18236D7242DE93C33120C54E74C6EE889DEF3ECE309255CBE02CECB938622F599DEFD3FD86AAD43F60BCC8117345CC4317CA163B4EB66E32
                  Malicious:false
                  Reputation:unknown
                  Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):323
                  Entropy (8bit):5.128902763190314
                  Encrypted:false
                  SSDEEP:
                  MD5:87A4298086DB8A131F91AD4629ACA1F7
                  SHA1:3A2A95B02C8586D90715EE3B684BB17471EA58C9
                  SHA-256:5406B3AF26D3A82ED4F3F55F83F1BBEA1D5A07187C6C8ECE75CD8268D91F65EC
                  SHA-512:FFD71BAE2AE8E1000A5084A68A62D58317882019852AEF1DCCD2496B262D4E558870768FD0836CEFD92697C6859538DB61703171FF59624CD7BC93C89D02B91F
                  Malicious:false
                  Reputation:unknown
                  Preview:2024/12/12-06:36:12.011 670 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/12-06:36:12.013 670 Recovering log #3.2024/12/12-06:36:12.015 670 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241212113615Z-160.bmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                  Category:dropped
                  Size (bytes):65110
                  Entropy (8bit):0.07311803465853434
                  Encrypted:false
                  SSDEEP:
                  MD5:B0E4665A019A52D96EFC1041FBD21AA1
                  SHA1:9A00D183EB06C7A424E2C164256CC68B98B72537
                  SHA-256:33EE4882642C30C5875CF8361A4447A95F3EE975B971CC91F342E02F4B91BBB2
                  SHA-512:48DD35B5A8827061FA1BF08666D1C28931C3D3C2485BC2DBBF9FDE9CF09D7B1797E642B97DD8D8EBCFF44E4CCC02F51E52FE62DD45800E21A3158550F288A2E6
                  Malicious:false
                  Reputation:unknown
                  Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                  Category:dropped
                  Size (bytes):86016
                  Entropy (8bit):4.444982739459215
                  Encrypted:false
                  SSDEEP:
                  MD5:56453ABD3F3F3BA1C46878B031CE8A9C
                  SHA1:6D0CE304624028768BFBEE68641B5C905697B3ED
                  SHA-256:B9BE624EEDA6DDD63A1DABFF39AC97D96391C040EDE99EFCCCC3509C10D89EB2
                  SHA-512:F09362EAF74BC0577C8C6E8E16435C833F3C59A716F84A7771D83BEDA9E766F2D9F20D965E9EECD64095D4EC5925D2A785DA71E68C499D1836DB0D12A9CD404D
                  Malicious:false
                  Reputation:unknown
                  Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):8720
                  Entropy (8bit):3.7689773107796594
                  Encrypted:false
                  SSDEEP:
                  MD5:9851ACDF899AB8996D28EDB96394FF0F
                  SHA1:638D26590EFBA3360E04292FE70628EE4F7C2FC0
                  SHA-256:4B9E0E78667698678DB90E254B410A3075F9A1CAAFB81BC0141911E060C9AF22
                  SHA-512:F0BCFE6D81D92AF78E451FF8EA16ACD929D623DCCA31BB4D2A6E374106ED67DB51E055434EFAD8C70531630D9C20E8F8B3ED118BD4FA9C13DB65CFFAE20D1D72
                  Malicious:false
                  Reputation:unknown
                  Preview:.... .c.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:Certificate, Version=3
                  Category:dropped
                  Size (bytes):1391
                  Entropy (8bit):7.705940075877404
                  Encrypted:false
                  SSDEEP:
                  MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                  SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                  SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                  SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                  Malicious:false
                  Reputation:unknown
                  Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4761 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                  Category:dropped
                  Size (bytes):4761
                  Entropy (8bit):7.945585251880973
                  Encrypted:false
                  SSDEEP:
                  MD5:77B20B5CD41BC6BB475CCA3F91AE6E3C
                  SHA1:9E98ACE72BD2AB931341427A856EF4CEA6FAF806
                  SHA-256:5511A9B9F9144ED7BDE4CCB074733B7C564D918D2A8B10D391AFC6BE5B3B1509
                  SHA-512:3537DA5E7F3ABA3DAFE6A86E9511ABA20B7A3D34F30AEA6CC11FEEF7768BD63C0C85679C49E99C3291BD1B552DED2C6973B6C2F7F6D731BCFACECAB218E72FD4
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF............,...................O..................YWP .disallowedcert.stl.lJ..B...CK.wTS.....{.&Uz.I."E".HS@. .P.!.....*E. .DQ..... EDA.H. E..""/.s<.s.9.....&#.{~k.VV..7@......b.R....MdT..B.L..%.C......" ....%.4%..%*.B..T.d...S.....pem..$....&.q.`.+...E..C.....$.|.A.!~d.H>w%S$...QC't..;..<..R@....2. .l..?..c..A....Ew...l..K$.. ~...'......Mt^c..s.Y%..}......h......m....h.......~d...,...=ge3.....2%..(...T..!].....!C~.X..MHU.o[.z].Y...&lXG;uW.:...2!..][\/.G..]6#.I...S..#F.X.k.j.....)Nc.].t^.-l.Y...4?.b...rY....A......7.D.H\.R...s.L,.6.*|.....VQ....<.*.......... [Z....].N0LU.X........6..C\....F.....KbZ..^=.@.B..MyH...%.2.>...]..E.....sZ.f..3z.].Y.t.d$.....P...,. .~..mNZ[PL.<....d..+...l.-...b.^....6F..z.&.;D.._..c."...d..... k9....60?&..Y.v.dgu...{.....{..d=..$......@^..qA..*uJ..@W.V..eC..AV.e+21...N.{.]..]..f]..`Z.....]2.....x..f..K...t. ...e.V.U.$PV..@6W\_nsm.n.........A<.......d....@f..Z... >R..k.....8..Y....E>..2o7..........c..K7n....

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                  Category:dropped
                  Size (bytes):71954
                  Entropy (8bit):7.996617769952133
                  Encrypted:true
                  SSDEEP:
                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):192
                  Entropy (8bit):2.7673182398396405
                  Encrypted:false
                  SSDEEP:
                  MD5:FA807FD70B334DBC55BA024D712D6BE3
                  SHA1:02452CB9823D5645D52EA109F6B65ABAB05384FB
                  SHA-256:4F1527A59189A9C0518F0DAC6BC85A78B089A4BB84F20AEC36612931EDCB3577
                  SHA-512:090F3C55EFBEF18B2915AF8F4B13267D68BE9B04050644B08A22B755F8CDC0CE09CA39F06A687C45C141A7624A461FD6B9A8A1423742DB083D55CEAEE5F6F14D
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ........!.D..L..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):340
                  Entropy (8bit):3.1617956878857845
                  Encrypted:false
                  SSDEEP:
                  MD5:D2DF18ED24C6F05263B9692FFA70A2AB
                  SHA1:1AEC9CB92B3EED871BCD0B36E871D478DF4D9880
                  SHA-256:232A4627EE597FA125A7A89D5D97451DF4979CC5FBA16BF50A5E6A6A091A43A2
                  SHA-512:4DF84CC8BDEA46F6431803F41DB390ABD8E4B9C7C04BCB88B45E4250D184F63F92D0657C8ED261BE42670789059B2C4288D05266B2731A4BC290EE3712F3139C
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... .........F..L..(....................................................... ........~..MG......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".0.6.c.f.c.c.5.4.d.4.7.d.b.1.:.0."...

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:data
                  Category:modified
                  Size (bytes):328
                  Entropy (8bit):3.150184159866505
                  Encrypted:false
                  SSDEEP:
                  MD5:154FD53D0C3B26B3433E0206C9610DCB
                  SHA1:D5367DA8B7B304AC11880B260AD77FB72C091ACF
                  SHA-256:8877628182D4AFADDCEC372877A10BFA3AB140CE2D8CF77DD70C01F456809F6E
                  SHA-512:80056C2F38B860CAB8ED072E95A660B3BD778C5E4DA1858219A35B46E0BE76290D086517574FA136226DF9CE97162B8D92CF4D4D77D8F5B0F2DEF2A4467FECE6
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ..........O$.L..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:PostScript document text
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                  Malicious:false
                  Reputation:unknown
                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2308

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:PostScript document text
                  Category:dropped
                  Size (bytes):1233
                  Entropy (8bit):5.233980037532449
                  Encrypted:false
                  SSDEEP:
                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                  Malicious:false
                  Reputation:unknown
                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:PostScript document text
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                  Malicious:false
                  Reputation:unknown
                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:PostScript document text
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:B60EE534029885BD6DECA42D1263BDC0
                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                  Malicious:false
                  Reputation:unknown
                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.2308

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:PostScript document text
                  Category:dropped
                  Size (bytes):10880
                  Entropy (8bit):5.214360287289079
                  Encrypted:false
                  SSDEEP:
                  MD5:B60EE534029885BD6DECA42D1263BDC0
                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                  Malicious:false
                  Reputation:unknown
                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):268018
                  Entropy (8bit):3.1755672416289817
                  Encrypted:false
                  SSDEEP:
                  MD5:8C9BABBBC71ADD34E0A73AAB07EDED7E
                  SHA1:CF0F51205ED182863B439D5A9FC27B89DB5461AD
                  SHA-256:F52A5E20F256B34B0F40462A06FE314685F41CED4AE48C039E80C191F3D90044
                  SHA-512:628230BCCAB5E71925C928C560665254CA47AF9041090C6EB28A4E4810F5AB30252DB19BBC2422FD84F32AB659A9862A729F9985893644F0C908C5A87B32F9B9
                  Malicious:false
                  Reputation:unknown
                  Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):295
                  Entropy (8bit):5.358061773421314
                  Encrypted:false
                  SSDEEP:
                  MD5:587CA5239E6DD0B4AF84ED10834210D3
                  SHA1:B86ADE7D9EB311556287B71102124B06C749661E
                  SHA-256:BA895D2A0ECB67AA618147AC893908383D77F5458A450C920BE233B6F21390C1
                  SHA-512:655BD53F640EB1225B2BC4DB9D75D6F78AFD85C93D7B846CCEE12C102CA8482D25051AD2CAFC5B23E56F9573AD5857B4E6C75688310E0C66F8D1E860D71A58E4
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):294
                  Entropy (8bit):5.3088495618555545
                  Encrypted:false
                  SSDEEP:
                  MD5:089BA26E506BB9B8130E2B012E34439F
                  SHA1:4D9843BBC124C604123FA5FC8185077336A249D6
                  SHA-256:797A2FA2F4D96D7B20E385B1AFCC56D5BFB465AF48AB518E990DC772D476D021
                  SHA-512:0E82AE8D6B330CE378EBAAA7FFAB788D7E1722C118D8A3A688DFC5207B18F7485DAF3C9A882EFC518D0E175CB19F79E5D5BC14E419E26EB51CF13A1E9A9E6ACD
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):294
                  Entropy (8bit):5.286392760074177
                  Encrypted:false
                  SSDEEP:
                  MD5:40916288EFDA5797EA5F8C1F4D1C3A5C
                  SHA1:3C460F6EDCF8203216CBA32451BFCA33E2664219
                  SHA-256:C9E3562A3E8A75FD59A0FDF825E1728581675E4C49B1EAFB5EDCFEA6FD46140E
                  SHA-512:763F927CACFAC92788CDB48C6D4B7ABDF1C25E4D9B0C75C91C05B12F91036E5B19E1FE6C924A86948A5EFA2760ED2E2D857E075BCACF01BD340DBD4BF9EDDB55
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):285
                  Entropy (8bit):5.3439722356797
                  Encrypted:false
                  SSDEEP:
                  MD5:17C4D7ECE291A96463DF8DE2F71836FA
                  SHA1:DA8A30A268FA647021F69A7E5A1F4F3BA5442DAF
                  SHA-256:AA271B20F533F696DA8FD49B457FBA702E4A49E4D15AE2E69766A28212D90E57
                  SHA-512:7ED6AA60E32EA78B9D48C9DB6BA0548F69D1A6AF3C45DB5A4EB294F250D35EA5CB10088A664DDBCA583F313FF5E393AD9CF96884112AD7A5AA801F2A8163D961
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):1123
                  Entropy (8bit):5.692250034507258
                  Encrypted:false
                  SSDEEP:
                  MD5:FBED403ACEBEA614FEF55EB6F1BACF83
                  SHA1:409A040A0131417ED0C98518316CCD5F249BEC29
                  SHA-256:14FF5B44835BA83A4E9AE4C729332C26AEE2DF5ED1AEE2FEC604D434B92918A3
                  SHA-512:36D9D3EBE5D0D761A0D72B1530D99328E86FA1326333644B9430D659B36B2B8D8040CB3D2FA578733A0AD6D8745E20546239184D80EC5ECE5B1152CDDEA7EB6E
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):289
                  Entropy (8bit):5.293102573836264
                  Encrypted:false
                  SSDEEP:
                  MD5:8167F682886931A7A7B2796E7BEFCC7E
                  SHA1:91FD2A2AD5D3D9E8EFEAFE2E240758E955DF554E
                  SHA-256:AAD3C7F66168455AF91F5AF8CE806B1FCEA670A116685B55695964BB7E77E283
                  SHA-512:8275E6A8D8EBC2C3C89017FF54CC7CA5A2A9DEE6A7E771147B82DA35AE1632B8BBAE2FCAADD7C47656AC1912255CD2484C855170DA0AD36111786035196B3769
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):292
                  Entropy (8bit):5.294746633998447
                  Encrypted:false
                  SSDEEP:
                  MD5:1F438791BC3F6EF0403C7CE05FD1DA2E
                  SHA1:8E83BBE4317D86A78ED9B847E2901C206A7CAD47
                  SHA-256:713BCE5084476246BF54D1CB8E4CF54157B5FE304862E029A28D592E51BD6934
                  SHA-512:E8041EADAE136E61C15311EEEA0E100EF8D8C968F980CCD6AD3D42C7A061D9A5C8CA60BC3F63ABD3FB58F80D5AA23EE204F1C016EF3409A13BB382260C1247C5
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):289
                  Entropy (8bit):5.30193425235452
                  Encrypted:false
                  SSDEEP:
                  MD5:28AE73C7170E176A9DC4ADDEC7B8ADB1
                  SHA1:897AA5B5DA32A447CF97E2288DBE1C29486C5D86
                  SHA-256:885D561EA7AF05280449CE2650F0AE4E4DA8BB37903FD053915C1D8792387984
                  SHA-512:CD730403AB18D1B1E71DA8C749DCC51AC3993C38A481B939C69907F98C6CDEA3FB4F861DA25B2464A5954054E684BA6CA49C72A39D08D8DD71068987A769F96A
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):295
                  Entropy (8bit):5.320413817453794
                  Encrypted:false
                  SSDEEP:
                  MD5:6ACEA1DB2D4FE5858F3CE768B7F19E90
                  SHA1:3502430894D701A3B37DD76F57F34ED1662B53CC
                  SHA-256:CF58D840A23268823E535CD97FE9FE2F1AFBAA5B14F1FA06FB2845EC6964361C
                  SHA-512:8CDDEAFD604A90B042CE1E3AB5C63893CE627C298EFFDD3E8981DBF9B6A59AF607425869C01A07F69EC07FBD387FB0150C2AC312EB05FF1D057474FDA48FF7E5
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):289
                  Entropy (8bit):5.301079363615755
                  Encrypted:false
                  SSDEEP:
                  MD5:FA1A00001E964A86D039A63693A331BD
                  SHA1:CFCE30C8850B8125B04B6579162533EF51B2E95E
                  SHA-256:884A685506E33E5A59249D8678FA897A18B2DDDC74884C94B8C8FF4FFF563BB9
                  SHA-512:4C2EFC44ACE4B252A8EFA106AC1C3E7EADED359E6AE233CC531C5F467B3105F4E7FA09B7D41E407D977D9B4449FA049723B85AA43906E59D7B2F8A478EF565AF
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):284
                  Entropy (8bit):5.286831037786147
                  Encrypted:false
                  SSDEEP:
                  MD5:18158C3CB42E01D70F33230AE1EC79B6
                  SHA1:45973E4F7C9171147C0667E06124E8CA365F6E53
                  SHA-256:E5324F729596560C8C490DCBC54E5B8F40E50E31D3632DD93ABC3D9C8B3AD864
                  SHA-512:379764BFA8EDFE79A435CB84C4AB0A9582D30510FBED08240120FE4567C48CD932C2AFEC2647F0187008646C6293608E2C573D9B72B3767792187B33A7A95AC8
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):291
                  Entropy (8bit):5.284619042982981
                  Encrypted:false
                  SSDEEP:
                  MD5:A385C237BDBF0A1093353AD217F2B3BF
                  SHA1:6A2A03DADB3EAB58854C6A38FA67F870B8534DA7
                  SHA-256:6D3D7B11483CCF73217B5C2BEDAE43AB795699B6CF23DBB6F228AFA953B8F3F7
                  SHA-512:8FD6E015B87FE39BDAB5F80873605CC441E78B25D68A320E747092A2E65F73D453A8AE9476192C4B5E601AB93F2ACC55098720FDDAAFC8AE5CCF8D65AE53A1E9
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):287
                  Entropy (8bit):5.286307202270645
                  Encrypted:false
                  SSDEEP:
                  MD5:7A1922305E649AFC314DDECC1DFD6FE7
                  SHA1:4E6506888B9A4E1026A26697FA553B33D0D27500
                  SHA-256:F5355D761D2714C644746A7FD4CFE0A6BA3E56E4D2EFB5FB04FED7A01DEDD79A
                  SHA-512:B503A3239D25919E4858CE3D6DDC98FB7F246B5C9D817FB9EF913D1AACC3F1E7E2ABB00A2A68396049D8912EE8327753BFBE8D9F587A74270417D1DD09BC85B2
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):1090
                  Entropy (8bit):5.664559951775608
                  Encrypted:false
                  SSDEEP:
                  MD5:D98A8B07A04D915B49AC8D9E6CDFC6BD
                  SHA1:673DE7AB72F0886A5D734A95264675FBB2CF8F81
                  SHA-256:7B059495D031B2BB758578B5CC41329ABAC83D05FFB5D58C76AC1E10F4D060EC
                  SHA-512:CE5EC2B6062EBEA8506228F1DC5DD829EA68C799D55EA758F8C840248BAA334B4D550D47B654EE8189CC96BD22ECEA280A759BEE3FBF2EBA643463DAD31A10F1
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):286
                  Entropy (8bit):5.259761789430962
                  Encrypted:false
                  SSDEEP:
                  MD5:96A1CEB1C758D1CFC5CD300968E41E8A
                  SHA1:B5DB965C983476B577964B24EC19F88343519CF3
                  SHA-256:8966D8E03D516F43922472128AAB5D044751A3FBC1616CB9E295B4F7F7044472
                  SHA-512:5208693E070717A73390E2E4A0384516714285EFF8F90276914072A9144E0F655AF0ABDFBB03C884C5479113A778D661770FA353B3A928548E3C5E6581534B31
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):282
                  Entropy (8bit):5.265649870155708
                  Encrypted:false
                  SSDEEP:
                  MD5:571690FFD18E5C9CE29D556D195CFF86
                  SHA1:B9D875690B99244FAD9877FDE014CE42C9FD7181
                  SHA-256:01BB55C172BC0FFE564FAFC1EFCF8AE43CD5978E731516F5C7A58864B062CB00
                  SHA-512:05D93C3473D87E94D5174B162832D29B06DE8A8BFD9DBDFA4BF4D474550814DD2D94BA069E46CF59D90A480330C2D936AB34B600AE0F783FC16793C60023FC65
                  Malicious:false
                  Reputation:unknown
                  Preview:{"analyticsData":{"responseGUID":"50dd156c-66d7-4152-a9ad-c9771521643c","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1734176302512,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):4
                  Entropy (8bit):0.8112781244591328
                  Encrypted:false
                  SSDEEP:
                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                  Malicious:false
                  Reputation:unknown
                  Preview:....

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):2814
                  Entropy (8bit):5.124354985283671
                  Encrypted:false
                  SSDEEP:
                  MD5:2938B341F25BFF880D3599C505D8D059
                  SHA1:A8F499323097598CE48A1A286F9A21E65D156FA2
                  SHA-256:33AFD6FE93903A91707075182473CD2B16AD00502F5B057560C7924F6F3561B7
                  SHA-512:5F9A2F17AD33F738CFC8BC5FEF50F1D4FC8DEF4BEF8EEEFBFAB1A86EAA29520E9FF64EFA16164184D61967508D4EAD69AC7007155DCE18B887BA37AB8CE3914E
                  Malicious:false
                  Reputation:unknown
                  Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"7820c6b5c8038e11f7f5550de0de0691","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734003382000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"57485fee1c09ceaece1d66b90593034c","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734003381000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"1a855408b4d0c251e1ae88150d87e363","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734003381000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f8dcb6b2e2b5fc73d7f506ef91240c60","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734003381000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"0c27470219f3eecdc3be70beb7a85671","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734003381000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"8114671e4b3982e2b5b842eb30e57432","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                  Category:dropped
                  Size (bytes):12288
                  Entropy (8bit):1.3578974107301838
                  Encrypted:false
                  SSDEEP:
                  MD5:96814D33EAA38971F8C41B327377C421
                  SHA1:2AE2AF7B4FFFDD21F20D19243779731FA5313B43
                  SHA-256:D9EE4ED388AFC8FF3C27550752A50276D2299607DDED6C96ACCC5480AE796E83
                  SHA-512:3FF34FE7E0F12726714F32C85CB6A4D97E837EF1D4AD3D8CAF9685BB318C853E0E60957E393D0DE6AD6444D0894B07D6915EDCCF0A6A8B473CF10C3966C6D8CD
                  Malicious:false
                  Reputation:unknown
                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):8720
                  Entropy (8bit):1.8285524193558254
                  Encrypted:false
                  SSDEEP:
                  MD5:D98D4F41FCF7833A8D0E5FA2A012176B
                  SHA1:5A118AFD4BC004A0162603564C1677CF69757A63
                  SHA-256:D306B59DA147B3B48972F4C5AFB780C34C576EBF14340FFA6E8D9887822367E0
                  SHA-512:6985B70B419F69C95699F96BCFC9B869E7BDF063C67780EF58CA0F50425DAED724182BB199DAED631426EA88DEC3C1AF853DD9596A6339B3B0145350CF2EBF09
                  Malicious:false
                  Reputation:unknown
                  Preview:.... .c..... .K.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):66726
                  Entropy (8bit):5.392739213842091
                  Encrypted:false
                  SSDEEP:
                  MD5:2F52F2CA72FF8F653890A4791670981C
                  SHA1:1228A94FC77E09A190F71F20FCD3F312A623E37B
                  SHA-256:8FD9A5D0A3A4351C2FFB5858B7382DB746CFA52700451A4A5F08671BE5132921
                  SHA-512:C24592060F6C66FF7A684478016B71AECADEAC7DD06BD897301301AD14EE75259547A4E93AA018E91AB8F3E95A5B1F6CD815C7676C8F3172B4BD643C65D5915D
                  Malicious:false
                  Reputation:unknown
                  Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                  C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):231348
                  Entropy (8bit):4.396640254720522
                  Encrypted:false
                  SSDEEP:
                  MD5:B920F62E9FB771AF0B716671D19A4488
                  SHA1:7A84E1CFA98FE6B496F142D86C867F23FD6B2FC0
                  SHA-256:FA742F2BEFBC525F25974B825F1AC8389C8650CADB43F1CDB0C8D307C463EE8D
                  SHA-512:ED881068E7E1ABBD392618020C8761C758E7BC22E43B8768D3B41F9A0605DE8E60EADB0F67E227C8E1906FC711C601E70C6D4E80496CC28F2CE285EA839BD7BA
                  Malicious:false
                  Reputation:unknown
                  Preview:TH02...... ..1[.L......SM01X...,... .L.L..........IPM.Activity...........h...............h............H..h..........x...h............H..h\tor ...AppD...h.K..0...@......h$.I............h........_`.k...hh.I.@...I.+w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. h._......X.....#h....8.........$h........8....."h........p.....'h..............1h$.I.<.........0h....4.....k../h....h......kH..h...p........-h .............+h..I................ ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                  C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
                  Category:dropped
                  Size (bytes):1869
                  Entropy (8bit):5.089102642133452
                  Encrypted:false
                  SSDEEP:
                  MD5:B9E20F7E5916127CA06C62FBDE9A2BBC
                  SHA1:97C0C959EA2DD97FF5DA6CCAA46944DFD811C783
                  SHA-256:696A2CB3E7437D7F0F8F6E830FAE2E98FDA74CB7F32AD4C361C09F78D34B4A75
                  SHA-512:261CEB1AD0385FBAF64B3EE208CD68D4017B6858630CFC23690552E96E69D532B21D04C0591F6EAF79A5635B433C463257BC4A998B7F02BA351A1CB8BDF18E62
                  Malicious:false
                  Reputation:unknown
                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-12-12T11:34:37Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T09:55:52Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:55:52Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215426</Id><LAT>2023-10-06T09:55:52Z</LAT><key>37262344671.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-06T09:55:52Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:55:52Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with very long lines (65536), with no line terminators
                  Category:dropped
                  Size (bytes):322260
                  Entropy (8bit):4.000299760592446
                  Encrypted:false
                  SSDEEP:
                  MD5:CC90D669144261B198DEAD45AA266572
                  SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                  SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                  SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                  Malicious:false
                  Reputation:unknown
                  Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):10
                  Entropy (8bit):2.721928094887362
                  Encrypted:false
                  SSDEEP:
                  MD5:DB422C0BC3002FB48615B34604050137
                  SHA1:D800FE047FECE367226E57D378A8B9F4D4E6C351
                  SHA-256:B8E41BD3FF1C5BDE743D6481A6DDA15CA0BF65C223167190E666DE9705B329F6
                  SHA-512:D0C7D0981AAB9B52852E8826A26DE363E1EF76480CE0A63E32C80834F8E85310D8B990141F79A1405D76004BC3AC2F7DD64DD06573190AD4FF0B19F7F2A08FE2
                  Malicious:false
                  Reputation:unknown
                  Preview:1734003281

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\215792DE-02A9-407D-8873-589F33472987

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):181859
                  Entropy (8bit):5.295296341507729
                  Encrypted:false
                  SSDEEP:
                  MD5:5CB63F4FAACA873B3B99830546469838
                  SHA1:151110E9DF459B5A4D5615693356A8D0F17E69E5
                  SHA-256:0EB3E6E22E1CC2C46BDB943AE0C9D0C93CB7D77CF4B2AB2F29F02D1944D52DD7
                  SHA-512:F8426057D735D53E98594FB1849245BC79E2AA974F44BBF3A7A355F44A5CAFC88B7145436E9F6E59A6F08BF8509E4920EA94A6E4E09B81E08310EEC16FD04655
                  Malicious:false
                  Reputation:unknown
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-12-12T11:34:36">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):0.09216609452072291
                  Encrypted:false
                  SSDEEP:
                  MD5:F138A66469C10D5761C6CBB36F2163C3
                  SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                  SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                  SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                  Malicious:false
                  Reputation:unknown
                  Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):4616
                  Entropy (8bit):0.13760166725504608
                  Encrypted:false
                  SSDEEP:
                  MD5:77539FA845AB036A1D2537CE644A0FAB
                  SHA1:6CFEFE1FFC1618A3FBDE81E1ADB8475096083DE9
                  SHA-256:8BCE9EEBE51AF254B2DBBE9ACFDED4F69DABE8225F6F12486AB7FFAE72D0588F
                  SHA-512:B265B974A304A0837670D58DA3EA45CFCBE7D4C27546B392CDF294966377C0BCFE26D21E5FE3192A261923E5E9678D7844CE54106C8F667F0E5A91AA700CB64F
                  Malicious:false
                  Reputation:unknown
                  Preview:.... .c.......w'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):0.04459625730731303
                  Encrypted:false
                  SSDEEP:
                  MD5:16488DE984D38EDE3F754F9A8D65BE4F
                  SHA1:510EB857AAE2164D4E74535C4AB897518AF54E9B
                  SHA-256:60CEC006198158D0CC52E2A8916F1A3BAF410C592B251A3A52A0451F48EAF788
                  SHA-512:185986BABE779EB720B35C168960F799ADEDE96245E65484175E1ACF582AE9D5FA292A073003536F66B4267C832D60DD8E407191A40AA6475F13A3722B5D258C
                  Malicious:false
                  Reputation:unknown
                  Preview:..-.....................-..{..B#.b.. ......dn....-.....................-..{..B#.b.. ......dn..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite Write-Ahead Log, version 3007000
                  Category:dropped
                  Size (bytes):45352
                  Entropy (8bit):0.39445221706660827
                  Encrypted:false
                  SSDEEP:
                  MD5:3B73E2865ACE5CD4F144DA4B33CFA79C
                  SHA1:C1E5940449D2FF81EAC7D34CF074E1962D986E38
                  SHA-256:42760A13500B22B56D1275755D6E299F9584250ABB8327604D67F4723F67E21D
                  SHA-512:C71F79BBD54118420FDB175D4CABA9CF12A6B54BA3A6C90D5B0E6646BEC610B34DCDE647B93767142D2267C13758A38E1D6240B240B7F85DAAA04BF683DF82FE
                  Malicious:false
                  Reputation:unknown
                  Preview:7....-..........#.b.. ..nI.6...........#.b.. ..:....|..SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):2278
                  Entropy (8bit):3.8570410328024765
                  Encrypted:false
                  SSDEEP:
                  MD5:F430D36279203BE432C70702B903439C
                  SHA1:006AC74BB825BE3B639BDCB1AE3F1230FCF146C0
                  SHA-256:D12AACBB711633148AD6FBB48ED89FCBE0AD4C30516C55E8B7BE862D473E4EC2
                  SHA-512:7CE1D84DBA5D3285ED6DED322D058C802AF02C9890B51A88CCD459B6F6FDFFA29D363DDB9E76D879832B5F98B17CCEF9C180BB144348201C4469EAABE335D232
                  Malicious:false
                  Reputation:unknown
                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.C.y.p.N.J.J.M.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.v.f.A.B.3.q.

                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):2684
                  Entropy (8bit):3.90666187336963
                  Encrypted:false
                  SSDEEP:
                  MD5:7C9ACD4E481D5B3F92F720AD3F8F7D88
                  SHA1:664259B711D9188CA4B6EBFDB1DBFF482E7B233E
                  SHA-256:424C034B523228235E40B2AD813E027DDB36D9B256D8821057EC3C92820AECD8
                  SHA-512:15CB7966D6A89EEAAA181EBED83487CF2F397AB75E2C0AE4CDD3251ED1AC3A755A5BF57E26C469465E645109EE8B2715B5773629C1B6ED79A212555CC9BCD7B1
                  Malicious:false
                  Reputation:unknown
                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".h.H.Q.g.T.F.t.r.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.v.f.A.B.3.q.

                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):4542
                  Entropy (8bit):3.994557132463404
                  Encrypted:false
                  SSDEEP:
                  MD5:1748C2CF53359BC19441BDC7CFA2C560
                  SHA1:4E0364B3A52E080CCC94FDB99C39B608A216E624
                  SHA-256:3D91C09067BEAFA533FA8037C8B35D133EF6E32BE75F4149E7C9BECD1C697480
                  SHA-512:96296E8007169B6B087EEB115083990C960D76FB898A8AD5DCAEC2752E5951D1819A66CF83115633447D4B855151C13B5185E71770C6256803E121BD6564AD90
                  Malicious:false
                  Reputation:unknown
                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".P.a.+.f.G.o.p.M.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.v.f.A.B.3.q.

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HJD5YNTI\jkfmii (002).pdf

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:PDF document, version 1.5 (zip deflate encoded)
                  Category:dropped
                  Size (bytes):33495
                  Entropy (8bit):7.841761238921606
                  Encrypted:false
                  SSDEEP:
                  MD5:73BD74B26A8E14DE4AC3BB48B6D66465
                  SHA1:DE04219C48460581DB35049BF4B9850CCA8D2322
                  SHA-256:73608FB5D7B81F5DE103A707C09C602925D8C016C0FDF339C0B4AE662076B7AE
                  SHA-512:514527EAD57E07A97606DD34A054FEF8A12C68CF5B3F70DEDF4C1D6E3AF257A2ADF758720FD0B998307D856ADD35708744F7DF04673E3BE96940209F7E6F5356
                  Malicious:false
                  Reputation:unknown
                  Preview:%PDF-1.5.%......2 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 595 842]/Resources<</XObject<</I13 3 0 R>>>>/Filter/FlateDecode/Length 60>>stream..x.+...*...2P0P..2.4..9`.....2...\y@u.y...N....44Vp......D..6.endstream..endobj.3 0 obj.<</Type/XObject/Subtype/Image/Width 2480/Height 3507/BitsPerComponent 1/ColorSpace/DeviceGray/Decode[0 1]/Filter/CCITTFaxDecode/DecodeParms<</Columns 2480/K -1>>/Length 31194>>stream.........pS..r.4...8.......,.i.?.N.\.G....e.Z.f..Ym.c.<r..R.W..PO-R..<....,.h.".p\.{.#,.h..(.T..F.3....V]e..O..#..m"76.....Z"Y!.#V~<...^(....q.;.,.jY....4t...#q..O0..a.n.9...k...$?y..Ky..L..y|.C..g4...B".=..3.{0.|......V$m...,.jY.y'.dt^?....?...<.........G....~t.......+.eD.B..L...e......;B/.c.k...C.t.Du3..)9J!."?...5.i......4..*....}.'L.Q..'.t..V0...).|..}...=;T.6H..$..;.c.{3..?..i...a...=..A..S..=......z .19....4U;....4"0.v.B.H..b!4/P..[....5T.....4I.av...+..G..Q.).........M5;..[.5.T..........uj@.6.S....kw...=j..pl....T..^.k.w.G.T.k.........#.F.Rp..;....~.

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HJD5YNTI\jkfmii (002).pdf:Zone.Identifier

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with CRLF line terminators
                  Category:modified
                  Size (bytes):26
                  Entropy (8bit):3.95006375643621
                  Encrypted:false
                  SSDEEP:
                  MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                  SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                  SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                  SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                  Malicious:false
                  Reputation:unknown
                  Preview:[ZoneTransfer]..ZoneId=3..

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EDC579B6-34BB-47CF-BA08-B85B98E14038}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):7972
                  Entropy (8bit):3.9226230328218294
                  Encrypted:false
                  SSDEEP:
                  MD5:0F30D35476A5C2AF5866C6BDEA90AD45
                  SHA1:B7548A3526AE99AC52367075FAC028E71C22C7A8
                  SHA-256:177D63FAE4E8664416DF8504B4E33FDC6E8F9A149F344D1FF7422A5896669397
                  SHA-512:717937295C013DE0DC1556FE8C9929B7A655E119761E74BB144608A951E6BB4C86C9D817C9581CFDC3E964FA59EDD6439915B60A98357E894649952C6ABB5F6C
                  Malicious:false
                  Reputation:unknown
                  Preview:........D.e.:. .A.d.m.i.n. .s.e.t.t.i.n.g.s. .<.A.h.o.r.r.a.m.a.s._.A.h.o.r.r.a.m.a.s._.A.h.o.r.r.a.m.a.s._.v.d.a.t.@.l.i.v.w.e.l.l.a.s.i.a...c.o.m.>. ...E.n.v.i.a.d.o. .e.l.:. .j.u.e.v.e.s.,. .1.2. .d.e. .d.i.c.i.e.m.b.r.e. .d.e. .2.0.2.4. .1.1.:.1.9...P.a.r.a.:. .A.N.T.O.N.I.O. .D.E.L. .P.O.Z.O. .M.A.R.T.I.N. .<.a.n.t.o.n.i.o...p.o.z.o.@.a.h.o.r.r.a.m.a.s...c.o.m.>...A.s.u.n.t.o.:. .R.e.:.R.e.:.R.e.:. .P.a.s.s.w.o.r.d. .C.h.a.n.g.e. .(.e.n.).....................................................................................................................f...h.........................................................................................................................................................................................................................................................................................................................................$.-D@.M............a$.....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4.....

                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1734003272793366300_FB90C1D4-F310-45E8-8188-C03519C28413.log

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):20971520
                  Entropy (8bit):0.013513579163235152
                  Encrypted:false
                  SSDEEP:
                  MD5:722AE1C4E3136CA6465E405839B2844D
                  SHA1:50BEB68B8C21DC28C5926DC6D28CF603F83CAEA7
                  SHA-256:FD3093A438E014CBA384022D21665C11F65AA7E3C6FBE625354B6FD7886422B0
                  SHA-512:A22497C113A7D079922092F29C54CABE8AA7FD18CD4CD021BCEE0AF2FA08237086DFA11932E408A61DC517BCCDF5628FC1944528901D42FC928032FB3116532A
                  Malicious:false
                  Reputation:unknown
                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/12/2024 11:34:32.817.OUTLOOK (0x17C).0xC14.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-12-12T11:34:32.817Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"35C1E0F6-D573-4DEB-AF77-D9271B4CA467","Data.PreviousSessionInitTime":"2024-12-12T11:34:13.366Z","Data.PreviousSessionUninitTime":"2024-12-12T11:34:16.444Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...12/12/2024 11:34:32.849.OUTLOOK (0x17C).0x634.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":23,"Ti

                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1734003272794091000_FB90C1D4-F310-45E8-8188-C03519C28413.log

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):20971520
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                  SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                  SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                  SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                  Malicious:false
                  Reputation:unknown
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSI6f49c.LOG

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):246
                  Entropy (8bit):3.5209238895127717
                  Encrypted:false
                  SSDEEP:
                  MD5:A2DEC312FF08D8CE4D3D68F3803039FE
                  SHA1:C38B8F3E7142BAA05B7F750130B5C6FADFD8C797
                  SHA-256:C2597A73C2D52ABF31288F532D02D94D770E668D1CC18AA54893C675EA4832F7
                  SHA-512:88C4B978D7E6FC69A8A60A944D543A9A6A237B4DC024FDF8825FB74D92BBA3B84AA1AB6AB4B4EBE739E7306EA1F9B4E4E6C0AB0BEF4E49B9CC204636F3A3B236
                  Malicious:false
                  Reputation:unknown
                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.2./.1.2./.2.0.2.4. . .0.6.:.3.6.:.1.9. .=.=.=.....

                  C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241212T0634320578-380.etl

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:modified
                  Size (bytes):217088
                  Entropy (8bit):4.90382049107664
                  Encrypted:false
                  SSDEEP:
                  MD5:10D0BFB678E3ECE8C6699383A9299D07
                  SHA1:4FB5E5BDB8D5B62C3813E38675EB6E7FC971EA7F
                  SHA-256:5180F88D638B0AE419465963C71311F79CA12E4B67892D84673285D04F8E5B2E
                  SHA-512:D2AB6F6A1CEF4C427EF6532BAF865C7EB0DBAEB56542A582AB344E44AE9DAC8DD00D303CE79AF89FE21866CC2E598ABCA665B13CD2B9D8CCC5F4873C896FA687
                  Malicious:false
                  Reputation:unknown
                  Preview:............................................................................`.......|.../.B.L..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................p.V..Y........../.B.L..........v.2._.O.U.T.L.O.O.K.:.1.7.c.:.b.f.d.4.1.2.3.2.e.9.0.f.4.a.b.8.b.1.2.1.7.d.4.7.2.2.2.3.b.c.c.f...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.2.1.2.T.0.6.3.4.3.2.0.5.7.8.-.3.8.0...e.t.l.......P.P.....|.../.B.L..........................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-12 06-36-14-123.log

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text, with very long lines (393)
                  Category:dropped
                  Size (bytes):16525
                  Entropy (8bit):5.359827924713262
                  Encrypted:false
                  SSDEEP:
                  MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                  SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                  SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                  SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                  Malicious:false
                  Reputation:unknown
                  Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text, with very long lines (393), with CRLF line terminators
                  Category:dropped
                  Size (bytes):16603
                  Entropy (8bit):5.310274648452018
                  Encrypted:false
                  SSDEEP:
                  MD5:D838A9B03C5B66B21E742399BD968E14
                  SHA1:D646B088FCDDB94CDA04860F1846B5AB4CAFF1C0
                  SHA-256:FC83B3D9507D5B095182F95D22659C362F2184F6BD0A6D56730CDC78D3CFD700
                  SHA-512:D1CA94F5B05BF1B462B639E52A81A56A47E64AAA24782E6B48E8CD3E73533385186C6E42C94C7479B1459FC491B6772E83FD04347B83C04725855C0CD8EB89F4
                  Malicious:false
                  Reputation:unknown
                  Preview:SessionID=0cf660b7-42d7-4343-ae12-e96ddcdb60e8.1734003374134 Timestamp=2024-12-12T06:36:14:134-0500 ThreadID=6100 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0cf660b7-42d7-4343-ae12-e96ddcdb60e8.1734003374134 Timestamp=2024-12-12T06:36:14:136-0500 ThreadID=6100 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0cf660b7-42d7-4343-ae12-e96ddcdb60e8.1734003374134 Timestamp=2024-12-12T06:36:14:136-0500 ThreadID=6100 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0cf660b7-42d7-4343-ae12-e96ddcdb60e8.1734003374134 Timestamp=2024-12-12T06:36:14:136-0500 ThreadID=6100 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0cf660b7-42d7-4343-ae12-e96ddcdb60e8.1734003374134 Timestamp=2024-12-12T06:36:14:137-0500 ThreadID=6100 Component=ngl-lib_NglAppLib Description="SetConf

                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):35814
                  Entropy (8bit):5.421410991073138
                  Encrypted:false
                  SSDEEP:
                  MD5:A2A3B2A362FB560303064A117FF48EA9
                  SHA1:7E833B24294B1D020B3D20C27D0AF4A88F2B8FDF
                  SHA-256:E6EAD9ED174D9FCAF5D2EE4985195BE6745D0A1488E3F56730DAE219CDE54B11
                  SHA-512:A8DB5D2213FFD1460992B91885F77F9E69999D1A22BBC99ABB4B4178A0B9F553D7AE96CD11BEEA93F1FD10D4484A5D659AEEF8DAFCD2F4CCA1E590449CA65A18
                  Malicious:false
                  Reputation:unknown
                  Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

                  C:\Users\user\AppData\Local\Temp\acrocef_low\00743385-18d3-4374-a011-60da37784e8f.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                  Category:dropped
                  Size (bytes):1419751
                  Entropy (8bit):7.976496077007677
                  Encrypted:false
                  SSDEEP:
                  MD5:35DD2EA7D068970C0D346B42DBA2C0D0
                  SHA1:252F01E009F748D4F3F4638AC43ECE5983E5484D
                  SHA-256:9CFAF7F7042A9FD32EE060F6C160A3DD6DF165856E18834886992A44666EED21
                  SHA-512:0E806CA0499701AA9A7FD4B0E08DC2FFDAFB84DE1035D74F2C3C150A9E2161443924F1B68C8FD59A622BF983FEBD5FC1939EA34CD320268CA0EEC8145593E113
                  Malicious:false
                  Reputation:unknown
                  Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

                  C:\Users\user\AppData\Local\Temp\acrocef_low\6cfa309b-6591-4ada-a976-8aed11c9862f.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                  Category:dropped
                  Size (bytes):1407294
                  Entropy (8bit):7.97605879016224
                  Encrypted:false
                  SSDEEP:
                  MD5:E2EE31E00079B09CCA084BE84EF82DBF
                  SHA1:F25477102D18655EC480EE75BA662DCDABB448CF
                  SHA-256:5B71ED1934A28806778705102E7ED43934D82373F9561FD85DE9074CE0FF6FDD
                  SHA-512:CADC9F2C33C534DF7A03504201699E022EA790CABA280BEB58C09ADE88E87B2CE027F6D1659D40FB54C26037D81D24180E3B51020DA6DD6B007BDFBDA6C2CD20
                  Malicious:false
                  Reputation:unknown
                  Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

                  C:\Users\user\AppData\Local\Temp\acrocef_low\94f9ef2b-25fd-4d91-a6c8-bf4266b8d309.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                  Category:dropped
                  Size (bytes):386528
                  Entropy (8bit):7.9736851559892425
                  Encrypted:false
                  SSDEEP:
                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                  Malicious:false
                  Reputation:unknown
                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                  C:\Users\user\AppData\Local\Temp\acrocef_low\a2ea1ed8-803c-4f11-b2cc-147e62da4254.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                  Category:dropped
                  Size (bytes):758601
                  Entropy (8bit):7.98639316555857
                  Encrypted:false
                  SSDEEP:
                  MD5:59EE5E2FB56A099CAA8EDFD7AF821ED6
                  SHA1:F5DC4F876768D57B69EC894ADE0A66E813BFED92
                  SHA-256:E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75
                  SHA-512:77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE
                  Malicious:false
                  Reputation:unknown
                  Preview:...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=*.R........4..(WCMQ..u]]R...R......5.*..N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]|..7;.5....^..7(.E..@..s...2..}..j....*...t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...z*Bs|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5|:bj[.._R{gi...^

                  C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):30
                  Entropy (8bit):1.2389205950315936
                  Encrypted:false
                  SSDEEP:
                  MD5:92F14179F6F978E0BEBBBCFCD40775D6
                  SHA1:2612494A7B2B9B5807F38B643D6C08BE1F6D5BBE
                  SHA-256:1C95AFEC11F5FB1D947ED7C35284F8B6F2727E8F8F5FFC3696ABCC973B5A7E2C
                  SHA-512:820A28BB0CFD7DDBBB607DBA334CFFD79690AE3B1820EE04D0399ECF5A1FBB78E7BC04B2CA439DB2FB757628760189EF558BECAA76FB9363B2AB326E20233D5A
                  Malicious:false
                  Reputation:unknown
                  Preview:....h.........................

                  C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):16384
                  Entropy (8bit):0.6698969565473194
                  Encrypted:false
                  SSDEEP:
                  MD5:B717EB5FBE2822258F4C3547F2806CBE
                  SHA1:522BA68FD1BA9BA40D9CC32B69CC64C31C30B1C6
                  SHA-256:53FD7C0DA7F28EB041282DE3AA32C8F418F5208911583EE565E6660A81BD7C4C
                  SHA-512:B0473DB6AA345AE411709A281AE50B5BFDE660E92C5F2155E730E48C93C2E0678CF6AF966C047EF246EDE3E59E9FF7AF95A49F58A29A04712AF7E93D6E32E176
                  Malicious:true
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:modified
                  Size (bytes):18
                  Entropy (8bit):2.725480556997868
                  Encrypted:false
                  SSDEEP:
                  MD5:A5E51FDFAF429614FB5218AB559D299A
                  SHA1:262EC76760BB9A83BCFF955C985E70820DF567AE
                  SHA-256:3E82E9F60CE38815C28B0E5323268BDA212A84C3A9C7ACCC731360F998DF0240
                  SHA-512:9B68F1C04BDE0024CECFC05A37932368CE2F09BD96C72AB0442E16C8CF5456ED9BB995901095AC1BBDF645255014A5E43AADEE475564F01CA6BE3889C96C29C9
                  Malicious:false
                  Reputation:unknown
                  Preview:..t.o.r.r.e.s.....

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 10:35:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.9844201090628593
                  Encrypted:false
                  SSDEEP:
                  MD5:50EC1ACE2E2269202B59578AADC21B59
                  SHA1:964BF97675FB25417616382DB7C2240581A681CD
                  SHA-256:B847EEC33C2B408FE3787235A0B4E0F0E50C11C07DD9728A346DE1630929BE0D
                  SHA-512:0DEF17A0FB82D617B5E35D5EBA356170A714E43106CD471B4E8C49FA44BA3A647485A9638FEE2188E095F3857C48E260CD834A0A453E41CA2F05658467A56086
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....y...L......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.YG\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y|\....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y|\...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.\...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.O......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 10:35:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2679
                  Entropy (8bit):3.997875858214073
                  Encrypted:false
                  SSDEEP:
                  MD5:B63AC1DBCB5E89CCA12A37ADDCB0E139
                  SHA1:E6D45AECD2A362D6C653E0C8ADC5AB406ECBA440
                  SHA-256:6218D55DD2B69E207D8E4890ED0AE9985372920233637DE458991786193AAED0
                  SHA-512:03917A1E85371A63343BD49DC897008974FCC066D5F9EDDBE3691930D152671C6CD43838F45B25EE8A0192B199F892D54B0B5F6519EBDC1C0264A05DF391DBEE
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....Rm...L......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.YG\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y|\....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y|\...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.\...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.O......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2693
                  Entropy (8bit):4.010162670535951
                  Encrypted:false
                  SSDEEP:
                  MD5:D169BDC909FA4685FE3AA64B82C7BAF1
                  SHA1:4AF24278FAE24AC51DBD1CAE64ED139C10E7F105
                  SHA-256:1DF66D9D4A81C523D0838A48ADB3253EC86D222F1837E60747C48831EF0E9B1C
                  SHA-512:37784BD0A0E6E66A498FC8721624BA3BD5E646AAF46604EB0EFA9A4EA8EE90436BD5B50786C9C28C9D4994B12EEE7F5607391C6EE21C43774BB82B95B90178D7
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.YG\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y|\....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y|\...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.O......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 10:35:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2681
                  Entropy (8bit):3.9962175967948173
                  Encrypted:false
                  SSDEEP:
                  MD5:967B4803A0580C4BFD4AC29E719BF057
                  SHA1:13620972C7B7CE9C995B74634844CD93A21FBE5E
                  SHA-256:6D75CA1E8293649401D35DCD8AA1BCDA533E59AE1679A8CDE355CD66356B98A1
                  SHA-512:3251A0733715A6F9F83851279619FDED552EEC0B186ACD51B189437AFEF7ECBE3C9C988369129203AF0A4E4920A7B70CE6C145C20673F8F4D539389F5D881B46
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....|.y..L......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.YG\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y|\....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y|\...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.\...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.O......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 10:35:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2681
                  Entropy (8bit):3.9866829402053936
                  Encrypted:false
                  SSDEEP:
                  MD5:FBCE3E8AE4F5DF4D544475D8114AF344
                  SHA1:9453221D309A691900342DD413BA602000C67364
                  SHA-256:BCB9E18D5D2C65B7FEE42C9C4D3DBC55A6C587B25A75CF95AF70314B42A77479
                  SHA-512:60FCA5A87C8846CA4475C83E29AC27FB5403B11844D9F576CE229318B6F2D92E4F764F9BA3BB307B34BBBAFC77E479A6D5266D3852EEB168F244867A0569B1DE
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.........L......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.YG\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y|\....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y|\...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.\...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.O......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 10:35:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2683
                  Entropy (8bit):3.996332315648279
                  Encrypted:false
                  SSDEEP:
                  MD5:61BEDD7C1D7C563524A02163B6ED3540
                  SHA1:1F8A25FEA5A5BE05629B8D53E2BDE007E1677378
                  SHA-256:A097B55385861336BA039643DE8E52C31B63AB3293ED15F175116C2249A809C4
                  SHA-512:4B31719CA20EB41CB22920BEBF9BE882406883CEF9BD54EADD53CED104F619E04D2E1D3A43C84202D0EEB71477498B5A8A1276AB726AF0CC17FBABF90887FF36
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....*}n..L......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.YG\....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y|\....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y|\....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y|\...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.\...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k.O......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Microsoft Outlook email folder (>=2003)
                  Category:dropped
                  Size (bytes):271360
                  Entropy (8bit):5.8505939797842315
                  Encrypted:false
                  SSDEEP:
                  MD5:5D5B8F9F0B867DD63F9C14E0594C13A3
                  SHA1:161BAA40B4973A9A4BF9A4BDE9ED16020401C4F3
                  SHA-256:6E73E59C167DFFEC208DBEA5A713BA2B3A4F6CEBEBE766ADF7E516BE774BCD84
                  SHA-512:B1311105B60B08670D9FC528AB77A5392119915A4437C280181F0A841624423ADD78974EDB42BE705A9D86553633D413F8BC02D3E6C3EF371BBD2EE105A3653E
                  Malicious:true
                  Reputation:unknown
                  Preview:!BDN..a.SM......\...............H.......h................@...........@...@...................................@...........................................................................$.......D......................G...............C....................................................................................................................................................................................................................................................................................................N..$7......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):262144
                  Entropy (8bit):5.135369610812966
                  Encrypted:false
                  SSDEEP:
                  MD5:2A30CE9825575BB78FCC405374EB719C
                  SHA1:C4A709287C724EF0A3D77601BEA4DA577C687A5E
                  SHA-256:DDBA50B64F3F7F9DF2900BB8B68637A3FD1760D34BB856F0F20C93C7951D0170
                  SHA-512:CCC78B61430244389F5A0526421F63C9D5D020019BD0B3481C962823012988251B317061BE656F8EB63493BEB4717C9A3FA5F6150DB1C8634FB29D18211E046C
                  Malicious:true
                  Reputation:unknown
                  Preview:.g..C...|.......|....h#.L....................#.!BDN..a.SM......\...............H.......h................@...........@...@...................................@...........................................................................$.......D......................G...............C....................................................................................................................................................................................................................................................................................................N..$7...h#.L.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                  Chrome Cache Entry: 205

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (65454)
                  Category:downloaded
                  Size (bytes):731902
                  Entropy (8bit):6.200899178121074
                  Encrypted:false
                  SSDEEP:
                  MD5:A51687E72FF41B605555EA5C8E01B736
                  SHA1:06CDFB0DD151FB5CCDAF7DE526D93AD932277774
                  SHA-256:2234775719F23E64627060D7743E4588AC79DD409A3EBE4C7257E39590D843CD
                  SHA-512:10BABC19C6E1CDAA6385A0E646C8746A4934F28BAC9A1C9412985E355B1BC209698B97E75EB59479F6D0C286152A8543032593BE3D272BBB69336642CA4A6772
                  Malicious:false
                  Reputation:unknown
                  URL:https://jddbdjhdjhfdjbdjbdjd.ztpccg.com/?cc=YW50b25pby5wb3pvQGFob3JyYW1hcy5jb20=%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A$$$%C3%83%C2%A3%C3%A2%C2%82%C2%AC%C3%A2%C2%80%C2%9A
                  Preview:<!DOCTYPE html>.<html lang="en">. <head>. <script type="text/javascript">. function a0u4(){var A7=['tgLqz','onmessage','','yxkiV','[object\x20','2876733ItvJqm','','gzrHP','Dqyfk','vrBcF','ApplePaySession','open','vfXvE','','QgZVV','Counter','div','WebKitMutationObserver','KuuZm','Can\x27t\x20convert\x20object\x20to\x20primitive\x20value','#SidebarIklan-wrapper','exp','#backkapat','log1p','1.25','MessageChannel','random','acosh','pageYOffset','','yHzXM','#mod-social-share-2','debug','\x0a\x20\x20','hasRegExpGroups','uiiaj','SecurityError','apply','drNJv','div[class^=\x22app_gdpr\x22]','gQUvU','','dispatchEvent','catch','Helvetica\x20Neue','IoYdF','acos','MS\x20Outlook','RENDERER','height','#ea_intext_div','match','','hJUox','parent','])[','multiline','foo','','default','done','entries','target','function','create','cos','LfpXI','ZUZDw','EnEHR','devicePosture','[data-cookie-number]','.mainostila','sans-serif-thin','MozAppearance','TRAJAN\x20PRO','','2262378QarMpo','sessionStorage','(?

                  Static File Info

                  General

                  File type:RFC 822 mail, ASCII text, with CRLF line terminators
                  Entropy (8bit):6.024622825380762
                  TrID:
                  • E-Mail message (Var. 5) (54515/1) 100.00%
                  File name:427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.eml
                  File size:164'850 bytes
                  MD5:b1c855f0a9a7684c44045f1450d8932b
                  SHA1:e0e97af137c37aceb30a6b0cac3b03ebf5fcccf4
                  SHA256:02f13762ef566ac00f5a201d45e029e0c172ed2ee56d639f872570981db46f30
                  SHA512:b3202fa70dd3767be663ddc16962069b13ae247d4dc0cb2929bec89cdcc8f81849ceccea5d05d3c1d4058bb7e06e7f116c422f44c7f76e933a706d6473daf01e
                  SSDEEP:3072:KzLUR/bld4u1rH8fSCQLHcCu/bld4u1rH8fSCQLHcCa/bld4u1rH8fSCQLHcCg:D71rHASZL8Cu71rHASZL8Ca71rHASZLK
                  TLSH:FAF3E118C111236F7230E87BA839761D7AD53BDF4CD7908B47B67C402A1C6B825FADA9
                  File Content Preview:Received: from DB9P189MB1690.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:2ad::11).. by DB3P189MB2621.EURP189.PROD.OUTLOOK.COM (2603:10a6:10:433::14) with.. Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8251.15;

                  Static Mail

                  General

                  Subject:RV: Re:Re:Re: Password Change (en)
                  From:ANTONIO DEL POZO MARTIN <antonio.pozo@ahorramas.com>
                  To:ALEJANDRO JOSE JIMENEZ LOPEZ <alejandrojose.jimenez@ahorramas.com>
                  Cc:
                  BCC:
                  Date:Thu, 12 Dec 2024 10:52:35 +0000
                  Communications:
                  • De: Admin settings <Ahorramas_Ahorramas_Ahorramas_vdat@livwellasia.com> Enviado el: jueves, 12 de diciembre de 2024 11:19 Para: ANTONIO DEL POZO MARTIN <antonio.pozo@ahorramas.com> Asunto: Re:Re:Re: Password Change (en) No suele recibir correo electrnico de ahorramas_ahorramas_ahorramas_vdat@livwellasia.com<mailto:ahorramas_ahorramas_ahorramas_vdat@livwellasia.com>. Por qu es esto importante<https://aka.ms/LearnAboutSenderIdentification> hh7OFFlCE-365 Password for your email (antonio.pozo@ahorramas.com<mailto:antonio.pozo@ahorramas.com>) expires today, you are to keep the current one so as not to be disconnected today <https://google.co.ve/url?6q=56svojeJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fdrschueda.com.br%2fyoya/e4sihnv3nldji/YW50b25pby5wb3pvQGFob3JyYW1hcy5jb20=$$$> Keep My Password <https://google.co.ve/url?6q=56svojeJLi6z73yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fdrschueda.com.br%2fyoya/e4sihnv3nldji/YW50b25pby5wb3pvQGFob3JyYW1hcy5jb20=$$$> Ahorramas.com lT Help Tony OrozcoTy Walls;Kalon Dudley;Art Guerrero;Blake Huber;Jason Vrana;Tony OrozcoSent from my iPhoneBegin forwarded message:Saileena Maknojia ** EXTERNAL E-MAIL **This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.Dear Vendor/ Partner, Good Afternoon! I hope all is well Below is the update on the close & new memberships, which was approved this week. Close Membership The below-mentioned Acc# 1778, 1805, and 2125 are now closed. The close membership date is 11/20/2024 1778Forest Bluff Grocery (1778)- CLOSEDDPM Business, Inc14300 FM 969 Unit AAustinTX78724512-276-97753-20595-0014-31805Bueno Mexican Market (1805) - CLOSEDDPM Business, Inc14300 FM 969 Unit DAustinTX78724 3-20595-0014-32125Bubbles (2125)- CLOSEDKokariya LLC620 S Fort Hood StKilleenTX76541(254) 213-31753-20853-3253-7 Furthermore details: All 3 accounts 1778, 1805 & 2125 are NOT returning as GAMA. New Membership: Please Welcome our New GAMA Member, Account # 2190, who joined on 11/20/2024. I've attached a list, so please update it accordingly. Acc# 2190- It is a brand-new store with GAS. For account setup, you can reach the Owner, Mr. Renish, at (832) 212-1437 or Manager Nazim at (512) 748-7694 ** For Acc# 2190 location GAMA - Business Development Rep / Field Representative/ Compliance / Member Relation Rep is Ms. Stephanie Tamez Email: stephanieT@gamaus.com**<mailto:stephanieT@gamaus.com**> Thank You! Regards,----Saileena Maknojia PraslaP: (512) 374-1413 EXT: 7714F: (512) 735-7764E: saileena@gamaus.com<mailto:saileena@gamaus.com> Visit us on our website: www.gamaus.com<http://www.gamaus.com> Greater Austin Merchants Cooperative Association8801 Research Blvd.,Suite 102Austin, TX 78758 **** This e-mail and any attached files may contain confidential information that is privileged and/or exempt from disclosure. The information is intended only for the use of the individual or entity named above. Any unauthorized disclosure, copying or distribution of the contents of this information is prohibited.**** [https://ahorramas.net/image/ahorramas-long.png] Antonio del Pozo Martn Compras PF Direccin Comercial ________________________________ antonio.pozo@ahorramas.com Telefono: 916602145 / Movil: C/ Pintores 4 (28891, Velilla de San Antonio, Madrid) www.ahorramas.com Este mensaje y, en su caso, los ficheros anexos son confidenciales, y se dirigen exclusivamente al destinatario referenciado. Si usted ha recibido este mensaje por error, no debe revelar, copiar, distribuir o usarlo en ningn sentido. Le rogamos lo comunique al remitente y borre dicho mensaje y cualquier documento adjunto que pudiera contener. Le informamos, como destinatario de este mensaje, que el correo electrnico y las comunicaciones por medio de Internet no permiten asegurar ni garantizar la confidencialidad de los mensajes transmitidos, as como su integridad o su correcta recepcin, por lo que el emisor no asume responsabilidad alguna por tales circunstancias. Cualquier opinin expresada en este mensaje pertenece nicamente al autor remitente, y no representa necesariamente la opinin de Ahorramas, a no ser que expresamente se diga y el remitente est autorizado para hacerlo. Le enviamos este correo desde AHORRAMAS, S.A., con la finalidad de mantener la relacin que nos une con Usted y para el correcto desarrollo de las actividades de nuestra organizacin. Recuerde que puede acceder, rectificar, suprimir o pedir la portabilidad de tus datos, o limitar u oponerse a algunos tratamientos, aportando copia de su DNI, a travs de la direccin protecciondedatos@ahorramas.com. Para ms informacin, puede consultar la Poltica de Privacidad de AHORRAMAS, S.A., o escribir a protecciondedatos@ahorramas.com.
                  Attachments:
                  • jkfmii.pdf
                  • jkfmii.pdf
                  • jkfmii.pdf

                  Headers

                  Key Value
                  Receivedfrom DB9P189MB1690.EURP189.PROD.OUTLOOK.COM ([fe80::35f6:8e73:9eb6:4b28]) by DB9P189MB1690.EURP189.PROD.OUTLOOK.COM ([fe80::35f6:8e73:9eb6:4b28%6]) with mapi id 15.20.8251.008; Thu, 12 Dec 2024 10:52:35 +0000
                  FromANTONIO DEL POZO MARTIN <antonio.pozo@ahorramas.com>
                  ToALEJANDRO JOSE JIMENEZ LOPEZ <alejandrojose.jimenez@ahorramas.com>
                  SubjectRV: Re:Re:Re: Password Change (en)
                  Thread-TopicRe:Re:Re: Password Change (en)
                  Thread-IndexAQHbTH86KdhNnMbtmEOzqNpixiFARrLibtzw
                  DateThu, 12 Dec 2024 10:52:35 +0000
                  Message-ID <DB9P189MB169094F11BD6A039D37293AC953F2@DB9P189MB1690.EURP189.PROD.OUTLOOK.COM>
                  References <01010193ba609a4e-9e96280f-0a7b-4bc2-86e8-72d1bd3e7137-000000@us-west-2.amazonses.com>
                  In-Reply-To <01010193ba609a4e-9e96280f-0a7b-4bc2-86e8-72d1bd3e7137-000000@us-west-2.amazonses.com>
                  Accept-Languagees-ES, en-US
                  Content-Languagees-ES
                  X-MS-Has-Attachyes
                  X-MS-TNEF-Correlator
                  authentication-resultsdkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ahorramas.com;
                  x-ms-publictraffictypeEmail
                  x-ms-traffictypediagnosticDB9P189MB1690:EE_|DB3P189MB2621:EE_
                  x-ms-office365-filtering-correlation-idc203317e-203c-4184-12b4-08dd1a9b1680
                  x-ms-exchange-atpmessagepropertiesSA|SL
                  x-forefront-antispam-report CIP:255.255.255.255;CTRY:;LANG:es;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:DB9P189MB1690.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:HPHISH;SFS:(13230040)(366016)(69100299015)(8096899003)(41050700001);DIR:INT;
                  x-microsoft-antispam BCL:0;ARA:13230040|366016|69100299015|8096899003|41050700001;
                  Content-Typemultipart/mixed; boundary="_006_DB9P189MB169094F11BD6A039D37293AC953F2DB9P189MB1690EURP_"
                  MIME-Version1.0

                  File Icon

                  Icon Hash:46070c0a8e0c67d6