Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
email (1).eml

Overview

General Information

Sample name:email (1).eml
Analysis ID:1670401
MD5:ed17b7874a114bc0aa4024b5cec13205
SHA1:c0954b714976e480984585ce58f696269ad6ec52
SHA256:ba4328fae25f6ec5519dd47bc1f57b6aad473fbff56c142a1b884a29ed052a63
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Queries the volume information (name, serial number etc) of a device
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6960 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email (1).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7092 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A79ED586-0D7A-43F9-A32B-5B626A26E7FE" "4839EABE-8AA7-4F7B-89BE-0F4C7B9110C7" "6960" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 6432 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H2GA064C\RFQ-TC23223.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6628 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 1864 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2136 --field-trial-handle=1544,i,17104615216468631592,5082720050647482968,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • Acrobat.exe (PID: 7820 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H2GA064C\Datasheet (Skye Solutions Quarry pump).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H2GA064C\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6960, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6960, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: email (1).emlJoe Sandbox AI: Detected potential phishing email: The email uses a generic free email domain (technologist.com) instead of an official Total Energies corporate domain. The sender's email address in 'from' and 'to' fields are identical, suggesting mass distribution. The presence of suspicious PDF attachments combined with urgency to respond is a common phishing tactic
Source: email (1).emlJoe Sandbox AI: Detected suspicious elements in Email header: Email originates from a dynamic/residential IP (41.116.130.247) but claims authentication. Mismatch between internal IP (192.168.8.187) and external IP in received headers. Suspicious boundary string pattern typical of automated malware campaigns. Hungarian domain (tocke.hu) sending from African IP range is unusual. Internal IP address exposure in headers suggests potential misconfiguration or malicious intent
Source: EmailClassification: Invoice Scam
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: classification engineClassification label: mal48.winEML@24/35@1/101
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250421T1141120409-6960.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email (1).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A79ED586-0D7A-43F9-A32B-5B626A26E7FE" "4839EABE-8AA7-4F7B-89BE-0F4C7B9110C7" "6960" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H2GA064C\RFQ-TC23223.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2136 --field-trial-handle=1544,i,17104615216468631592,5082720050647482968,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A79ED586-0D7A-43F9-A32B-5B626A26E7FE" "4839EABE-8AA7-4F7B-89BE-0F4C7B9110C7" "6960" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 856FAC93107B8B4ABE39C5D3EAF85878
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H2GA064C\Datasheet (Skye Solutions Quarry pump).pdf"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H2GA064C\RFQ-TC23223.pdf"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\H2GA064C\Datasheet (Skye Solutions Quarry pump).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2136 --field-trial-handle=1544,i,17104615216468631592,5082720050647482968,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media2
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager14
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
e8652.dscx.akamaiedge.net
184.28.253.105
truefalse
    		high
    s-0005.dual-s-msedge.net
    		52.123.128.14
    		truefalse
      		high
      x1.i.lencr.org
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://x1.i.lencr.org/false
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          50.16.47.176
          		unknownUnited States
          		14618AMAZON-AESUSfalse
          23.202.56.131
          		unknownUnited States
          		20940AKAMAI-ASN1EUfalse
          23.209.84.39
          		unknownUnited States
          		16625AKAMAI-ASUSfalse
          52.109.20.47
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          162.159.61.3
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          52.109.0.140
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          13.69.239.78
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          23.194.100.185
          		unknownUnited States
          		16625AKAMAI-ASUSfalse
          23.220.73.19
          		unknownUnited States
          		13489EPMTelecomunicacionesSAESPCOfalse
          184.28.253.105
          		e8652.dscx.akamaiedge.netUnited States
          		16625AKAMAI-ASUSfalse
          52.123.128.14
          		s-0005.dual-s-msedge.netUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

          General Information

          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1670401
          Start date and time:2025-04-21 17:40:41 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:18
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample name:email (1).eml
          Detection:MAL
          Classification:mal48.winEML@24/35@1/101
          Cookbook Comments:
          • Found application associated with file extension: .eml
          • Exclude process from analysis (whitelisted): svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.109.0.140, 23.209.84.39, 23.209.84.26, 52.123.128.14, 20.190.151.7
          • Excluded domains from analysis (whitelisted): roaming.officeapps.live.com, ecs.office.com, wus-azsc-000.roaming.officeapps.live.com, omex.cdn.office.net, dual-s-0005-office.config.skype.com, login.live.com, us2.roaming1.live.com.akadns.net, ecs.office.trafficmanager.net, prod.roaming1.live.com.akadns.net, osiprod-wus-buff-azsc-000.westus.cloudapp.azure.com, omex.cdn.office.net.akamaized.net, a1864.dscd.akamai.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtQueryAttributesFile calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtSetValueKey calls found.

          Created / dropped Files

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\39cbdbe8-90e7-4dd3-8d24-d4587b3ea51c.tmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):403
          Entropy (8bit):4.98141020715722
          Encrypted:false
          SSDEEP:
          MD5:5571184799501BC1309C24DB82719EED
          SHA1:3AEE90E1DA9FB3E78F53110FC44949F1F79636D0
          SHA-256:A90FDBC41CCE25AF1D14392440AB1897F3A5C07B8160ED661CD7911DB2572E5E
          SHA-512:0828BF60FAE9B5AE831701D84A5330E404763CBF10C849691DB297587659AB00D226222F98D5FAF1D2AC4F56149C9E00C7BF3202F7B3C4DAD865CA34FEA95945
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389810095660643","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":142656},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5571184799501BC1309C24DB82719EED
          SHA1:3AEE90E1DA9FB3E78F53110FC44949F1F79636D0
          SHA-256:A90FDBC41CCE25AF1D14392440AB1897F3A5C07B8160ED661CD7911DB2572E5E
          SHA-512:0828BF60FAE9B5AE831701D84A5330E404763CBF10C849691DB297587659AB00D226222F98D5FAF1D2AC4F56149C9E00C7BF3202F7B3C4DAD865CA34FEA95945
          Malicious:false
          Reputation:unknown
          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389810095660643","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":142656},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250421154127Z-158.bmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
          Category:dropped
          Size (bytes):65110
          Entropy (8bit):0.010281203479617362
          Encrypted:false
          SSDEEP:
          MD5:00DB8ECE00238719F9D531102091F31C
          SHA1:2C93F28D42D242532093FAB1BB7DDE33EEE810D5
          SHA-256:95444CF39A1424F48C5D069EE1F263B613F89D22C379C4A2886F6FBE160BC00F
          SHA-512:4DE0801AAB1297B9B6A4BF85631650BAFB042F1C211D2C012D601F8FDB7836FA6AD5B5D04B0FE1F4CF50D987C94B2ED6B5FDB8A3075BAC7D30D9FD8CA1840008
          Malicious:false
          Reputation:unknown
          Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250421154133Z-368.bmp

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PC bitmap, Windows 3.x format, 157 x -152 x 32, cbSize 95510, bits offset 54
          Category:dropped
          Size (bytes):95510
          Entropy (8bit):3.2961820779604127
          Encrypted:false
          SSDEEP:
          MD5:CB7D4B794C0BC547665BE1BC067EBAF3
          SHA1:FE98902F9DDC0B1D57B56BBA0B6E13457BA4550F
          SHA-256:9587A05809706ACA7A232955FD52AD0E5F2FDA70D5B75269D1ABCDE63DA4310C
          SHA-512:CD1A9786427E324076E8BE9560E7485CE26FABC9536D4B9C2A2661C1597163469D45D8A0D6CAA120ECF40A72D4D388C80FA1A6DEF12579DB7B02FFC98189AA5E
          Malicious:false
          Reputation:unknown
          Preview:BM.u......6...(.......h..... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................\...%...%...............E...o...............%...........%...............o...E.......%...%...%...%...%...E...........................%...%...o.......................%...%...................E...o.......................%...............E...E.......%...%...%...%...%...%.......%...................%...%...%.....

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
          Category:dropped
          Size (bytes):57344
          Entropy (8bit):3.291927920232006
          Encrypted:false
          SSDEEP:
          MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
          SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
          SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
          SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite Rollback Journal
          Category:dropped
          Size (bytes):16928
          Entropy (8bit):1.214861889056647
          Encrypted:false
          SSDEEP:
          MD5:6DF151D78A1FAB00ACA6F0E48013C2C6
          SHA1:2137AF15616F312E7C7FC45A0BAF324FBCB48795
          SHA-256:930B5E2CF1A6EF467FCAF87228EA77ADE4C1DA07DECDB7FE352EFDA729B77A6F
          SHA-512:C61310CB91BD5AA47069C4AFD5D247C354CA0D3202550289FADDC34662898D7BF63EBC0FDC4F0F9B6E0ED0C5FD0640D3F9515EFF8CAE396FF2657D3C37F2F423
          Malicious:false
          Reputation:unknown
          Preview:.... .c.....H..-........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:Certificate, Version=3
          Category:dropped
          Size (bytes):1391
          Entropy (8bit):7.705940075877404
          Encrypted:false
          SSDEEP:
          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
          Malicious:false
          Reputation:unknown
          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
          Category:dropped
          Size (bytes):73305
          Entropy (8bit):7.996028107841645
          Encrypted:true
          SSDEEP:
          MD5:83142242E97B8953C386F988AA694E4A
          SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
          SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
          SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
          Malicious:false
          Reputation:unknown
          Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):192
          Entropy (8bit):2.7569015731729736
          Encrypted:false
          SSDEEP:
          MD5:6D3FBE313D6D8A19B025E5FA361592E4
          SHA1:7953026A1515DC95B585AF8F9B855E5A0D6AD187
          SHA-256:E8A66642C5165AA7E5A6DD6CDAC5AC85129E9E405F9C5E71EFE717B04AEA0258
          SHA-512:21E77070F874914140F3B596D02486F9B054FD4114283CC64EC59C989BD38DFEA864542723DD5933993638C3D3461826C84CC7C3A7186D3561F532FC9AF11E5F
          Malicious:false
          Reputation:unknown
          Preview:p...... .........`.....(....................................................... ..........W.....x..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
          File Type:data
          Category:dropped
          Size (bytes):330
          Entropy (8bit):3.1753034170119614
          Encrypted:false
          SSDEEP:
          MD5:B57100A3BCE646D82E90B4DFDDF4F435
          SHA1:A6AA5DB9DF4A915ADC7A3F3B68E6AA42A8648464
          SHA-256:2C58D7DD53BFD5B0EF05B6B5D2E13642D0B8017588567074212C7671295448EF
          SHA-512:EB2E756A8C3A4495214F8182AE9C3E42EC77D14673454F31A4309BBC3425E88A872EC0BCC3B271261F9CAFE652E24367FD0A10E765E69156112C915013B59F6C
          Malicious:false
          Reputation:unknown
          Preview:p...... ..........6....(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6528

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):185099
          Entropy (8bit):5.182478651346149
          Encrypted:false
          SSDEEP:
          MD5:94185C5850C26B3C6FC24ABC385CDA58
          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
          Malicious:false
          Reputation:unknown
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:94185C5850C26B3C6FC24ABC385CDA58
          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
          Malicious:false
          Reputation:unknown
          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):295
          Entropy (8bit):5.366439268439437
          Encrypted:false
          SSDEEP:
          MD5:F1449D7EB685DA8B264E1EC9C5D4780B
          SHA1:56DC3AD308F8B87D5AC6040F2E09002EA775B203
          SHA-256:0976F92FA8F6DC7CD95B5BF66BC4B90D2733FF3F83DD5836BB3A6ACC1C34AD5E
          SHA-512:718207748A0B35C654B29BCDEF3C59262B472A5C0D486FAAF6027688ACC547243A2B4A7E36B6B9BBA188E95A3E28A32F84AB5BD979F62661A8CBD985583E2010
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):294
          Entropy (8bit):5.312574703818746
          Encrypted:false
          SSDEEP:
          MD5:4EC91630283C09C425272B99EFA893E7
          SHA1:9199CB9E71E8E96FF7F3E7E4D252EE048B0D5AA2
          SHA-256:41D4B309D8A2FC6A58B99C627273352B9CF2E0EE0C6E626E2B2EBC1CFF1AE36E
          SHA-512:B66060E78F4854F258A826586AA5C70EF3A67393B097F1105A0E1744FE57CFD465F6E10D86EB1DE557148CA1B0A24611B2A689083DDA53B454697998C63240C6
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):294
          Entropy (8bit):5.290986377083607
          Encrypted:false
          SSDEEP:
          MD5:2A9B43C97E9DD436F5CD82C2B714FDA5
          SHA1:1CD3F7287DB384F90DD00CA60719D248190233CF
          SHA-256:ABF4D264F57346914E7C7F2C1C009E534B1AB2676D6976B8A774661189CFF29A
          SHA-512:7CB8CA5C233A4E4D3CD5DE69CD9F6BA825060BE26C015F67872C3B0963D91B69EA26BDD5F0ACFE9F4098E60C32D64927D619BB05BA5F02761A5B3308A7FD2710
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):285
          Entropy (8bit):5.354927382868932
          Encrypted:false
          SSDEEP:
          MD5:7C4A5DA9785635042B231D25620B6F81
          SHA1:F197C5AB6AC34C7FF33202C7B4EDDA2A04353106
          SHA-256:47F1BBF0D46F12EDAC2A0D29F5C5CB686CEC03EFBB2C8CBAF5239D3DA56152DA
          SHA-512:CB22D2A3E5EB49B13CBB18D5A41BCA8727DAB51219BE5E78381C7263FC368A7C63545CC843C47C3B5097A038844F68DC98F96AEC254F87EDB1626C812A612CF9
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2213
          Entropy (8bit):5.844328033547757
          Encrypted:false
          SSDEEP:
          MD5:58D1CAC5CF0BA4848189ED43778CD4FF
          SHA1:DEF3CAAE37045A3CCE1C802561497059A6F504AC
          SHA-256:C329CBCBA68BF0E6A3CDC4522FE30BC413E2DC85273FDA2973C5DAECDBEC064C
          SHA-512:766581A641FC4CBB8E4E795928773345F364FE5894A13E20D037553FBAD812D38F6E1C4FB62CD90E1247DBDE2BDE4F5F80573D297006FC724B00AAE966B321EB
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.302386152009831
          Encrypted:false
          SSDEEP:
          MD5:9658C106A19EB93B6BDF54B72BD5654F
          SHA1:2B345B4519E18E60EE1392CC3AE4F8A6526E619B
          SHA-256:8321FA3251BB5A3E777D2074F59E0CA73231C721377882750BCAB8F5AE1912A7
          SHA-512:0B8A053259F18BCF94314BC950EBE75F4869419FD6AD33E21235CEEACFDF326B0BD91901C4B2E90E3E05A02C8506E53F83BBE9134CDA1506ED97E53ACC1506FA
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):292
          Entropy (8bit):5.304430264782198
          Encrypted:false
          SSDEEP:
          MD5:097C52EF7980C08893C88C0D61491969
          SHA1:D01408E1A0FA963AF2D743E1AFE650FCEA44E057
          SHA-256:9FCF4EAFEA7CBFFCE2EAFF65269F862012B91B53185F06C8B64F9C8FEDE8BBF2
          SHA-512:4C176BDFDC41832C05B808DE6AC0F75662550B0257268612B7B8B05E33AD752E13DAFA0F20FF53976BF7E029616750502C7FACB2095ABFB01AC534F8D3AE73B6
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2160
          Entropy (8bit):5.8282530008691875
          Encrypted:false
          SSDEEP:
          MD5:6CF201E69E54753D1ED261D48B8523D8
          SHA1:B1C9B97637EB8B48933A86F9E8309ECF5E4C021B
          SHA-256:BD1ADAC25F59EE6EA05EAD07D28416BFA2D4222D8E3510A1EAF716D63D313CF1
          SHA-512:DDD4923315BDE84B9A3A3F22E7F03C424800106D3479E65F13625858012CD6D5E73DF5C40B09FBEBDB34A18D79463B240D81699DC7F3B3FF1F2BB4F9EF618B11
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):295
          Entropy (8bit):5.328317974689836
          Encrypted:false
          SSDEEP:
          MD5:FCE260781A578CCE2C02EA54E3EA5B5C
          SHA1:353094F993D478A0443239A3A5FC6E5CE92319B4
          SHA-256:EFEA09DE874034521B3045C882FEE7CDF8A23C10A2BCFFBD8688986F707A8518
          SHA-512:B4F3098AF28AAA34530844029570A72ACC18DB7C73EC48597E92EB035855E61ADBA5A0A310EF74F9060EBB315B38A80897401642739EC5C8AC3E50C97BA926A2
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):289
          Entropy (8bit):5.308853802927804
          Encrypted:false
          SSDEEP:
          MD5:750606712A3090A2CCBA11D36A517D3E
          SHA1:F8EFDC43999DD298D4EF1CD041FCBF090E08B599
          SHA-256:11E82AAF114F51C9DC09573AB301C88BAC33315AC52AD9C0EC05BD6B60CFB328
          SHA-512:CDFD9E4D14E5B42CC2B474F32066B6220B6C5CA563BDF815EB086AC16E4E27043BAF1ABA547D91CFEB9D765B4FB2496E660F7F27660269C65312DC0D571D202D
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):284
          Entropy (8bit):5.295641406183247
          Encrypted:false
          SSDEEP:
          MD5:0B0E7FE99AC1694F6D556996ECD29A62
          SHA1:5DD42F24FFAC3C0B3056FCBF1FA31C2448486822
          SHA-256:0D971B7A26AD8B43A1394E20A8D9A0847409EF715DE0D7468A7C5E674FAD03B0
          SHA-512:FFAD0E3F4AC25F5C33FAB6105742446D407C0CC684E89F55120D61B598F54310CFFF40A34CA1B16005A8F0DCCE8B099F216F8F46D5DF1AAF4949E6AD75ED860F
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):291
          Entropy (8bit):5.29234004972244
          Encrypted:false
          SSDEEP:
          MD5:22CFD1A602F0C3FE1A32219D5FB7E3DE
          SHA1:51AF2F1AD1F900A252CB0425C143CCC5615DA564
          SHA-256:6DEFD143796266614178C78ACF94D1B4F467623B3FB54D2E0C45F78DB06418CB
          SHA-512:14A84C608965E43ED37A9558E037C23C25763C8023F48AE30A0FD75F06C4972B5C1FA832174B9BFB93FD9AF73E75F9B60F0BB7B0DDC22A29599A7E12E1AE24AF
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):287
          Entropy (8bit):5.295529539279257
          Encrypted:false
          SSDEEP:
          MD5:E060293A5D964DE2D7CCB1DF00CD78A0
          SHA1:8161B22608F71E1B005203B1811CC62776F9664A
          SHA-256:6EB4E2D11AA1F119EDD52C8FD29EA03FDA326D17A554C1CF778F17758D6DA5F8
          SHA-512:9D07A052AFDAB90E3A7934C5B8CF139E8675B6EC13F7D3DA88869E8E701AA1C3559452DD0163C8F622FCF8F6AB0228F5FD4F29355325EA8F4A1852EC43B7DD9E
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2112
          Entropy (8bit):5.846276223705127
          Encrypted:false
          SSDEEP:
          MD5:1DBB8FB8FC9739E83466336B360A9D22
          SHA1:B801EECB48834DBDDC0BE66A5A3CB1934DECAA66
          SHA-256:A0378E2E1B793443475D5D87AE30BF2C9A8F03116DF670F36979FDD9F7D347A3
          SHA-512:9E397487858C1AC87D07EA17FD5B2F9DBB5D0B8BF62B558EADB66137458B88329A104D4CAA10BAECC29F5C46B044657E93B3601CCF9AD2D48A142DAF2ECEE2EB
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):286
          Entropy (8bit):5.272808099541485
          Encrypted:false
          SSDEEP:
          MD5:B8569CD1A87825BA3AC10F5A37646611
          SHA1:848F2025FC349AF01146FE7D1A1CD7344F4FE011
          SHA-256:CC53DBED4608569F5B97189CB2080DD300528923404D1945E5D9C33240A9ACC4
          SHA-512:820627F335CCC35713829374843EB35957AD4557F6DCB29AAC695084AE10C74B385ADF1EE68DF9DBB6405D817F921074C2C43F85D416AB557DAD9E37BF406CDC
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):282
          Entropy (8bit):5.278336068881825
          Encrypted:false
          SSDEEP:
          MD5:CC28B0F8642B4BE3993902C6BED5B2A4
          SHA1:073F0E7F4E891E22C133144B4692E13E37468CE3
          SHA-256:4EBF0649225E040A39CACA3E8C2B174E6DA1E67B15DD3F8E4AAEDB322D13265D
          SHA-512:AC966A54C45F9BB8758B06488BC51A317E27898D5ECF6B3C69E3A6F68B4FAF452B37B435836EBB03FF9E716E9143E4E9226425D1B0DB6EBFABAD7248F924903C
          Malicious:false
          Reputation:unknown
          Preview:{"analyticsData":{"responseGUID":"7dbe3b64-a6c9-4425-8fc1-ec6e249f0b06","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423609241,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:data
          Category:dropped
          Size (bytes):4
          Entropy (8bit):0.8112781244591328
          Encrypted:false
          SSDEEP:
          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
          Malicious:false
          Reputation:unknown
          Preview:....

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2815
          Entropy (8bit):5.132668208590113
          Encrypted:false
          SSDEEP:
          MD5:10DD0B410576BBC6A2D35FC67AEEC925
          SHA1:AB9B0BE14583A296C75EF9162854F4567AFCB81A
          SHA-256:AA1BBAAFF6965942BE7F07CCAEFEA2EFCBA34550ABF36045B731B44004B31F69
          SHA-512:F52771DC93D27526948225DD7DD49234FFD887B4AF808973116E9980D6CEA61D94E95FEF03CB895DE3EC9DDBD7F2D8EF507B079226FB4772C1E5D051668C490B
          Malicious:false
          Reputation:unknown
          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"272ed91403c68928374ca79b45f1d14b","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1745250094000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"4b10c429cf63370716137a74022891a8","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1745250088000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"337a5e2a9db4c18f9eb4cf380d5413fc","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1745250088000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"9695f8a5a25e1e9445415cb9232babbf","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1745250088000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"00bae3fd6e4f46e1db89a6e8cd82e38b","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1745250088000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"ccdbacb76f45723e598d8d859d96e2d9","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
          Category:dropped
          Size (bytes):12288
          Entropy (8bit):0.9884962916295588
          Encrypted:false
          SSDEEP:
          MD5:7B2D61A374DA3A489A2E8ED01F1505DC
          SHA1:350BB55626768C9666EE73F536DDA6AE6B6517E9
          SHA-256:28ED781345020E7142F7448A73EF3B793097204DECBC5C89E068C3A0C4F4D5B7
          SHA-512:F52D16761FCBB542FF2B90A33B2E868FC5A4961B494F3A400DC800D02530445FFCDEB82367F543C39BBCAF4C38A157102F3657588A48B211D3F6D469C633838F
          Malicious:false
          Reputation:unknown
          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:SQLite Rollback Journal
          Category:dropped
          Size (bytes):8720
          Entropy (8bit):1.3444303778312623
          Encrypted:false
          SSDEEP:
          MD5:8452AEDAC85E42120E114C28950D5E9D
          SHA1:43DBE7B4913C4E3AD8506C612E23D97892C9F57F
          SHA-256:EB2E457F58DFD0FF82E304D694C3DE149ABF2CD7CDE4996146F899CBC086C0F4
          SHA-512:08D54105994ACFFD2B27E1C8B5CF1453B5AB739ABC912565A2F3C732E3BB9E23FF4182A3C6D5BE808D743B58DACB843C8B6D0838CABF6021C40F2DCA6419AB3E
          Malicious:false
          Reputation:unknown
          Preview:.... .c......1xz......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\MSIce367.LOG

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):246
          Entropy (8bit):3.5085442896850614
          Encrypted:false
          SSDEEP:
          MD5:20B38899333549DDF1FE5BFB18663CA9
          SHA1:A36FA8B23867E54D33A4D55341170293187F7A7E
          SHA-256:D9E65B5F4C3912A2D59B4B3ADE2512F702A2BAF9010A3907C8469D7B2B8488E6
          SHA-512:89E0D3B9D25A22C998F44A01958AC0D2BFE807A63DE06689394F25B4A39BF3E4B3DFA14EE6AEB15A7B813E1AA5E289ECDD08B5A6BC4CA15F18EF8AC71A8813FD
          Malicious:false
          Reputation:unknown
          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.1./.0.4./.2.0.2.5. . .1.1.:.4.1.:.3.0. .=.=.=.....

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-21 11-41-25-207.log

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with very long lines (393)
          Category:dropped
          Size (bytes):16525
          Entropy (8bit):5.353642815103214
          Encrypted:false
          SSDEEP:
          MD5:91F06491552FC977E9E8AF47786EE7C1
          SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
          SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
          SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
          Malicious:false
          Reputation:unknown
          Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

          Download File
          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):29752
          Entropy (8bit):5.417906202521481
          Encrypted:false
          SSDEEP:
          MD5:D800CDFE4AAFCDF00C72C00F5802B87E
          SHA1:743451CBB4AFBDAB407EF8ED5BDB8AB57E025FEC
          SHA-256:6108B7F47B82835DF6D314FC5C5DEA31F2DE7F57F548724639BAAC381328FBB4
          SHA-512:AA4780FF52FBB258CC25B1F77E5A87191C16E4EFE39B4786B5A5CDA874C4FF4DB040F22CFB186F4E43CE9E2EF16DC406F43F689F1471FB977456E248E538046E
          Malicious:false
          Reputation:unknown
          Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

          C:\Users\user\AppData\Local\Temp\olkA255.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):197595
          Entropy (8bit):7.997758005149571
          Encrypted:true
          SSDEEP:
          MD5:956A92EB1D0B159A007770F4A55119E8
          SHA1:0CE413A905367273E7F1E7910CD891C7199B594B
          SHA-256:307189181D86F58F021C2461895C7C6A818F6AEC39E5185EFCE43067AAE73541
          SHA-512:A0C3A866DCE480C4B45329125EB71F55A2BE6B7B6387C71A011E3459B5D20D8201937E6B0D41726C21A527A4F526562F3321668D910A4B173011D1F2123BD1E3
          Malicious:false
          Reputation:unknown
          Preview:...}.A.....v...L....=xp...e|.]....g.d.....jA...V..B..U..e>...G^_;q....]...6..m...?..j.......56..#._..._..%.&.M..n....vOC......!,.m@.B....[N0G5.f>.fc....u..b.O...ud....18..C.1of.'Dx.5}66_5...5........iO+u..wb..=4.......z..m:]._.^\.^.g.kMnSUK:`.v~..G...x.......`U.I.".W.......k.$6.O? {.Q..$PR..7j..L...k......(.;c.kMM..{p.I.T...'`...7....&.5...M.'..^....Fi...Y.IJ22.Q.).t.L.rT..n..R@.........U..qT.|.j..'Su.../..K.......1.)...ET....woi......3e..n#^.4.l.'lq.=.K..E\.....Kvi'....p..........f.....El3.o..W......M`....=s.H..8.Bm.b*.zAD...^^\....Y.Xz6.az.#...._.I...q.. .vf*.76Wf.<..5.kz.k...-.....:.2..d*..=k...#}..+..'.p&..2.]..9.....C...m.m}Q.l.3...@~gw.M..+.Z.)Kt..<...j...b..30...YOq .pLj.....<.....~0#.O.../r..u..j..f..U..T.x....m.w......x..9x...t}.e.a.h.)....`c3a....).<...T<.?...y....F.._......V.OP...R.:}*.kuy...d...-IN=x.1].....8...wN."v.(;...K...X?..`...?..-^...R........Y......I.!T.:U..X..}X....vP.K../..T.+JJ..z.F....P.j....i).-mI..3f..mY...r.F.+A.3...+.

          C:\Users\user\AppData\Local\Temp\olkA266.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):226545
          Entropy (8bit):7.965465036298205
          Encrypted:false
          SSDEEP:
          MD5:3A29BBFDEF5CC8EF4EF98DB036A028FC
          SHA1:411D5605F93B42F03F3EC7932DE26A75D4B14392
          SHA-256:9F065A8C988292A1B0F3601D80F4C93DFE2D50D4D50F9A354B853826AB359E14
          SHA-512:E43FE283A1995EE5FD359016E6B2AC0709A2827C9D9842332FF082796262034CDDC839C6BF8CA9928BBB81B7A79B89C7216CA998D1084BFEF0F41EADB7BCAA2A
          Malicious:false
          Reputation:unknown
          Preview:.I....?\......I....?\.......).?...Sa.Ur.EtG....l?......~p.3..?..}..~p.3..?....z!..i_.6..S.....sJ......b9.Rxi..h..(...i.Rxi..h..(...j..w.."..n#..7r.&..f.K[L.M.#k..).QO. .......C...#ajF......m..K.....XR.h....uJ..@JC.....J.6....R.lz..O.?8......m>.O.?8......mw.<(..}.Db..J..<..o?.9.|.)...."...u..}.k9....9..T..UA....<4..4g......<4..4g....U.G..0...D....yb`..k...x.F...m...Nsc..0...Y.W.</.2.VM...j+.u].C.. ...Hc.C.....9.A....<4..4g......<4..4g....#.D.C....l?..C..8z..,z:c....5...[..XH........).0..n...A....<4..4g......<4..4g....#.E4C....l?..G]x4...[.K6.S......h'l.*n...bo('.m7P.p=B.b...<4..4g......<4..4g......,.../P.Z6.'.....uH..5.+...H.T..L.B...0...z.*e.......y..:C$..9..[f9d.b.Hp..1...1D=..<.c..Rxi..h..(...i.Rxi..h..(...k$.]...d..i.w.f9.....E]..'8&QO'......>U..D.C....l?...}..~p.3..?..}..~p.3..?....z!..i_.6..S.....sJ......b9.Rxi..h..(...i.Rxi..h..(...j........bz..I....W......",..r....&..i...... .@.......y..OJ.x.&n...m..XP.m.vr.l.t.g.h61.u'......r....u'..

          Static File Info

          General

          File type:ASCII text, with very long lines (339)
          Entropy (8bit):6.023318398761116
          TrID:
            File name:email (1).eml
            File size:952'131 bytes
            MD5:ed17b7874a114bc0aa4024b5cec13205
            SHA1:c0954b714976e480984585ce58f696269ad6ec52
            SHA256:ba4328fae25f6ec5519dd47bc1f57b6aad473fbff56c142a1b884a29ed052a63
            SHA512:64f01f6a83ec66ce3879d88a4b65f38eaff96fee9313a03c18bdd9cf74d49bd6d35e5dfc71347003760bf89d5ffa25f1e8cdd028fdba0398b07e35843dcef52e
            SSDEEP:12288:6n7fAQlKbBl6Nxo9/c6nXW3i15sGMOAmxeTsokQ0xJkTKKla8SFb8Jqc+F5unugT:6n7fg7mU/XW3i1WGdaTqela9bgG6u2
            TLSH:D7159B3D47037EBD8EBA03CD10DE3D5429B008FB4A3459D9E9DABE4889B2D40EE99D54
            File Content Preview:Authentication-Results: ppe-hosted.com; spf=softfail smtp.mailfrom=technologist.com; dmarc=fail header.from=technologist.com header.policy=quarantine; .Received: from mx1-us1.ppe-hosted.com (unknown [10.7.64.117]).by pure.maildistiller.com (PPE Hosted ESM

            Static Mail

            General

            Subject:Total Energies (RFQ)
            From:''Thomas Pierre'' <totalenenergiespurchases@technologist.com>
            To:Recipients <totalenenergiespurchases@technologist.com>
            Cc:
            BCC:
            Date:Thu, 17 Apr 2025 05:57:40 -0700
            Communications:
            • Good day, I am reaching out to invite your company to provide a quotation for the products detailed in the attached request. We recognise that some of these items may not align with your usual supplies, but we expect your expertise in sourcing and supplying these products. Please note that this is a one-time tender, and we require the product and its components delivered on or before the date specified in the attached document. We anticipate your prompt response to enable us to proceed to the next step. Thank you and looking forward to reviewing your proposal soonest. ================================================================================================================================================================= Buen da, Me pongo en contacto con usted para invitar a su empresa a que nos enve una cotizacin de los productos detallados en la solicitud adjunta. Reconocemos que algunos de estos artculos pueden no coincidir con sus suministros habituales, pero esperamos contar con su experiencia en la bsqueda y suministro de estos productos. Tenga en cuenta que se trata de una licitacin nica y que necesitamos que el producto y sus componentes se entreguen en la fecha especificada en el documento adjunto o antes. Esperamos su pronta respuesta para poder continuar con el siguiente paso. Gracias y esperamos poder revisar su propuesta lo antes posible. Thomas Pierre (Procurement Manager) Address: 1201 Louisiana St #1800 Houston, TX USA. Phone: +1 713 399-5130 Fax: +1 713 969-4788 Email: totalenenergiespurchase@technologist.com Aviso: Las informaciones transmitidas, y que comprenden las piezas unidas, estn destinadas nicamente al uso exclusivo de las personas o entidades auxquelles a las que van dirigidas y pueden contener elementos confidenciales y privilegiados que puedan ser utilizados bajo privilegios legales. Todas las conferencias, reseas, retransmisiones, difusiones, distribuciones, reproducciones y otros usos, as como premios por todos los fondos de estas informaciones, para personas y entidades distintas del destinatario sin el consentimiento previo del expedidor no estn autorizadas y estn estrictamente prohibidas. . Si recibi este mensaje de la persona equivocada, consulte la informacin inmediatamente en el expediente y elimine el mensaje de su computadora sin copias. Todos los puntos de vista y opiniones del personal se expresan en el mensaje electrnico appartiennent l'expditeur y ne reprsentent pas ncessairement de los puntos de vista y opiniones de la Sociedad. *tener total proteccin ambiental y reflexin antes de imprimir*
            Attachments:
            • RFQ-TC23223.pdf
            • Datasheet (Skye Solutions Quarry pump).pdf
            Key Value
            Authentication-Resultspanda.processnet.hu; auth=pass smtp.auth=tcomp@tocke.hu smtp.mailfrom=totalenenergiespurchases@technologist.com
            Receivedfrom [192.168.8.187] (unknown [41.116.130.247]) (Authenticated sender: tcomp@tocke.hu) by panda.processnet.hu (Postfix) with ESMTPA id 2DAF9302A0A; Thu, 17 Apr 2025 14:58:00 +0200 (CEST)
            Content-Typemultipart/mixed; boundary="===============0273619003=="
            MIME-Version1.0
            SubjectTotal Energies (RFQ)
            ToRecipients <totalenenergiespurchases@technologist.com>
            From''Thomas Pierre'' <totalenenergiespurchases@technologist.com>
            DateThu, 17 Apr 2025 05:57:40 -0700
            Reply-Tototalenenergiespurchase@technologist.com
            X-PPE-STACK{"stack":"us4"}

            File Icon

            Icon Hash:46070c0a8e0c67d6