Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
email (1).eml

Overview

General Information

Sample name:email (1).eml
Analysis ID:1670409
MD5:ed17b7874a114bc0aa4024b5cec13205
SHA1:c0954b714976e480984585ce58f696269ad6ec52
SHA256:ba4328fae25f6ec5519dd47bc1f57b6aad473fbff56c142a1b884a29ed052a63
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Queries the volume information (name, serial number etc) of a device
Sigma detected: Outlook Security Settings Updated - Registry

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7060 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email (1).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6400 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C65761F7-42E6-4C68-9D56-C83879FCB269" "CD088475-DE6A-4806-AB00-E54D927F777E" "7060" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 6572 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LG5GJ45Q\Datasheet (Skye Solutions Quarry pump).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6100 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 5064 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1732 --field-trial-handle=1560,i,1612474178666743192,5425913474628016022,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • Acrobat.exe (PID: 7844 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LG5GJ45Q\RFQ-TC23223.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LG5GJ45Q\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7060, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7060, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: email (1).emlJoe Sandbox AI: Detected potential phishing email: The email uses a generic free email domain (technologist.com) instead of an official Total Energies corporate domain. The sender's email address in 'from' and 'to' fields are identical, suggesting mass distribution. The presence of suspicious PDF attachments combined with urgency to respond is a common phishing tactic
Source: email (1).emlJoe Sandbox AI: Detected suspicious elements in Email header: Email originates from a dynamic/residential IP (41.116.130.247) but claims authentication. Mismatch between internal network IP (192.168.8.187) and external IP suggests potential spoofing. Authenticated sender claims to be from Hungarian domain (tocke.hu) but originates from African IP range. Unusual boundary string pattern that could indicate automated malware. Multiple geographical and network inconsistencies in the routing path
Source: EmailClassification: Invoice Scam
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: classification engineClassification label: mal48.winEML@24/47@1/80
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250421T1151000575-7060.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email (1).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C65761F7-42E6-4C68-9D56-C83879FCB269" "CD088475-DE6A-4806-AB00-E54D927F777E" "7060" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LG5GJ45Q\Datasheet (Skye Solutions Quarry pump).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1732 --field-trial-handle=1560,i,1612474178666743192,5425913474628016022,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding D25E81DC2B2D6C6B187CAADC9959A9F9
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LG5GJ45Q\RFQ-TC23223.pdf"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C65761F7-42E6-4C68-9D56-C83879FCB269" "CD088475-DE6A-4806-AB00-E54D927F777E" "7060" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LG5GJ45Q\Datasheet (Skye Solutions Quarry pump).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1732 --field-trial-handle=1560,i,1612474178666743192,5425913474628016022,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LG5GJ45Q\RFQ-TC23223.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media2
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager14
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    e8652.dscx.akamaiedge.net
    		184.28.253.105
    		truefalse
      		high
      s-0005.dual-s-msedge.net
      		52.123.128.14
      		truefalse
        		high
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://x1.i.lencr.org/false
            		high

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            50.16.47.176
            		unknownUnited States
            		14618AMAZON-AESUSfalse
            20.42.72.131
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            23.194.100.185
            		unknownUnited States
            		16625AKAMAI-ASUSfalse
            52.109.6.53
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            184.28.253.105
            		e8652.dscx.akamaiedge.netUnited States
            		16625AKAMAI-ASUSfalse
            199.232.210.172
            		bg.microsoft.map.fastly.netUnited States
            		54113FASTLYUSfalse
            52.123.128.14
            		s-0005.dual-s-msedge.netUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            52.109.0.142
            		unknownUnited States
            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            172.64.41.3
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse

            General Information

            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1670409
            Start date and time:2025-04-21 17:50:22 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:17
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            Analysis Mode:stream
            Analysis stop reason:Timeout
            Sample name:email (1).eml
            Detection:MAL
            Classification:mal48.winEML@24/47@1/80
            Cookbook Comments:
            • Found application associated with file extension: .eml
            • Exclude process from analysis (whitelisted): SIHClient.exe
            • Excluded IPs from analysis (whitelisted): 52.109.6.53, 52.109.0.142, 20.42.72.131, 23.194.100.185, 50.16.47.176, 18.213.11.84, 54.224.241.105, 34.237.241.83, 172.64.41.3, 162.159.61.3, 20.12.23.50, 52.123.128.14, 184.29.183.29
            • Excluded domains from analysis (whitelisted): wus-azsc-000.odc.officeapps.live.com, ecs.office.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, odc.officeapps.live.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, osiprod-wus-bronze-azsc-000.westus.cloudapp.azure.com, p13n.adobe.io, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, dual-s-0005-office.config.skype.com, us2.odcsm1.live.com.akadns.net, ssl-delivery.adobe.com.edgekey.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, onedscolprdeus00.eastus.cloudapp.azure.com, eus2-azsc-config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, geo2.adobe.com, prod.odcsm1.live.com.akadns.net, mobile.events.data.trafficmanager.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtSetValueKey calls found.

            Created / dropped Files

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):290
            Entropy (8bit):5.156131574879558
            Encrypted:false
            SSDEEP:
            MD5:FFA5CEB8CA113CFC7F29171C12F16BF4
            SHA1:0764C36CC5E9522168555895313415F52FBE3585
            SHA-256:22E1A957BCA592A1A99CE8F548F5EBDE9EB4F7C269CADDB46C37A120DB2012A3
            SHA-512:223343E4E3D7FB1D0480A2CB298311AA14A7D0294D439A4F7BD4E80E9AC1A8B1CCCEFE4DFC7AC4F88A10AC6CD107E761E04A7F5CE656AC21F41F25E0F5D9D314
            Malicious:false
            Reputation:unknown
            Preview:2025/04/21-11:51:10.087 1484 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/21-11:51:10.090 1484 Recovering log #3.2025/04/21-11:51:10.090 1484 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):331
            Entropy (8bit):5.194236821224267
            Encrypted:false
            SSDEEP:
            MD5:336F4CB2E5716D27710DB2D52FB507B9
            SHA1:5B4CDAEDCEB704EC7DF644CECE128D9D09F9099D
            SHA-256:494DF81F0FBEBEDC946FF78AF6147307557132BCC011927AD0DD3B228D06416B
            SHA-512:17FCEECD1FB39AE2B52D06B7529C2D7F9D8C9A9BFE3F5CE87B965B4966E0281D4AB8BA870DE702AFF4E709EC89D8674F35976CF4C2DA9A80AEB391B59DD19519
            Malicious:false
            Reputation:unknown
            Preview:2025/04/21-11:51:09.986 334 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/21-11:51:09.989 334 Recovering log #3.2025/04/21-11:51:09.990 334 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2986c552-9674-49a7-817c-ac3b450ab5ad.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):403
            Entropy (8bit):4.992961130313681
            Encrypted:false
            SSDEEP:
            MD5:0B3E4B48BE4D82434762290031BD3663
            SHA1:3ED862D7AA85D7506B684EFC5C65B390F848025E
            SHA-256:904DD972677AB98800ED60421DF5BC6A2CDF2AD58512E9A0B4CFAEFDC575B886
            SHA-512:6DB8996C9C0405CCF110DD9766FE086D89F98AD092A2AEBBB28E47837F281213F1790DD85C086AD72D93E8F8EEF3A237E6CEE5A7066E74032265197CF46C02B1
            Malicious:false
            Reputation:unknown
            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389810675750785","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146808},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:0B3E4B48BE4D82434762290031BD3663
            SHA1:3ED862D7AA85D7506B684EFC5C65B390F848025E
            SHA-256:904DD972677AB98800ED60421DF5BC6A2CDF2AD58512E9A0B4CFAEFDC575B886
            SHA-512:6DB8996C9C0405CCF110DD9766FE086D89F98AD092A2AEBBB28E47837F281213F1790DD85C086AD72D93E8F8EEF3A237E6CEE5A7066E74032265197CF46C02B1
            Malicious:false
            Reputation:unknown
            Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389810675750785","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146808},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):4099
            Entropy (8bit):5.227234806176598
            Encrypted:false
            SSDEEP:
            MD5:009971F05844813A928E2267DA42984C
            SHA1:D1B59A1D5CABBA7D7BA31D44EC6E82709D8C776E
            SHA-256:736CDB933AB134F3119FBCD6CDF3359ECB48E667DCE1608C44E6312201F9C4CE
            SHA-512:A2451015276FA1B7B13496CA1566A2A36686825CA645D4AB2CD0502B34F038D3AEC57196607EEA4BD2B7E3ED54999D3AEE6907C3BC1473FA4E9B5C1B453A53CA
            Malicious:false
            Reputation:unknown
            Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):319
            Entropy (8bit):5.124399958021512
            Encrypted:false
            SSDEEP:
            MD5:DA710EC8A16B85E90CCDE6A18386F9D8
            SHA1:76A7D6F4E1C33CA5ACED1EB7137B4D3A0DA5D6B9
            SHA-256:E1DEC623089D43149A015B4223B0E1A4E50FCD4E448924D7E18DA182E95037C9
            SHA-512:B44269E37707794F0B8F1039EAB7C943C31BBE78A0A88C5598727FDCE423AA14A4358BFC8B5F02B0EF52EA91112279A0482819264E800B027FBC99A3B130D6BE
            Malicious:false
            Reputation:unknown
            Preview:2025/04/21-11:51:10.119 334 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/21-11:51:10.121 334 Recovering log #3.2025/04/21-11:51:10.123 334 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250421155113Z-184.bmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 157 x -152 x 32, cbSize 95510, bits offset 54
            Category:dropped
            Size (bytes):95510
            Entropy (8bit):3.2961820779604127
            Encrypted:false
            SSDEEP:
            MD5:CB7D4B794C0BC547665BE1BC067EBAF3
            SHA1:FE98902F9DDC0B1D57B56BBA0B6E13457BA4550F
            SHA-256:9587A05809706ACA7A232955FD52AD0E5F2FDA70D5B75269D1ABCDE63DA4310C
            SHA-512:CD1A9786427E324076E8BE9560E7485CE26FABC9536D4B9C2A2661C1597163469D45D8A0D6CAA120ECF40A72D4D388C80FA1A6DEF12579DB7B02FFC98189AA5E
            Malicious:false
            Reputation:unknown
            Preview:BM.u......6...(.......h..... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................\...%...%...............E...o...............%...........%...............o...E.......%...%...%...%...%...E...........................%...%...o.......................%...%...................E...o.......................%...............E...E.......%...%...%...%...%...%.......%...................%...%...%.....

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250421155122Z-469.bmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
            Category:dropped
            Size (bytes):65110
            Entropy (8bit):0.010281203479617362
            Encrypted:false
            SSDEEP:
            MD5:00DB8ECE00238719F9D531102091F31C
            SHA1:2C93F28D42D242532093FAB1BB7DDE33EEE810D5
            SHA-256:95444CF39A1424F48C5D069EE1F263B613F89D22C379C4A2886F6FBE160BC00F
            SHA-512:4DE0801AAB1297B9B6A4BF85631650BAFB042F1C211D2C012D601F8FDB7836FA6AD5B5D04B0FE1F4CF50D987C94B2ED6B5FDB8A3075BAC7D30D9FD8CA1840008
            Malicious:false
            Reputation:unknown
            Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
            Category:dropped
            Size (bytes):57344
            Entropy (8bit):3.291927920232006
            Encrypted:false
            SSDEEP:
            MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
            SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
            SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
            SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
            Malicious:false
            Reputation:unknown
            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):16928
            Entropy (8bit):1.2145388409784055
            Encrypted:false
            SSDEEP:
            MD5:5A359F046608FA7E7CCEDA8BD71FB3CF
            SHA1:0B4CFC526512F729ABB0A81A52A6C26313619986
            SHA-256:FAFD854C481204844A723FCD0DE9BC53C164BF485E893F53C98412AD35DFE56D
            SHA-512:9E64DA1A6231CC6C957DFEC04BD5E9C66026D999CDCE9265623E1F56676A12AD62CF1EAD55BF49A41894DCCDF8FBEC33BD36D9D4964367EF6FAED33915CE06D2
            Malicious:false
            Reputation:unknown
            Preview:.... .c........+........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Certificate, Version=3
            Category:dropped
            Size (bytes):1391
            Entropy (8bit):7.705940075877404
            Encrypted:false
            SSDEEP:
            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
            Malicious:false
            Reputation:unknown
            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
            Category:dropped
            Size (bytes):73305
            Entropy (8bit):7.996028107841645
            Encrypted:true
            SSDEEP:
            MD5:83142242E97B8953C386F988AA694E4A
            SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
            SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
            SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
            Malicious:false
            Reputation:unknown
            Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):192
            Entropy (8bit):2.756901573172974
            Encrypted:false
            SSDEEP:
            MD5:EF6A5E5C9AE44AC0004269389F3EE475
            SHA1:C922B5D3ADCBB97E33588ADBDED813FBEBCEE4E6
            SHA-256:CFE8B1DA1406D3F5807C6A31AABFDE754E5E46E83412D65645606E7D4EF17AB9
            SHA-512:27E0F41B0C40B298D34855C888C2FA0B6FC4C91B59C1D001012C08EE1496A34325EE3D42684576650D7AEEA78CB89260F4181BF22C7B41C7B22633B02ECDC94C
            Malicious:false
            Reputation:unknown
            Preview:p...... .........B.:...(....................................................... ..........W.....u..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):330
            Entropy (8bit):3.2734110654433515
            Encrypted:false
            SSDEEP:
            MD5:18D9E7E4E29B23F34E16D755668A61D5
            SHA1:24BE903C9710AE9384325D52AF6EAF726C967B1E
            SHA-256:D3E4A8F8BB65286570096C2EB0C5F4A601BACA62047D0E132FD3F7AF832EB606
            SHA-512:A35DAC789C8D32FFA23045B584940471652AEBF9D4195ACFAF3A80AD38742E576BB662B2F27BF9013B764E91C54EB76713546BA1E3AEF209D2AB7AAABFAD4E55
            Malicious:false
            Reputation:unknown
            Preview:p...... ........d..L...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6848

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):185099
            Entropy (8bit):5.182478651346149
            Encrypted:false
            SSDEEP:
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Reputation:unknown
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):0
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Reputation:unknown
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.374440690034829
            Encrypted:false
            SSDEEP:
            MD5:A226518A30D30CD6F7AFD8C1E36B6035
            SHA1:F25011665BD9033C7BC45BC272962F942624698B
            SHA-256:C84D0BD1C7D391462C63B7736EEC570AC938AC463D875904C5310FA0D19A19FC
            SHA-512:42BE14BBE411A572B08B085ED78AD1CEE738A77BE5610B5FA7982418AE4E6DE5A60D5D88B1E528852CA9766500B6105ED5E66C7EFFB88817FF2B62C4663BA4F0
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.322906610067709
            Encrypted:false
            SSDEEP:
            MD5:0FFF0E381A885D3B4C604674E13EAC72
            SHA1:A1D6F4BE3DBBF8B39C494A768FDC94080EA0D940
            SHA-256:27169759DEEFE2773BD21695316E716324B468F217F504901FADA97438A9E410
            SHA-512:EF4AB19B2186435921E2E490A8E3D00148337193DA786945861BDE3A13D5EE73CEC91444E2365ED768410F8FD72B4392F6FC0CC9396B73864A1F4BA21DFB964E
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):294
            Entropy (8bit):5.301454926593713
            Encrypted:false
            SSDEEP:
            MD5:098DE8C0F279C7FCF1F5D92C23D2CF30
            SHA1:CC666CB1033D73DE21ADE0C678253FB1947FF770
            SHA-256:2D5CEE754326C3FF0D5EDA472185F6644C8DBCA99494A73C2A09CDDD8525AFF0
            SHA-512:BBB3D36FCCB2D6A7FD8A2EB7DB72F0F0E359170AE730983101894CA3FC21E93EE5E285A52DFECFAD522F8ACAB4AA041661CBAFE32A7730871B0DB8CF5746D407
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):285
            Entropy (8bit):5.3632095560992505
            Encrypted:false
            SSDEEP:
            MD5:BBB338D8DA3E287E5B6BAB307134C519
            SHA1:A87B18F61EBBD5EC9C772B2F19997AC4DAE63215
            SHA-256:3E993BB8530D6247E39A964E04B8F04550755B78A33F7CA72E06619B7E3DF46F
            SHA-512:66423ED1552C5C80A20D537468FE6BD9D148546D8968048CA43A22EADD538F5D675CF475F3C00558D91C5E672C72DAD28C61781B225E9562698D37A06F08BCFD
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2213
            Entropy (8bit):5.8440842320695285
            Encrypted:false
            SSDEEP:
            MD5:B922203D9F48031C69D9EF235A300181
            SHA1:302700CB121380AE46EA4CDAC667DE371B2BE3DD
            SHA-256:617593DF823F09CEF0412FC8FCB6FA02EEC7A41890A0946495752B20DFAF5973
            SHA-512:D229B4CFB275D16D49C60CA8305779322B6C59593A3B1B3F6C03432E73CF2EDD2BFC56576DD5064D389CF306DEA3A8EADBA692CF29E4B78D4C1C7121321D802A
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.311301958728162
            Encrypted:false
            SSDEEP:
            MD5:80E17DFA41B678796282869E8C83E7DE
            SHA1:526C0BA1E467B74A7A77DAA997B0C754034081A1
            SHA-256:30A7E5528D2FECBB7F3D7413FAF6E8BF74B23BF27666370F22904C74305CBD0F
            SHA-512:3046F43F62384F3B963CF6B1646665B4E2F7E857B40404DE734A4100301018FCDDEC13DD06F58BA663106D3834B2CC329EA69B23AC83873A488357816C9D9E53
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):292
            Entropy (8bit):5.313838094856658
            Encrypted:false
            SSDEEP:
            MD5:3788AEE961525787BD241AEECD536AA1
            SHA1:598EADA84807ABB653D62604ED64C6C67AF15B6E
            SHA-256:81E962D37F320ACA124343AA7EF61866A777F09A41189CC724CD2A85951B524A
            SHA-512:644E30F39C71A2181416D56A14FFC964182909A0A396CBF517E7A4F6CDC483E60BCB07C6AC40381BBDC30521E70B4E3830234811D8B7405166ECCD264C64083A
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2160
            Entropy (8bit):5.829413659724242
            Encrypted:false
            SSDEEP:
            MD5:90F6D0339D20CDA08E53491AFE29C2D7
            SHA1:036E8C4C89970964C9F4476384400D73C4C726CC
            SHA-256:4A56AD38144BDD7C3C3A4F22ABF55346B994800F43B882E97F022F3E764370C0
            SHA-512:F5B79B0EA877414DD4BEED8AB1C921B4ACB05803419EDF10E811BE6960CF5394D4FA105456DCE21483AA93556940BE0FAF6A5F7DE765CCAD0208399E387EA03B
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):295
            Entropy (8bit):5.336591230199671
            Encrypted:false
            SSDEEP:
            MD5:A823AC945C07B091467028EF51AAA291
            SHA1:1864EFE8BA47C488A36E1261CC012E65DC5E2852
            SHA-256:F83D1F640AB402C1273C0A1F7AA2A25EA6674CC9D63FF192896C8BA817CE1B09
            SHA-512:01F74ED2FECB45CD1F1F9AD0C725AB6A4FEF5AAF6693989B9D28DD3C835170FF43A070F9C5D28D0772D923A8ADBD54FC135BE74EC75CA9AF2E1958934B86AA36
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):289
            Entropy (8bit):5.317592639602031
            Encrypted:false
            SSDEEP:
            MD5:AB521A7425231869D7B7CB3EA8078F76
            SHA1:2111D7792011D85F7226E76A53E539B5CADDE5FE
            SHA-256:CB8E88C4BE8ABAB95D0978A905A361F07AC4D46674EC5A467F1D51353783E40E
            SHA-512:469589609E94001BDE7F31581A1948C883CC53ED767D593819F7F55DE023E431ACF4037C77D46FDD6CF1F460F500EDF506AC4E3B4967E3BB04435B647A16AD49
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):284
            Entropy (8bit):5.304251732923004
            Encrypted:false
            SSDEEP:
            MD5:64EEF60B593E1BE89553D1880E661592
            SHA1:6F04FF26FE021AE22AE2641C4955125813D0C77E
            SHA-256:F7849D5DE9DDD16F1BBC68CEF7197E56988FF170F04303CC372F0B4E3BEDA0A3
            SHA-512:2FA142028C458315C1C57E49B15A4842A5761E272A2A35C098EED8FA111B937C5C58DC681285331B966A6147AAD25EF29871A5E94D08ED54D3DF6882C155112A
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.301018825663509
            Encrypted:false
            SSDEEP:
            MD5:8DAC2DFC2CEAD3E44049FCF0B5892387
            SHA1:F90B05A43A4528FF9814927C72941EC614BB48AD
            SHA-256:90F37850B5DBB5514CDE92156743987B604FA0BA778268EA6851E2E05B8AB2BE
            SHA-512:19E1D65FE2894938B86D96079CC6933942DC2E57047A3EA8F40CD962B12F14699920F410BE2F86601416C8A1BA7266953E107FE23F5A3FB31F23AE4BA0135E74
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):287
            Entropy (8bit):5.30464365438112
            Encrypted:false
            SSDEEP:
            MD5:D1C27F75092AB690EEFD9AE183E587CD
            SHA1:E1323A004743A00735210ED59EC58B86A97053C9
            SHA-256:6EF61270E780BE53BEE5F17238F218A50A67A3760414E068845B8ACA0D169FC3
            SHA-512:CE3AEF37040B4ED876665FD6037299DED02DA10978E5326996A2A42ED0928538B72EE0C3D1F6A632ACE5FDE4A2FC0E9DCA34CD46FA577FD75027E306C27656DA
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2112
            Entropy (8bit):5.847024166027012
            Encrypted:false
            SSDEEP:
            MD5:B54F28FAFE8EBE18B8456683E8116EA2
            SHA1:B3DB318B85E04951461C2294B48E2C06C2B09081
            SHA-256:28D8904D4D1039A6D1D48857C3B5B745ABDB599D2BE6B0D0614A41E0319B85A0
            SHA-512:02F87826FFE6CAA89E6DB4D1A268B66B26CB38818C31CE9B41BEFC0D2C799526F208BD9323A5EF8EDF625FC7599BA5CED7081B22B3BE83695C00AD4878809EBE
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):286
            Entropy (8bit):5.281358214206137
            Encrypted:false
            SSDEEP:
            MD5:C473BE3E91DD77F78AF61EB9CC919A31
            SHA1:8381A02816C683CC5BF5215EECA7B9581898D5A9
            SHA-256:37B8C751B7929930F7F06F50C9A76C2B307DBBB41B93E37BE1986A684CFA375A
            SHA-512:C9FA9669E7EA8CB35B59DAC9566C7C3CF3CBD579F6001298FD734F7577591736EF0ECFA88D31DC664F92E31C88144C8C0CC206C0A7AC269E2237600AE7C1FAD8
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):282
            Entropy (8bit):5.286532878227121
            Encrypted:false
            SSDEEP:
            MD5:C593B3F4D1481B9A7DF8A3E9ED0D0453
            SHA1:17DAE70749EA17F026C8AE8BED1CBFD957984013
            SHA-256:F0E9D732E6F911BBA254AF0AB1682A572C83F0C7F9C3899A4848B5724D420810
            SHA-512:199A12CA820C7539C69152510D689186F0E60B06C42CF78148433B325659BA0DFA1733947C9103D4AC270D7997E7F35E4BBDB2984D3D0CC212803317C34D8749
            Malicious:false
            Reputation:unknown
            Preview:{"analyticsData":{"responseGUID":"2e4527f5-33cb-438a-b490-68a51ed9bc30","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745423610030,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):4
            Entropy (8bit):0.8112781244591328
            Encrypted:false
            SSDEEP:
            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
            Malicious:false
            Reputation:unknown
            Preview:....

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2815
            Entropy (8bit):5.125970708326782
            Encrypted:false
            SSDEEP:
            MD5:0BC159C459C45DC3C1C97DD553B6A1D4
            SHA1:D95BC4FB622765F839A763CA6E809D16343F04BA
            SHA-256:5BE1FF9127B083A5173627FE799118335FACB181D6E8D755AAC20D2747ABCBD4
            SHA-512:325B2FCD4F150039914F1EDB16C32D3D91D0087A20E04768B7EB1E6F470A00139C080F48AD423D5B0177CA4D3BE43D5F147C36AF498FA673E3DAC70006BC9DB1
            Malicious:false
            Reputation:unknown
            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"0eb295aa3d272cd687fc15ddfdc38d4f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1745250683000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ee657e1cc8ce4c5695e2f98aea9994c0","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1745250674000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"0c2be80f89b804bcfa62e9f7fa88eef4","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1745250674000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"fb2ab699e18ed5b718cd8e80f6dd8be5","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1745250674000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"422363d8528bb67924329da1891ceed3","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1745250674000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"8ddcefd0b3ab668c6a4e423c21bee260","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):0.988090348582743
            Encrypted:false
            SSDEEP:
            MD5:AB7724A0FC7917421C561906B53FC788
            SHA1:0A1820B24C37573165795F0111817F74520CD925
            SHA-256:C6B511BB4D0F3C133FD31001937B21E4CD875487F2CFB44CC6CE8BB73B63C3D0
            SHA-512:65F6CF45C0872090C01F65DA07D303896EED1823D0115588FED14C0EAEC37A7A588429144CB70AF8624D7A3C03A27BDBF09818284A91ECCEB04287F6B0F4B1C6
            Malicious:false
            Reputation:unknown
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):1.3434696742221146
            Encrypted:false
            SSDEEP:
            MD5:73B9EB22588647FEED059E009673AE1F
            SHA1:AA7A9B165382D7054B56563FC57A615D9500DBBB
            SHA-256:1C5BE7CE4191DCA2E5224CEFE853CDCE3B9CFEDF8ED493FF5DE2AC16DD1080DD
            SHA-512:51CB17927E5FC46A428560B50F41014256E8010A3C54B1A8C3316C8A834AFD7C4AB7F920F44C6A6D593EB7F0B71C1C8828F52CDC0EB34A2DCC15B9EC13A4CB50
            Malicious:false
            Reputation:unknown
            Preview:.... .c.....b<{.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\MSI395b2.LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):246
            Entropy (8bit):3.5029068020919194
            Encrypted:false
            SSDEEP:
            MD5:E56BC6BCF2F4EAEB411DAD586C587EA7
            SHA1:A36348CFC222B913D66A612F299C7895358C0720
            SHA-256:B852D5875E96DD789706B91F356CED2B0781072E3CDFDF76912C3A838DD892F9
            SHA-512:AEDD045AE228EE9A3C80CA32B5A092BCC215EF7CEA869C6F21C383526AF208B51AF30E1FCD17D5BCF72CB655985DC61165F744AEF4BDC02EF4037E4FCA17938E
            Malicious:false
            Reputation:unknown
            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.1./.0.4./.2.0.2.5. . .1.1.:.5.1.:.1.6. .=.=.=.....

            C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250421T1151000575-7060.etl

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:modified
            Size (bytes):106496
            Entropy (8bit):4.468782147520539
            Encrypted:false
            SSDEEP:
            MD5:01CF82A5B4AA84388EA3606BAEE19A3F
            SHA1:560DC127EE0E74E5CA43C7B28C9D45DF959FFA83
            SHA-256:2C855E3562278268EC2F5DA72909DE55DC70F07F78448E2DA659BCC7B0CBE6F7
            SHA-512:B002B953121CC513606FC8BC90C4A705FFE40A7D8701FDB0405B45432E92B3E9E4A7B4DF2EDCE0439227A4BFD3A3403CF191669D84DF7E419531852648AEE33B
            Malicious:false
            Reputation:unknown
            Preview:............................................................................`..............-...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................0.7..............-...........v.2._.O.U.T.L.O.O.K.:.1.b.9.4.:.2.e.b.0.7.e.3.9.c.8.9.5.4.0.5.e.9.8.0.1.7.2.2.7.3.0.9.0.7.3.5.c...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.4.2.1.T.1.1.5.1.0.0.0.5.7.5.-.7.0.6.0...e.t.l.......P.P............-...........................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-21 11-51-11-624.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393)
            Category:dropped
            Size (bytes):16525
            Entropy (8bit):5.353642815103214
            Encrypted:false
            SSDEEP:
            MD5:91F06491552FC977E9E8AF47786EE7C1
            SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
            SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
            SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
            Malicious:false
            Reputation:unknown
            Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):29752
            Entropy (8bit):5.4162774266602485
            Encrypted:false
            SSDEEP:
            MD5:762D7CED0D27257A50B2B2DD2ACC3665
            SHA1:0FCEC42BB0EB528ACF79F72B1F642F5AB08CDE82
            SHA-256:604C3F1FA3C46EC89567BF9FB70CBB207DB2D5ABFB959A2C1B3AAFCA002A031E
            SHA-512:17714387E642CBA74FFB197F368BDF87373A6BB8CDCB0375A05C96834C6126A7E1698E2D6A8EE8EDF07A89404205B05013944FD479D7401BDCF796B142C3EE41
            Malicious:false
            Reputation:unknown
            Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

            C:\Users\user\AppData\Local\Temp\acrocef_low\29931ebd-6b85-4475-b808-6e95204061df.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
            Category:dropped
            Size (bytes):386528
            Entropy (8bit):7.9736851559892425
            Encrypted:false
            SSDEEP:
            MD5:5C48B0AD2FEF800949466AE872E1F1E2
            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
            Malicious:false
            Reputation:unknown
            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

            C:\Users\user\AppData\Local\Temp\acrocef_low\2fa075ef-64ce-4631-9521-5fa6e88c88da.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
            Category:dropped
            Size (bytes):1419751
            Entropy (8bit):7.976496077007677
            Encrypted:false
            SSDEEP:
            MD5:1A39CAAE4C5F8AD2A98F0756FFCBA562
            SHA1:279F2B503A0B10E257674D31532B01EA7DE0473F
            SHA-256:57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
            SHA-512:73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
            Malicious:false
            Reputation:unknown
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\39b93ccd-c19e-46b9-b01e-dc68f39fde79.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
            Category:dropped
            Size (bytes):758601
            Entropy (8bit):7.98639316555857
            Encrypted:false
            SSDEEP:
            MD5:59EE5E2FB56A099CAA8EDFD7AF821ED6
            SHA1:F5DC4F876768D57B69EC894ADE0A66E813BFED92
            SHA-256:E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75
            SHA-512:77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE
            Malicious:false
            Reputation:unknown
            Preview:...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=*.R........4..(WCMQ..u]]R...R......5.*..N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]|..7;.5....^..7(.E..@..s...2..}..j....*...t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...z*Bs|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5|:bj[.._R{gi...^

            C:\Users\user\AppData\Local\Temp\acrocef_low\ab6e25fe-ba5a-4211-ae11-ae36e711878b.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
            Category:dropped
            Size (bytes):1407294
            Entropy (8bit):7.97605879016224
            Encrypted:false
            SSDEEP:
            MD5:9A0DB1882660D02A9C5A0EA5814705F9
            SHA1:16EECDF2569D1BA1FF8357D6585E644ACB725A3A
            SHA-256:725FE3DF6DBFBCC7B760F4AD240344095A1E2BD5BE4CAAC13D34B15BAC5052DC
            SHA-512:2E51F185C6B4A3D5CBF5DB4859F3A5CC4649CD6D619015D454A899843D3D1303C6E6950BB542373CE713C51E0051ED9D4E8B62E3C12BBD6A93C0AC3DC28D277D
            Malicious:false
            Reputation:unknown
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\olkC02E.tmp

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):197595
            Entropy (8bit):7.997758005149571
            Encrypted:true
            SSDEEP:
            MD5:956A92EB1D0B159A007770F4A55119E8
            SHA1:0CE413A905367273E7F1E7910CD891C7199B594B
            SHA-256:307189181D86F58F021C2461895C7C6A818F6AEC39E5185EFCE43067AAE73541
            SHA-512:A0C3A866DCE480C4B45329125EB71F55A2BE6B7B6387C71A011E3459B5D20D8201937E6B0D41726C21A527A4F526562F3321668D910A4B173011D1F2123BD1E3
            Malicious:false
            Reputation:unknown
            Preview:...}.A.....v...L....=xp...e|.]....g.d.....jA...V..B..U..e>...G^_;q....]...6..m...?..j.......56..#._..._..%.&.M..n....vOC......!,.m@.B....[N0G5.f>.fc....u..b.O...ud....18..C.1of.'Dx.5}66_5...5........iO+u..wb..=4.......z..m:]._.^\.^.g.kMnSUK:`.v~..G...x.......`U.I.".W.......k.$6.O? {.Q..$PR..7j..L...k......(.;c.kMM..{p.I.T...'`...7....&.5...M.'..^....Fi...Y.IJ22.Q.).t.L.rT..n..R@.........U..qT.|.j..'Su.../..K.......1.)...ET....woi......3e..n#^.4.l.'lq.=.K..E\.....Kvi'....p..........f.....El3.o..W......M`....=s.H..8.Bm.b*.zAD...^^\....Y.Xz6.az.#...._.I...q.. .vf*.76Wf.<..5.kz.k...-.....:.2..d*..=k...#}..+..'.p&..2.]..9.....C...m.m}Q.l.3...@~gw.M..+.Z.)Kt..<...j...b..30...YOq .pLj.....<.....~0#.O.../r..u..j..f..U..T.x....m.w......x..9x...t}.e.a.h.)....`c3a....).<...T<.?...y....F.._......V.OP...R.:}*.kuy...d...-IN=x.1].....8...wN."v.(;...K...X?..`...?..-^...R........Y......I.!T.:U..X..}X....vP.K../..T.+JJ..z.F....P.j....i).-mI..3f..mY...r.F.+A.3...+.

            C:\Users\user\AppData\Local\Temp\olkC04E.tmp

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):226545
            Entropy (8bit):7.965465036298205
            Encrypted:false
            SSDEEP:
            MD5:3A29BBFDEF5CC8EF4EF98DB036A028FC
            SHA1:411D5605F93B42F03F3EC7932DE26A75D4B14392
            SHA-256:9F065A8C988292A1B0F3601D80F4C93DFE2D50D4D50F9A354B853826AB359E14
            SHA-512:E43FE283A1995EE5FD359016E6B2AC0709A2827C9D9842332FF082796262034CDDC839C6BF8CA9928BBB81B7A79B89C7216CA998D1084BFEF0F41EADB7BCAA2A
            Malicious:false
            Reputation:unknown
            Preview:.I....?\......I....?\.......).?...Sa.Ur.EtG....l?......~p.3..?..}..~p.3..?....z!..i_.6..S.....sJ......b9.Rxi..h..(...i.Rxi..h..(...j..w.."..n#..7r.&..f.K[L.M.#k..).QO. .......C...#ajF......m..K.....XR.h....uJ..@JC.....J.6....R.lz..O.?8......m>.O.?8......mw.<(..}.Db..J..<..o?.9.|.)...."...u..}.k9....9..T..UA....<4..4g......<4..4g....U.G..0...D....yb`..k...x.F...m...Nsc..0...Y.W.</.2.VM...j+.u].C.. ...Hc.C.....9.A....<4..4g......<4..4g....#.D.C....l?..C..8z..,z:c....5...[..XH........).0..n...A....<4..4g......<4..4g....#.E4C....l?..G]x4...[.K6.S......h'l.*n...bo('.m7P.p=B.b...<4..4g......<4..4g......,.../P.Z6.'.....uH..5.+...H.T..L.B...0...z.*e.......y..:C$..9..[f9d.b.Hp..1...1D=..<.c..Rxi..h..(...i.Rxi..h..(...k$.]...d..i.w.f9.....E]..'8&QO'......>U..D.C....l?...}..~p.3..?..}..~p.3..?....z!..i_.6..S.....sJ......b9.Rxi..h..(...i.Rxi..h..(...j........bz..I....W......",..r....&..i...... .@.......y..OJ.x.&n...m..XP.m.vr.l.t.g.h61.u'......r....u'..

            C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:Microsoft Outlook email folder (>=2003)
            Category:dropped
            Size (bytes):2302976
            Entropy (8bit):3.547181464060047
            Encrypted:false
            SSDEEP:
            MD5:025242D16013DBC2712A4137326010FD
            SHA1:DFF9728E4CE1FF6453FDBFE8466C0AD3202B383E
            SHA-256:EA148FA17840B0F5FBEBEDB72657A8499D01E2E0FE108A8F58A5FB82371AF775
            SHA-512:723F6432E5AF9DA45DEB8A914E9A8CA08DFD27AD6E7BB655E0C3D3B96BCAE188A1648EA1765385660CD33C4905CD02F3109AA7D739773CDF208DA06201FD4FBA
            Malicious:false
            Reputation:unknown
            Preview:!BDN..rzSM......\.......................]................@...........@...@...................................@...........................................................................$#......D...............................t...............8..........................................................................................................................................................................................................................................................................................uTH=Zc......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

            Download File
            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            File Type:data
            Category:dropped
            Size (bytes):786432
            Entropy (8bit):7.707194244723797
            Encrypted:false
            SSDEEP:
            MD5:F8D5173A13E21A8324591AA407FD71B7
            SHA1:235F8FB6600435F39E9A152A93B395B172C9A0F6
            SHA-256:2450821F2EB23C4C2DA1BF1816AED452B94BFE8FEEE55662B33258D15646D5AB
            SHA-512:7816E079F5D7CF7F9895C17CA8977D52776A4ACD89ED15C6C54ACA6568E36C8B3170A18E38CC90CCC6D134E54E442ECAF39803F6FB031F3ED4E5EDF79FA58235
            Malicious:false
            Reputation:unknown
            Preview:Y.gnC...............q..-.....................#.!BDN..rzSM......\.......................]................@...........@...@...................................@...........................................................................$#......D...............................t...............8..........................................................................................................................................................................................................................................................................................uTH=Zc..q..-........D............#...~.......................................................x.............................................................................................................................................................................................................................................................................................................................................

            Static File Info

            General

            File type:ASCII text, with very long lines (339)
            Entropy (8bit):6.023318398761116
            TrID:
              File name:email (1).eml
              File size:952'131 bytes
              MD5:ed17b7874a114bc0aa4024b5cec13205
              SHA1:c0954b714976e480984585ce58f696269ad6ec52
              SHA256:ba4328fae25f6ec5519dd47bc1f57b6aad473fbff56c142a1b884a29ed052a63
              SHA512:64f01f6a83ec66ce3879d88a4b65f38eaff96fee9313a03c18bdd9cf74d49bd6d35e5dfc71347003760bf89d5ffa25f1e8cdd028fdba0398b07e35843dcef52e
              SSDEEP:12288:6n7fAQlKbBl6Nxo9/c6nXW3i15sGMOAmxeTsokQ0xJkTKKla8SFb8Jqc+F5unugT:6n7fg7mU/XW3i1WGdaTqela9bgG6u2
              TLSH:D7159B3D47037EBD8EBA03CD10DE3D5429B008FB4A3459D9E9DABE4889B2D40EE99D54
              File Content Preview:Authentication-Results: ppe-hosted.com; spf=softfail smtp.mailfrom=technologist.com; dmarc=fail header.from=technologist.com header.policy=quarantine; .Received: from mx1-us1.ppe-hosted.com (unknown [10.7.64.117]).by pure.maildistiller.com (PPE Hosted ESM

              Static Mail

              General

              Subject:Total Energies (RFQ)
              From:''Thomas Pierre'' <totalenenergiespurchases@technologist.com>
              To:Recipients <totalenenergiespurchases@technologist.com>
              Cc:
              BCC:
              Date:Thu, 17 Apr 2025 05:57:40 -0700
              Communications:
              • Good day, I am reaching out to invite your company to provide a quotation for the products detailed in the attached request. We recognise that some of these items may not align with your usual supplies, but we expect your expertise in sourcing and supplying these products. Please note that this is a one-time tender, and we require the product and its components delivered on or before the date specified in the attached document. We anticipate your prompt response to enable us to proceed to the next step. Thank you and looking forward to reviewing your proposal soonest. ================================================================================================================================================================= Buen da, Me pongo en contacto con usted para invitar a su empresa a que nos enve una cotizacin de los productos detallados en la solicitud adjunta. Reconocemos que algunos de estos artculos pueden no coincidir con sus suministros habituales, pero esperamos contar con su experiencia en la bsqueda y suministro de estos productos. Tenga en cuenta que se trata de una licitacin nica y que necesitamos que el producto y sus componentes se entreguen en la fecha especificada en el documento adjunto o antes. Esperamos su pronta respuesta para poder continuar con el siguiente paso. Gracias y esperamos poder revisar su propuesta lo antes posible. Thomas Pierre (Procurement Manager) Address: 1201 Louisiana St #1800 Houston, TX USA. Phone: +1 713 399-5130 Fax: +1 713 969-4788 Email: totalenenergiespurchase@technologist.com Aviso: Las informaciones transmitidas, y que comprenden las piezas unidas, estn destinadas nicamente al uso exclusivo de las personas o entidades auxquelles a las que van dirigidas y pueden contener elementos confidenciales y privilegiados que puedan ser utilizados bajo privilegios legales. Todas las conferencias, reseas, retransmisiones, difusiones, distribuciones, reproducciones y otros usos, as como premios por todos los fondos de estas informaciones, para personas y entidades distintas del destinatario sin el consentimiento previo del expedidor no estn autorizadas y estn estrictamente prohibidas. . Si recibi este mensaje de la persona equivocada, consulte la informacin inmediatamente en el expediente y elimine el mensaje de su computadora sin copias. Todos los puntos de vista y opiniones del personal se expresan en el mensaje electrnico appartiennent l'expditeur y ne reprsentent pas ncessairement de los puntos de vista y opiniones de la Sociedad. *tener total proteccin ambiental y reflexin antes de imprimir*
              Attachments:
              • RFQ-TC23223.pdf
              • Datasheet (Skye Solutions Quarry pump).pdf
              Key Value
              Authentication-Resultspanda.processnet.hu; auth=pass smtp.auth=tcomp@tocke.hu smtp.mailfrom=totalenenergiespurchases@technologist.com
              Receivedfrom [192.168.8.187] (unknown [41.116.130.247]) (Authenticated sender: tcomp@tocke.hu) by panda.processnet.hu (Postfix) with ESMTPA id 2DAF9302A0A; Thu, 17 Apr 2025 14:58:00 +0200 (CEST)
              Content-Typemultipart/mixed; boundary="===============0273619003=="
              MIME-Version1.0
              SubjectTotal Energies (RFQ)
              ToRecipients <totalenenergiespurchases@technologist.com>
              From''Thomas Pierre'' <totalenenergiespurchases@technologist.com>
              DateThu, 17 Apr 2025 05:57:40 -0700
              Reply-Tototalenenergiespurchase@technologist.com
              X-PPE-STACK{"stack":"us4"}

              File Icon

              Icon Hash:46070c0a8e0c67d6