Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_iocp_v1.4.48 (19).eml

Overview

General Information

Sample name:phish_alert_iocp_v1.4.48 (19).eml
Analysis ID:1528479
MD5:87d182741a2211dc340ba22b94ea0a3e
SHA1:1b7e0a99537763c1b1a57768338218e8b08ca768
SHA256:76a8c3dea860c57bd75a372914b0ef1bf60a96463a46171ab532dd4679ba0f50
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6872 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_iocp_v1.4.48 (19).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7056 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45E6D4BA-5F4E-4862-8731-1813FFDDFF47" "207B9D15-1F5E-4857-9DF0-B8EFF8DEACA4" "6872" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 4880 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ENIKZ14D\Wiley Receipt 9300207546.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6952 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 4180 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1564,i,10266607786451334295,11852839139659706369,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6872, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ENIKZ14D\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6872, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: classification engineClassification label: clean1.winEML@21/59@3/116
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T1809180949-6872.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_iocp_v1.4.48 (19).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45E6D4BA-5F4E-4862-8731-1813FFDDFF47" "207B9D15-1F5E-4857-9DF0-B8EFF8DEACA4" "6872" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45E6D4BA-5F4E-4862-8731-1813FFDDFF47" "207B9D15-1F5E-4857-9DF0-B8EFF8DEACA4" "6872" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ENIKZ14D\Wiley Receipt 9300207546.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1564,i,10266607786451334295,11852839139659706369,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 44E2D029E60773121D8B4F419935670B
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ENIKZ14D\Wiley Receipt 9300207546.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1564,i,10266607786451334295,11852839139659706369,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager14
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    52.113.194.132
    		unknownUnited States
    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    162.159.61.3
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse
    93.184.221.240
    		unknownEuropean Union
    		15133EDGECASTUSfalse
    2.23.197.184
    		unknownEuropean Union
    		1273CWVodafoneGroupPLCEUfalse
    52.202.204.11
    		unknownUnited States
    		14618AMAZON-AESUSfalse
    2.19.126.151
    		unknownEuropean Union
    		16625AKAMAI-ASUSfalse
    52.109.28.48
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    23.217.172.185
    		unknownUnited States
    		16625AKAMAI-ASUSfalse
    184.28.88.176
    		unknownUnited States
    		16625AKAMAI-ASUSfalse
    52.109.89.18
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    13.69.116.108
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    52.109.76.243
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1528479
    Start date and time:2024-10-08 00:08:45 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:19
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:phish_alert_iocp_v1.4.48 (19).eml
    Detection:CLEAN
    Classification:clean1.winEML@21/59@3/116
    Cookbook Comments:
    • Found application associated with file extension: .eml

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 52.109.76.243, 2.19.126.151, 2.19.126.160, 13.69.116.108, 52.109.28.48
    • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtQueryAttributesFile calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Report size getting too big, too many NtSetValueKey calls found.
    • VT rate limit hit for: phish_alert_iocp_v1.4.48 (19).eml

    LLM Input / Output

    InputOutput
    URL: Email Model: jbxai
    {
"brand":["John Wiley & Sons"],
"contains_trigger_text":true,
"trigger_text":"Attached is your documentation for your most recent transaction with John Wiley & Sons.",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"text":"Dear Wiley Customer,
 Attached is your documentation for your most recent transaction with John Wiley & Sons. Thank you for your business,
 John Wiley & Sons ** Please do not reply to this email,
 as we are unable to respond from this address. The contents of this email and any attachments are confidential and intended only for the person or entity to whom it is addressed. If you are not the intended recipient,
 any use,
 review,
 distribution,
 reproduction or any action taken in reliance upon this message is strictly prohibited. If you received this message in error,
 please immediately notify the sender and permanently delete all copies of the email and any attachments.",
"has_visible_qrcode":false}
    URL: PDF document Model: jbxai
    {
"brand":["Wiley"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"John Wiley & Sons,
 Inc. 111 River Street Hoboken,
 NJ 07030,
 USA Customer Service: cssupport@wiley.com Date: 07-Oct-2024 Account: Purchase Order: Our Tax ID: Bill to: HR DIRECTOR LARRY THOMPSON HR Director Larry Thompson PO BOX 239 MCMINNVILLE OR 97128-0239 Ship to: First Federal HR Director Larry Thompson 118 NE 3RD ST. McMinnville OR 97128-4902 Description Illinois Bankers Association Digital Product Description:Career Center Advertiser:First Federal Business Stream:Advertising Headline:Corporate Risk Manager - Banking Paid Position:Recruitment Posting Service Period:20241007 20241206 Type:Job post 284711",
"has_visible_qrcode":false}

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):290
    Entropy (8bit):5.18268583982767
    Encrypted:false
    SSDEEP:
    MD5:FFC9FE546F4F20097FFE97DF91EFFE95
    SHA1:BF915E4546282EFC11070C5F9F2F0C06C1E6AD05
    SHA-256:C4B8F1DA400A75BA94008A7A4AAB05A0829F8221FAFA16F0CD0C03E218EE7C76
    SHA-512:EA9E4CA5349A1D4E364488AEFDDAD5933AA930646EDB58DD0A4A877DAB88F347A26BE6398849845E2893EC8338A3620BFEF464D9E5602972805C7B6727908950
    Malicious:false
    Reputation:unknown
    Preview:2024/10/07-18:09:34.277 112c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-18:09:34.279 112c Recovering log #3.2024/10/07-18:09:34.279 112c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):334
    Entropy (8bit):5.173315390419155
    Encrypted:false
    SSDEEP:
    MD5:11D0E714510C75C2B8EB38141FA8EA4D
    SHA1:6777AEA570D19C5CD7C38EAA08566EAD3FEB4187
    SHA-256:5E6B2CE52458DA7784EA454CACBF5951C75A5A3900E5C06B607F3A6BC387331B
    SHA-512:54955F067F33C4CA09E1D862B6A510D72BF4F1C33C49829171D9BDECDC9AF865EF20F25760DF06718B1A91B5CA782683C8353FCE6F8B2319A7535FE372F01405
    Malicious:false
    Reputation:unknown
    Preview:2024/10/07-18:09:34.046 10f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-18:09:34.049 10f8 Recovering log #3.2024/10/07-18:09:34.049 10f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\99038087-eac8-458c-b823-1857127c6462.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.979698157688503
    Encrypted:false
    SSDEEP:
    MD5:8AF7F6C490CDBACB5C8CD414563F290B
    SHA1:58E6A7FF51FEB9BC5CA19D8BC29602BE5E6A043B
    SHA-256:81C523F961570E76BB7F759A8436952B82442EF9B03C7AEDA2F6F29B93CC1843
    SHA-512:8ADD54E66D53ACAFE0AC449CDD6FFD379C1D95CF5C6AB302A945CB0710BF4955D4783A7EEBD0720BC43AB5B598332ED342E230B8EC70631D838DE4870BBE9844
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372898986283850","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":121981},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9e619a82-bd3e-46dc-8e0a-c5d31e70c79e.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Unknown
    Category:modified
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Unknown
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3fcd21.TMP (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Unknown
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4099
    Entropy (8bit):5.224937240605703
    Encrypted:false
    SSDEEP:
    MD5:D13614E7B6AB3E3C3374B3065B0D896B
    SHA1:F6AF569E9C748400E1A0F5C1540B3B7E5BE1B6C5
    SHA-256:BF4FE22A4DE13E06E2E339B8B44064298DAAE2FDCD1D7D3EF5C3EFCFF5B74955
    SHA-512:371EB8F1DEF375FBF6C457666961DBE35F981A4C268CF7A67E10DDCF9BA3C611520C946F51FFEB324260BB2351EDC63DF1E7A2643F4640B6A43130D94D4CC064
    Malicious:false
    Reputation:unknown
    Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):322
    Entropy (8bit):5.178898880510223
    Encrypted:false
    SSDEEP:
    MD5:F83302814ACDAA9F7AC0A870D90279D4
    SHA1:1069E4843F9B615DA8C4ED6DF8B4F0859E820A38
    SHA-256:0D25FE983C4DA7B92AFF351FEA6E03D1077E9D714BBF068B1DBEC19185F86705
    SHA-512:785FF123EE9B7FF3DB89427F5E6B47FBD95C802C5E8BE9B824DE96491EEEB605D89DD1E249B64ADC92B25423EFA88FF96411097FE2C0E8EA73999C95BF52C9D5
    Malicious:false
    Reputation:unknown
    Preview:2024/10/07-18:09:34.320 10f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-18:09:34.322 10f8 Recovering log #3.2024/10/07-18:09:34.324 10f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007220937Z-165.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
    Category:dropped
    Size (bytes):65110
    Entropy (8bit):0.8571051865881764
    Encrypted:false
    SSDEEP:
    MD5:A8D34E6353421D225E27CC8A6853B477
    SHA1:A26C4085C85768A9C16532DCDE8B2106F62460F7
    SHA-256:CBDA504C768757A2910F79AA6D559B142043275A819C08B100E24448CCA966D8
    SHA-512:AB18D08F88F22F72718F260352C19B15450802566475732391EF9EC5B3F77907551BFEFE060908E8963C63BDB75FCF38BD6DF5C5C0A96F1A5555D93308DE946A
    Malicious:false
    Reputation:unknown
    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):57344
    Entropy (8bit):3.291927920232006
    Encrypted:false
    SSDEEP:
    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):16928
    Entropy (8bit):1.2145020144801928
    Encrypted:false
    SSDEEP:
    MD5:29A83E26432900AE20296919AE432206
    SHA1:BD9D8994A087D6F4EE9EED13938470AD65212FAE
    SHA-256:C663E180C3D7C0781621434D4DF727E1380BC85FAAEF0A227966A38B67C28942
    SHA-512:7C115C1301C3862F9DBBDBB2CC22C3DD65657A9715091AB20A7A16C945179031810602D0B16A9289DA27D2E8D0680430F0570327F02E7146006C9ED7F211E7C7
    Malicious:false
    Reputation:unknown
    Preview:.... .c......p|2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Reputation:unknown
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Reputation:unknown
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.7464849065063075
    Encrypted:false
    SSDEEP:
    MD5:85CCC48A03762520DDAFF6804DF69339
    SHA1:AACD364820C4F738862AFE310BA4554068DF4BE3
    SHA-256:5918F817966A1388377948B51AD69BAAAB301334300585F96D548592C15DE2D4
    SHA-512:8BB464F238849FBF31979E70CB83F8493A5758DAB6F04A6737CBB3DB0EADC416DDDC210AD203092D691EC852575AFA3891C263BE6A3BC99F07E0AB8353B5D172
    Malicious:false
    Reputation:unknown
    Preview:p...... ................(....................................................... ..........W....eK..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):328
    Entropy (8bit):3.132195944836352
    Encrypted:false
    SSDEEP:
    MD5:8DB7BEF0DE5B5C94F3C7B60EFBBCDE7B
    SHA1:16EFE415D24791AE67F624CA1B31E9737AE53DD7
    SHA-256:E2C48604015A3C60FC2311B03774A533ECE55A9E2F73753FEBD0B6EB3872A0AD
    SHA-512:ADA374E8C592102B4C5C3634DAF047A6055072CF4E30AF7E243BBF07C376FB05DFEBA197286971F1C46FAE0E067E4C58F0BDECF5963C3ED5FE9373D89827C2FA
    Malicious:false
    Reputation:unknown
    Preview:p...... ........e.......(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1216

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Reputation:unknown
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Reputation:unknown
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.370512959271287
    Encrypted:false
    SSDEEP:
    MD5:F875A1CB48C4EE032D2D4CA6DE1A945C
    SHA1:0DBF14DCC74346225D4B03E968ED5DCF77394B79
    SHA-256:5F21D60FCD5F2BB6C3ECC8E91B53D866A154193AB0473FF6F65D14282D324D7D
    SHA-512:D631B7018C49FC811E03F4D6B79DECB40D6BDA492EECB83B89F02B18CF4D7D3C04E0C826C114F8659D5911CB44FA93654CF42B93E370C4C86F8221DF9E1EED14
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.315959901717267
    Encrypted:false
    SSDEEP:
    MD5:E855A0C198ABD20FA10B94E41A417F4E
    SHA1:164B620135F4D2D66CA66692F2E4575C9C591B4E
    SHA-256:B44483CEC77C82F9DD6D57150C47437DF4DB40F6EC9E50A75DC15525D007D496
    SHA-512:9FDB719F4CF36B0922BABDDD001CCC650D6BEF6E86DBE21F40EC5847F45F32A7375D9312D90F5C867B91E1734104D148CA7A84C9911CC45EA9B26E562F5DF8C0
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.294780976762866
    Encrypted:false
    SSDEEP:
    MD5:DE9F508C532270296A06CE804A518E2E
    SHA1:1CFB22051BA2695FE2B40DDA7B363A94DA1F56E6
    SHA-256:16DC66559795A8160C092B035E0709ED59B970428D6FE62BBBC64564D1038A62
    SHA-512:4F6C84121C02B77CB32887994E30BA77D25858F04EAFF9F04682E5870792EA6F6238FC24624D909B67786E22BFED6AFDAD7FF2D8F875E678F40FEE703305AD9C
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.359144010221198
    Encrypted:false
    SSDEEP:
    MD5:4A146B273CBEF487B6B7AAF68879E47E
    SHA1:1D352DC23AB09DF8BAFC747C53A96102252E0245
    SHA-256:E52F5FD5F8136EE542559D807C8E8C06B7065B48B1BD650C65D635389FE4E19F
    SHA-512:7A662182CD7F7FAB4E53F78F49B4A8244CBF40797E101F77DB58101855897566EECBECFF4FD7A925342F09CB28F9500512830BF9DF9BC17C5B3AB05B994A0BCC
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1083
    Entropy (8bit):5.6865933096092585
    Encrypted:false
    SSDEEP:
    MD5:AD79D98217DBC5FBAF4141FDD4CBF4A9
    SHA1:F148F312964369DC895D39065E7D76F156334BE6
    SHA-256:36A4015A4B126ED216BEC255DED61B5A977091284F8B6F4ED112147683F38052
    SHA-512:F2ECD488B944E11EDC56C60B9A4DCF5A8BC096F533B91E3BD849327FD6CAC31D0D8599D8EAC84628161B099F9FC568F7EB43D7B4376D52EE5AE51F21CEDBEFBF
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"22b145c0-22bc-4bba-811f-7234f288595b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ29udHJvbCJ9","dataType":"applicatio

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1050
    Entropy (8bit):5.658045290171486
    Encrypted:false
    SSDEEP:
    MD5:5BB2B228031735974D6BB22C2CCAB069
    SHA1:B7B473CC5BB3B6C3C539F54A67D1F6D637CEA776
    SHA-256:610DA8C048169B657182B18AAB0F68BAFA097BB5FBA7204B2F4C8BD732173400
    SHA-512:F51EC6B7C4BE53B1BB46CCFAB22BE41DD5C310C6393A5648C500E217C00BBCB7143E7216772946910DEE6F489CD741CA0392C20961FD1693F98CDAD53392C877
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.3103448130631055
    Encrypted:false
    SSDEEP:
    MD5:5475F0D763F6DB814D742084CD08801C
    SHA1:564A700A6C642D70D9B3AA6B4BBEE40D91494B4B
    SHA-256:E208AE72215918B954E73FFFCF44356241EC345B4E1C633702C94CF09262453D
    SHA-512:6D7F28B44A06772A2F344E606B18AF104A6A82F07053BE90B8D474CCEC5654C1E7C135F6141CBD9C4AD507A6BDD787B966175D7CD10E2892EE8EC5110B8DADB5
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1062
    Entropy (8bit):5.69289571420632
    Encrypted:false
    SSDEEP:
    MD5:0AE8E2CB100804A971BFAF7EB1DF629F
    SHA1:92B5B3A4A202DB02953CB92D842FF1CD8B86D63A
    SHA-256:778AEDC2C3FE1620584993DC0253E517414EBEBEE84117C2273FC4FE788E0CC5
    SHA-512:55D402924D0827CD29CE464C8D273134CD99658EB499605E7B5E34BC6F23C1169449294FFB4E19157EA060FA335A669E947479288331B1E1C45172932623FA74
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"58886bd3-acd7-4f84-ae2e-6684bc127c41","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application\/json","encodingSch

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):5.7028754329427285
    Encrypted:false
    SSDEEP:
    MD5:F211F795DD02371749B751D1C6A2C751
    SHA1:F608FDA0E788582C39570CEAD007939BA802EFC8
    SHA-256:7663AD30BEA00F43F9121EAC66AB130B3CBDA16F2865DA3E28005B3343736DFD
    SHA-512:535B9C417FF21F7B5E0DE41E3369D320B1551539CCDE5D2F79E7BBB2C81304AE7AACC5BE93DAD1C1F3CF640405DE90CDF7884948D2D741295424AF64196042FF
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.3140630953677155
    Encrypted:false
    SSDEEP:
    MD5:B3F93BCB94FABE8E044CBF8A4279C991
    SHA1:DF3085FD2C8CC304FD9564D55CEE7BC9B4211B31
    SHA-256:243E261AB559EB35A2C062C94F111F5A4BCF677BCBE4FC885F96D63253C23F42
    SHA-512:09B0DC543CE8FEFF92804E398A6CC17DFCFF280C2399023A6112923D0F4FC0D376AB83123891C47B13D6305F9EDA8ACF9AB325E0272CC6D96B87793CEA9E1E10
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.7776563551239155
    Encrypted:false
    SSDEEP:
    MD5:91885276CE42F8B1CFE10474AEC53D25
    SHA1:36AE1D5AD4CD5A0D6ABAFFE433A133DE2496A925
    SHA-256:95D83C20693057BC5C093F725A2793AEF57394B840BEF2C8A3B9FFA61ECFB72F
    SHA-512:EEC5B94F3BC1A4592DDAD2BCD44E6CBEDBD030F729F4DCF987BE3A6469C578F6285C5BB06C13BCE282CF7009C91AC4C6CC71D533DC24485CB8959DA922E89455
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.297513539465168
    Encrypted:false
    SSDEEP:
    MD5:EB38F3477158B6632F07641920302DE1
    SHA1:652DE0D7A0AC46FDB7484A6A8257E5929AE15213
    SHA-256:94D5E6C1D074B1B04DA0ED8F5A14B474383CCE77700A3C27138247A51A749E94
    SHA-512:6721A6B6F1C89F85EA2FDE676076E6C7E7DC98D848E913C1E7E2DFDABC5AF72A35871DE25278EFEDF78B962BEF0732D02EF340FCBC81862E71A5B8EB24593E8A
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.301089514019737
    Encrypted:false
    SSDEEP:
    MD5:49FF74100FFEB0FAB927E261C762F8B4
    SHA1:8E0C45E137B27F66D343729C3653EBF34AE521C0
    SHA-256:C554EC583490D7B0AFD12AABE283FA3086E249D105CAAC2EC4F52607EA6DFDA4
    SHA-512:678C0E9E2A107A86B9A465440A5B25B42AC4CEAB1CD1E27BE7439CC4ECFD93C6A36AA94528D02199BEC57DF873BE6BB55999C749339E2B62ED9AE5EA397B7632
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1082
    Entropy (8bit):5.6899253226351645
    Encrypted:false
    SSDEEP:
    MD5:1CCF3B3CFC7600A3B1774DB4767104A1
    SHA1:0F71E7D5C4AC4A6E6053BA0FF04BE1EA9EE8962F
    SHA-256:09CF98960C73F412FA39B7DAB4E67D29A589DA274BC0278D27B6307CED3C9402
    SHA-512:57853060D87D18BB358914743AF854203A2DA2C66E9546D089449CE1C118C71BB2170AB48B429C98F8655EECCBAD39EAFC8049234303823490F7990756696BA2
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"a8b11c37-7d39-4b12-9d33-a040ee4d296b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.279346608253843
    Encrypted:false
    SSDEEP:
    MD5:DE31F785BAC01904315FFA9A5708D0E3
    SHA1:DAD82EB559F80C5456AE66D69D28AD1C3F677B3B
    SHA-256:A029CCE18140D2A065316660B4D701F717F21821466CD2DA1807F5A95559F535
    SHA-512:8F68CC34FE47B9C399C68E49A6E79EBCD6508B76EB05691E56539EAEF07FE6E39B175153CC95C05F262D92DEFCE7097950FABCEFE132BDC6EDA8DAA623799D96
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.370971816401044
    Encrypted:false
    SSDEEP:
    MD5:9083646FF4D74B54B4CE7BE8EE734377
    SHA1:FC6E1F72D64F4001BB186A40D242C2F812BE73DF
    SHA-256:C210ECF5E837F4EA0CDE3E3865075BAA63C9F596797EDE91B2292B433C37DDEA
    SHA-512:2E3DD706EFA3986D58ACC35A38777A490BC3A4D371ED9EF4C11367E81A4CCCB132B5CF228D0E99035C3B79BB9FB1283DC871E2BCD33215D52FB32C586FB761EC
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"455727ac-8f60-41fe-9cab-3638f0e906e7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728515934686,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728338979720}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Reputation:unknown
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2818
    Entropy (8bit):5.134492100482342
    Encrypted:false
    SSDEEP:
    MD5:F7BD494BCC4B28AD255872B0CB87E1DA
    SHA1:5B5659E8CF764288AC1E7C677EE2AD4DBC88FF2E
    SHA-256:3AB875B3CCAD93002CA05D08C0A342698CB88CA12F028D0626308976801699C7
    SHA-512:80934A8C9860079521CA53C9C7EA781CC68A3F170F4F1395CBD745946A9271BED13A273EA4454352BD048B2B39A4E6C36617A67AFF7205F4EC2381AB00148F89
    Malicious:false
    Reputation:unknown
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ee46cea7fdbfabcb08fa2617b697beda","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728338978000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"96227af7894545f65bfc187dcf7d8dda","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728338978000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"d3e8e39ff3a1b73a3e4905b1c25fd772","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1082,"ts":1728338978000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"2e4070133df59496f70304fe9ebab35b","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1083,"ts":1728338978000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"d40c64c3f855d89bc18bfea8594d42c7","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1062,"ts":1728338978000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e66c3dc0ce162772bbb25c9698504c54","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.9873833339683666
    Encrypted:false
    SSDEEP:
    MD5:A2DF29D2A3ABDC33B3780A4661D5487C
    SHA1:03C2BEFE3429E4D9FF3AF697407DEAC48CA4E72E
    SHA-256:C73E4E21E56DE737B0068339C1EA58DF83E3CE7C9E39654EC57604B220C595D6
    SHA-512:8B00353EA4C7A351E9D9EC36F2A392CE63925C2FAEEDD873046F33B0F6B07F9C1E6A19F481ED32581CA87ECCC949EAAD610C3CD93CF28EB675CAFD3A27903574
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.3440470207725108
    Encrypted:false
    SSDEEP:
    MD5:95A0300DE597E69DFE2E61B4016D82D1
    SHA1:740C4E7C86D1CDC544AB210A738A85FDE205F5EB
    SHA-256:7797C3C86CD3DC4477F7C2E68E976F4CB371D6E35756383BD8266B3138DC0439
    SHA-512:238F03A22D98A6FE5FCB4790CDB30858810A3CD453C1D91C358BA0670075C1AB7246E7D05BA8282C31691AE7CBCA369EFB3ABCAB5710ED787D4031C8798DF7A3
    Malicious:false
    Reputation:unknown
    Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):231348
    Entropy (8bit):4.384733733956636
    Encrypted:false
    SSDEEP:
    MD5:67EBFDA1BACADF5B99C2644D71575081
    SHA1:D800E9718AB8B60B22A976F851CF93D6D7AEC040
    SHA-256:220D1C63A2F89B0C779D41A0C6740C1CE0BB6517A24D9321721DA82A1ADC811B
    SHA-512:1D61E551082C26DBE842490245A50948617D8716B2A30F1581C3ECFFA88DB38D5A661F598F978E0CB2667328E1EA119DC20416E25CD7EC9D0211EA35965E8E18
    Malicious:false
    Reputation:unknown
    Preview:TH02...... .0d..........SM01X...,...`..............IPM.Activity...........h...............h............H..hL........a.....h...........H..h\cal ...pDat...h.mx.0..........h.zBi...........h........_`Pk...h.yBi@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. h.Z.(..........#h....8.........$h.......8....."h.I......HH....'h..M...........1h.zBi<.........0h....4....Uk../h....h.....UkH..h....p...L.....-h ............+hZ{Bi....@................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with very long lines (65536), with no line terminators
    Category:dropped
    Size (bytes):322260
    Entropy (8bit):4.000299760592446
    Encrypted:false
    SSDEEP:
    MD5:CC90D669144261B198DEAD45AA266572
    SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
    SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
    SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
    Malicious:false
    Reputation:unknown
    Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):10
    Entropy (8bit):2.7219280948873625
    Encrypted:false
    SSDEEP:
    MD5:CFFE95F45DE556726DA13C1B39CC974B
    SHA1:FF4CB9AC27B7877C8010E3E84C3B00210B4CB769
    SHA-256:7A12F6E6727979ED70D2B75A49D7F119AE2C06FAB4FDE18D823EDC40B62800B3
    SHA-512:83691407EA40BEC7A56A35A794B5173AB8BE29D1676E50E28F074515B6E28305EEB898BB4FAE737A31D3F944CCAC97CE44A9B8DEB4D73AAB2DC40BBE54DBB3BF
    Malicious:false
    Reputation:unknown
    Preview:1728338962

    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\41E4CBA4-6126-43D3-96D9-40587A32129D

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):177810
    Entropy (8bit):5.2872000886939
    Encrypted:false
    SSDEEP:
    MD5:E50B6EE6C18B689B5B6AF30B641FFC10
    SHA1:2EA9914B13F7612E556561E927B0BE97949DABDA
    SHA-256:5AA02E90842D5F286F9A516749379B2B95C645396E5A42008A2471D6B4F180C2
    SHA-512:AAABA575A002DB1F23521EE7D70B63502395CE7A7DD37FB203916D217D70C2407FEBAF23F0E736343A9EF7528F93814C44E43F28C991491CBFF9A911DD24AF46
    Malicious:false
    Reputation:unknown
    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-07T22:09:21">.. Build: 16.0.18124.40132-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
    Category:dropped
    Size (bytes):4096
    Entropy (8bit):0.09304735440217722
    Encrypted:false
    SSDEEP:
    MD5:D0DE7DB24F7B0C0FE636B34E253F1562
    SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
    SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
    SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):4616
    Entropy (8bit):0.1384465837476566
    Encrypted:false
    SSDEEP:
    MD5:2918702B58C278A3C3376F5E67F30DC9
    SHA1:A9888EC0562497D8444248790270FDAD8BCB9A65
    SHA-256:282EA1BBA8A05FFD427832714E09B785A2987833C42813588C3FD28A937EC3FA
    SHA-512:D787FCE95C044FF18C6DB740396084BB8E2782FFCB954E9123C945D87E5ADDAA6DBE61F8946799415533A326A9404EC6B42DC4616E341B62066D6B8A3F4786FE
    Malicious:false
    Reputation:unknown
    Preview:.... .c.......l....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):0.04482848510499482
    Encrypted:false
    SSDEEP:
    MD5:FC5865AA21D2FCE6C7B66BFE4A603673
    SHA1:6DEA2E0A942D1895EEA41F989A497FAC98422B89
    SHA-256:44E22A46EDDA65556B926103817A3BCDF7F8CEAB71EC2A9CE0B9A80B7E565824
    SHA-512:61F6AABBD906FF6187894969F595A043B55EE34257D52D92DD5F31448C8A57AFFEE49CBAC800E1AD92C0AB544AAE5D47EC27141BE4931B2BED00EEF38B1BB732
    Malicious:false
    Reputation:unknown
    Preview:..-.......................$+..C=....h..`Z...*...-.......................$+..C=....h..`Z...*.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:SQLite Write-Ahead Log, version 3007000
    Category:dropped
    Size (bytes):45352
    Entropy (8bit):0.395186262961356
    Encrypted:false
    SSDEEP:
    MD5:F4590D131EB54149D69CE89869DDDB74
    SHA1:FB1B371EA7C7564A802EBC489308E3E235791D23
    SHA-256:EFA11BC7CC44D1590A0E1E31A09ABD8FE4C814B0A9A767D3668C387A260999B2
    SHA-512:35645FD308216CEA5ED441929C5D9FE0C8CAEB3003DF8F00C06D41EBC25F98FE055F04DD0F68DF199E5F8F95AFDE1EDEE4ED442F44B2C1EF13AA00D27005B8F0
    Malicious:false
    Reputation:unknown
    Preview:7....-..........=....h....PrN..........=....h..]Sv.._nSQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ENIKZ14D\Wiley Receipt 9300207546 (002).PDF

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:PDF document, version 1.6 (zip deflate encoded)
    Category:dropped
    Size (bytes):25755
    Entropy (8bit):6.996161606929174
    Encrypted:false
    SSDEEP:
    MD5:0F1C49373DA59F0DDBE21C709B5A7E0B
    SHA1:9464AEA490CD2D3DB4A0D11BE01F62F9D88DC974
    SHA-256:A3907EC3952EEC03F9AE1FC0E430E90229DBDEDE77AE1A49B71B0941986F0D2A
    SHA-512:61F6F4521F75013B40BF5BD4B6C968E8EC583678D4860D84AB1F2CB4FB2EBFDD91486D8D4F4CAD7DE597D6DAEE7057D6117689CFD0EA7DB9BB581E6BA3CE5213
    Malicious:false
    Reputation:unknown
    Preview:%PDF-1.6.%......509 0 obj.<</Filter/FlateDecode/First 1679/Length 2911/N 200/Type/ObjStm>>stream..h.Yko.7..+.....|^.E...n.<6..n....g6+..YN......R.....vFC...9w.t....)=...t.6./.A{....h0Z..`..n01..._...lT....~.......d`.....)...q.Cp.m.&=..[\...d.h.\.b./...~.\=..j..0Dx.0"...GZ..I...Y.....qD`.D......pQ..D.......j0.s......<...x.......DQ@`.x.p.<.../*..x.....4 N.....=2.D...F.'.D....5..+Z{7xBHH..z.|#....."D$.S.......F..t.9.#).H.B.....<.Z.$.J....1j..j)..j...<.N`a.p...7#t....Q...!........}...yH....p.... ......Xo..XoA....4..;$..7.~..x....H".j<. .&.!..#8RJ.*.A.....V._...P.p.XHC.W.B9...5....%...B....I..|..e......DP.J...@...(.T...UZ......0.~`+)Dla.3(.%.%n...@l.HX.d...........uu.....P........DT .c1..;.....6..7"}..+Q. .....-P...Q...L....4n.Up.4...i...$.....&....I.p,7@..1i.^|F..Y......}..Q<..3..g.N|.QT.e.(L..."....(.V.(.....(Bz.(. ..@.F..... ...0I..n..a^....NZ.d..pL..I..D.........9@fiD.[..A.BH.Cn`...HEI.X4'\.:+I...ubi..'..Z.!.4%iMP..rCw.j..q............Ec....`...##.C.tH.

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ENIKZ14D\Wiley Receipt 9300207546 (002).PDF:Zone.Identifier

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with CRLF line terminators
    Category:modified
    Size (bytes):26
    Entropy (8bit):3.95006375643621
    Encrypted:false
    SSDEEP:
    MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
    SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
    SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
    SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
    Malicious:false
    Reputation:unknown
    Preview:[ZoneTransfer]..ZoneId=3..

    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728338959177190300_012C3135-36C8-4732-BC67-9DC261D8A27D.log

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with very long lines (28729), with CRLF line terminators
    Category:dropped
    Size (bytes):20971520
    Entropy (8bit):0.1609766421344188
    Encrypted:false
    SSDEEP:
    MD5:50215B217A403017F2AEF01EFC0F8125
    SHA1:F6677B454DECCE4B00AEEAAD2234E9E7D1FD23BB
    SHA-256:FBFEBC933B2CB2A78DC83E82F880C641A40790D0FDDCB73750DB2D0B7D5C4B9D
    SHA-512:086E2C20DB05BDFC49F9D3C267231CD7D6A86561FBBE2AF230E76959EA267BE1585DF44E8C0C48D01F04F539D2126E117735D47F8C464E39BFC629B4331954D6
    Malicious:false
    Reputation:unknown
    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/07/2024 22:09:19.222.OUTLOOK (0x1AD8).0x1ADC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-10-07T22:09:19.222Z","Contract":"Office.System.Activity","Activity.CV":"NTEsAcg2Mke8Z53CYdiifQ.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/07/2024 22:09:19.237.OUTLOOK (0x1AD8).0x1ADC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-10-07T22:09:19.237Z","Contract":"Office.System.Activity","Activity.CV":"NTEsAcg2Mke8Z53CYdiifQ.4.10","Activity.Duration":10627,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728338959178274200_012C3135-36C8-4732-BC67-9DC261D8A27D.log

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):20971520
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSIebfc8.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5162684137903053
    Encrypted:false
    SSDEEP:
    MD5:D7CD3F4F5EE0D9F84F00775258DFBE2E
    SHA1:7BB416CBCE79011BF9A7DCC79D3E3E9916B6A349
    SHA-256:D10A75909613A73146F162335674CF50E582C3FBE712FF012AF09FE4E9C6BA06
    SHA-512:E27367F251C1CF0185BC5B3FE9BAD0F5D7543E7BAA1CCB02D89891DC45DE3F0800ADA6AB70D2983E1E18A28DCB43482CE49284AFC2A50E10FA71C86400115067
    Malicious:false
    Reputation:unknown
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.8.:.0.9.:.4.0. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T1809180949-6872.etl

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:modified
    Size (bytes):106496
    Entropy (8bit):4.502348186922569
    Encrypted:false
    SSDEEP:
    MD5:EBF2ECFB9FC44CA210C3C346C838AC0A
    SHA1:DA1AAB4B2397707F0602A67DA1B7834445653CB4
    SHA-256:707994E9D1CB88127ED7FC1458727CBCA7C9C14F23020B62FD41C4F53E5792B4
    SHA-512:8A6F2AC52A8C0B67097E8B6EC59F34E036B3587A3137C05C3715629A4B795B3683B8FC8EF02F983F7339827FAA6D95AB3D3476EB927B577CD53CA0FBA5A8D3C0
    Malicious:false
    Reputation:unknown
    Preview:............................................................................`...........=.=.....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................0.|.Y..........=.=.............v.2._.O.U.T.L.O.O.K.:.1.a.d.8.:.5.8.9.a.3.1.8.0.6.1.8.6.4.e.8.1.9.4.2.c.8.a.f.1.2.3.8.6.7.4.9.8...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.7.T.1.8.0.9.1.8.0.9.4.9.-.6.8.7.2...e.t.l.......P.P.........=.=.............................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-09-35-815.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.353642815103214
    Encrypted:false
    SSDEEP:
    MD5:91F06491552FC977E9E8AF47786EE7C1
    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
    Malicious:false
    Reputation:unknown
    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.422610610714878
    Encrypted:false
    SSDEEP:
    MD5:1B073C2F9983D1BA7F01714F21769971
    SHA1:E231221557B0DDAEB0E66A6D6F2E6AB5EEC587A8
    SHA-256:2E5290D6D0A6CDA1D723B1276914A9F6CA642BCBF255DA2E2B08CA61C943F37A
    SHA-512:99BE10B497160D9B7C7C1A789A07A39D0014283FE3F72E6286105E77AFF7B32C88EEB00368E3EAD616726F748C60353D9C6563E81DF873295576B873EBF3F8E6
    Malicious:false
    Reputation:unknown
    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\0e8f97cc-a61c-471c-b35a-9cdf9367a316.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:
    MD5:1D64D25345DD73F100517644279994E6
    SHA1:DE807F82098D469302955DCBE1A963CD6E887737
    SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
    SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
    Malicious:false
    Reputation:unknown
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\21f3b0b9-ae69-44e6-946b-900e2e35223c.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Reputation:unknown
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    C:\Users\user\AppData\Local\Temp\acrocef_low\5677c4a9-7354-48b5-90b5-6cf12c008345.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:
    MD5:1A39CAAE4C5F8AD2A98F0756FFCBA562
    SHA1:279F2B503A0B10E257674D31532B01EA7DE0473F
    SHA-256:57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
    SHA-512:73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
    Malicious:false
    Reputation:unknown
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\8ac05525-6aa6-4b3b-8291-189e82e961b0.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Reputation:unknown
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:modified
    Size (bytes):30
    Entropy (8bit):1.2389205950315936
    Encrypted:false
    SSDEEP:
    MD5:47C54437F6545DC56F7F95E88821DBC4
    SHA1:339B3A95186F29F70C8AD82FC434C35E3CF540C6
    SHA-256:C6D99584FA8D484600695BC29F4720DDE8C01A9774B8B2F273C10A17C3C451BF
    SHA-512:5884C429AB22CE046B054EE501FF3BD5757942B48E3390F7E19458A982B05A304DB06A0D3A2A58781915CD52E0F4F633483CA5B7671A37A38639066946227F93
    Malicious:false
    Reputation:unknown
    Preview:....O.........................

    C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.6699929933195949
    Encrypted:false
    SSDEEP:
    MD5:14188B65B50B91CB5F017EE050D071A0
    SHA1:05B9640779A16747F2C9DFB766B1625BDAB50D55
    SHA-256:9194946105F0A1169C6A551764775A8231948D8721FC1B2296FF2158F00F4A8F
    SHA-512:982C751B8F312D85DEE53D50E5017CB3D8F2F9580869982679F8D1BF93C0E6ACDDB280C0C705118D269088572975C49F93B4C75C0F1D14AC90FCEAEDEE5B0578
    Malicious:false
    Reputation:unknown
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:Microsoft Outlook email folder (>=2003)
    Category:dropped
    Size (bytes):271360
    Entropy (8bit):3.5931290481535987
    Encrypted:false
    SSDEEP:
    MD5:A345498A27192FA978B24BD19DCFAF14
    SHA1:5007088221428C379DED3F18DB698504F4C3EC8F
    SHA-256:ED42AB5B62F4C94A852F02517FB305E8547B32E3D5EEF4A78FBA446C060040AC
    SHA-512:7C5EF18063DBAAA97DD7A4BBE71AA9AA30502415A7CCF22D107DD937BEE835BC934A3AEF8507DB5167749E07D6D88EB4756B7AF810256B3E03A55B2C1193ED61
    Malicious:false
    Reputation:unknown
    Preview:!BDN....SM......\...............?.......b................@...........@...@...................................@...........................................................................$.......D......@...............>...............;...........................................................................................................................................................................................................................................................................................d.......E.,..1.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):131072
    Entropy (8bit):4.847685637517123
    Encrypted:false
    SSDEEP:
    MD5:8C0D7805F785717685A02C51AA17D491
    SHA1:FD1F23EBCFA94EF72F8E413E7F5190D125749609
    SHA-256:07EE77C4C7A0415327C7981FBB96D087DA3327F66C28A9D1734E74F29E34165E
    SHA-512:269F10B12533775B4EC3DC1B7287BE188EAE4E64975537BE14FBF637382DFA63BC192523E317319DD6EDEEC87EEC23228FC971498E10AB58A1F660F2B176A50F
    Malicious:false
    Reputation:unknown
    Preview:....C...i............Y........................#.!BDN....SM......\...............?.......b................@...........@...@...................................@...........................................................................$.......D......@...............>...............;...........................................................................................................................................................................................................................................................................................d.......E.,..1..Y...........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

    Static File Info

    General

    File type:RFC 822 mail, ASCII text, with very long lines (352), with CRLF line terminators
    Entropy (8bit):6.107431390297279
    TrID:
    • E-Mail message (Var. 5) (54515/1) 100.00%
    File name:phish_alert_iocp_v1.4.48 (19).eml
    File size:53'255 bytes
    MD5:87d182741a2211dc340ba22b94ea0a3e
    SHA1:1b7e0a99537763c1b1a57768338218e8b08ca768
    SHA256:76a8c3dea860c57bd75a372914b0ef1bf60a96463a46171ab532dd4679ba0f50
    SHA512:c5b2371fad43b51ea3d211406f22bab92f75af24f8bd8a566bd17aef4df56c6cc15432f9abd0fa01cd6e2f6412570f026dd8e470fab23741373f0870af106bb6
    SSDEEP:768:oXE25J04uO/HERUAfWthlLGA+JKIiFcBss7ayzj1RSFh/LnsMfIzbKZ61WqL+R5E:oU25JPuOcRUFnlLGAX6ZXgLv846
    TLSH:EA335C389E5E0C64E760B19E16EDBCE7D90C7B4F08E38981723A058D17C909B16DE99F
    File Content Preview:Received: from PH7PR22MB5266.namprd22.prod.outlook.com.. (2603:10b6:510:310::21) by SN7PR22MB3885.namprd22.prod.outlook.com with.. HTTPS; Mon, 7 Oct 2024 21:33:05 +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=vtKeF7

    Static Mail

    General

    Subject:Wiley Receipt: 9300207546
    From:Wiley Customer Service <no-reply@WILEY.COM>
    To:Larry Thompson <lthompson@firstfedweb.com>
    Cc:
    BCC:
    Date:Mon, 07 Oct 2024 14:30:06 -0700
    Communications:
    • [EXTERNAL EMAIL: Take caution with links and attachments. ] Dear Wiley Customer, Attached is your documentation for your most recent transaction with John Wiley & Sons. Thank you for your business, John Wiley & Sons ** Please do not reply to this email, as we are unable to respond from this address -------------------------------------------------------------------------------------------------------------- The contents of this email and any attachments are confidential and intended only for the person or entity to whom it is addressed. If you are not the intended recipient, any use, review, distribution, reproduction or any action taken in reliance upon this message is strictly prohibited. If you received this message in error, please immediately notify the sender and permanently delete all copies of the email and any attachments. --------------------------------------------------------------------------------------------------------------
    Attachments:
    • Wiley Receipt 9300207546.PDF

    Headers

    Key Value
    ReceivedMon, 7 Oct 2024 14:33:06 -0700
    ARC-Seali=1; a=rsa-sha256; d=silversky.com; s=silversky-20150623192408; t=1728336673; cv=none; b=EOn3XMWWyZ7MP95ku4HuQObQNfmWX//cKvO0r32LI4OWOE33vgUo8RVbix8+ndihRTpQwIZqF8gamCTySoc5WIoerjk2Wv/+tHTdDTuQ8Z0VqRQIMKP9GC888MLWc6sm5BonQWsIqliXk1iG6lWhhmQM9Dh9mHVZbS3kt+c6UlE=
    ARC-Message-Signaturei=1; a=rsa-sha256; d=silversky.com; s=silversky-20150623192408; t=1728336673; c=relaxed/simple; bh=iZMTazkdn8wuohNMp9dAhL/FNFKt19E1oNwAdhPkhJw=; h=Date:From:Subject:To; b=Ggt1S1qAc8+ygcbpx3kPZnPB1zv/CKwg7X2znEMjoquUbEosdx43i7vngBrImSQsasN9UgoLiF7+6+tq+HvABYUx9Dl7GB97XeFTER5SqqL2PYorRC4rnDi+xj+msun1d4Lxsx7K4N9kNgIqFhl4kNS5RIxdcX5nobEdHhpKoio=
    ARC-Authentication-Resultsi=1; gwsin.silversky.com; dmarc=pass policy.dmarc=none header.from=WILEY.COM; dkim=pass header.d=wiley.com; spf=pass smtp.mailfrom=WILEY.COM; arc=none smtp.remote-ip=205.220.166.236
    authentication-resultsspf=softfail (sender IP is 165.212.64.87) smtp.mailfrom=WILEY.COM; dkim=pass (signature was verified) header.d=wiley.com;dmarc=pass action=none header.from=WILEY.COM;compauth=pass reason=100
    received-spfSoftFail (protection.outlook.com: domain of transitioning WILEY.COM discourages use of 165.212.64.87 as permitted sender)
    x-usanet-receivedfrom emd2.mbox.net [165.212.64.9] by gws7.mbox.net via mtad (GIT.BUILD.5.0.3133) with ESMTP id 792CJgVEE2000Ms7; Mon, 07 Oct 2024 21:30:29 -0000
    X-USANET-TAP-Score0
    X-USANET-Receivedfrom emd2.mbox.net [165.212.64.9] by gws7.mbox.net via mtad (GIT.BUILD.5.0.3133) with ESMTP id 792CJgVEE2000Ms7; Mon, 07 Oct 2024 21:30:29 -0000
    Authentication-Results-Originalppops.net; spf=softfail smtp.mailfrom=no-reply@WILEY.COM
    x-usanet-routed100 IN-RELAY R:gwsin-int:625
    X-USANET-Routed100 IN-RELAY R:gwsin-int:625
    X-USANET-GWS2-Servicegwsdin-tap preclick-never
    X-USANET-GWS2-Tenantfirstfedweb.com
    X-USANET-GWS2-TagidFF1001
    X-USANET-GWS2-MailFromDnsResultDnsFound
    X-USANET-GWS2-SecurityTLSv1.2;ECDHE-RSA-AES256-GCM-SHA384
    x-usanet-source205.220.166.236 IN no-reply@WILEY.COM mx0a-0053b403.pphosted.com TLS
    x-usanet-msgidXID947CJgVEE5504Xd2
    X-BAEAI-Trust-Score89
    X-BAEAI-Trust-ReasonsSNDRAUTH; PRIORITY; SNDRNEW; DOMRARE,wiley.com; RCPTVIP;
    dkim-signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=wiley.com; h= content-type:date:from:message-id:mime-version:subject:to; s= 10212020-Select1; bh=iZMTazkdn8wuohNMp9dAhL/FNFKt19E1oNwAdhPkhJw =; b=tkKjdxljyIleELMimVsBVjdDCgQYldHnkOwUpmaG6quj1zsU7rnTVQGNsuc k0brdgfb3Tb0De/SZu1egaSWqd7n/guq0fFKRQ37TY4ssUmk27ra6ErL0P8gCt7Y wylqL3W0GiwRmzH4fyUeqSX5ifo/5uF94RbURIhXiy9Yv447r+58JHNAHC5YkSL2 r0F42Xqc0HKpebxolaIRE46CWv6VZq7FldI3oJE4fprNFt5YW9WoEKyKA4QnBd0D u304n0aKJuoJTpEJ+FPlUzREsKRzT1HTHPUDRbuTMZqsTNQUjuUyEg2O+Eif6WG2 Ji0R3D68kxZZbqSmJAR2/GNKj3A==
    ImportanceNormal
    X-Proofpoint-GUIDPJpb_vh7-96JUYlNjNYkhvpaPxgwTrjN
    X-Proofpoint-ORIG-GUIDPJpb_vh7-96JUYlNjNYkhvpaPxgwTrjN
    X-Proofpoint-Virus-Versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01
    X-Proofpoint-Spam-Detailsrule=notspam policy=default score=0 adultscore=0 bulkscore=0 spamscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2409260000 definitions=main-2410070147
    X-Cloudmark-Trackerv=2.4 cv=SPWJV/vH c=1 sm=1 tr=0 ts=670452f6 cx=a_idp_d a=MB3AYM4z36ju7uCAmL1wtA==:117 a=MB3AYM4z36ju7uCAmL1wtA==:17 a=DAUX931o1VcA:10 a=MJHwTsuriLkA:10 a=g8TUdU_LZmEA:10 a=JJsAEOkpCHsKMv8CqgoA:9 a=CjuIK1q_8ugA:10 a=zgiPjhLxNE0A:10 a=y6GQGeDuo7MZ8d4xboMA:9 a=n3BslyFRqc0A:10 a=rls1ZAiwvL0A:10
    X-LASED-VersionAntispam-Engine: 5.1.4, AntispamData: 2024.10.7.210916
    X-LASED-SpamProbability0.085099
    X-LASED-SpamNonSpam
    X-LASED-HitsBODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_10000_PLUS 0.000000, BODY_SIZE_25K_PLUS 0.000000, DATE_TZ_NA 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000, FROM_NAME_PHRASE 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, HTML_ATTACHED_NEG 0.000000, INVOICE_ATTACHMENT 0.100000, KNOWN_MTA_TFX 0.000000, MAY_BE_FORGED 0.000000, MULTIPLE_ATTACHMENTS 0.000000, NO_CTA_URI_FOUND 0.000000, NO_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, PDF_ATTACHED 0.000000, PDF_ATTACHED_1 0.000000, PHISH_TRUSTED_RDNS 0.000000, SENDER_NO_AUTH 0.000000, SUPERLONG_LINE 0.050000, SUSP_DH_NEG 0.000000, SXL_IP_TFX_WM 0.000000, TRANSACTIONAL 0.000000, X_PRIORITY_HIGH 0.000000, __ATTACHMENT_NOT_IMG 0.000000, __ATTACHMENT_PHRASE 0.000000, __ATTACHMENT_SIZE_25_50K 0.000000, __ATTACH_CTE_BASE64 0.000000, __ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __BODY_NO_MAILTO 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_MIXED 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FOOTER_DISCLAIMER 0.000000, __FRAUD_INTRO 0.000000, __FRAUD_URGENCY 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FROM_NOREPLY 0.000000, __FUR_HEADER 0.000000, __FUR_RDNS_PROOFPOINT 0.000000, __HAS_ATTACHMENT 0.000000, __HAS_ATTACHMENT1 0.000000, __HAS_ATTACHMENT2 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_X_MAILER 0.000000, __HAS_X_PRIORITY 0.000000, __HTML_ATTACHED_BOUND_NEG 0.000000, __INVOICE_MULTILINGUAL 0.000000, __MIME_ATTACHMENT_1_N 0.000000, __MIME_ATTACHMENT_N_1 0.000000, __MIME_ATTACHMENT_N_2 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MSGID_32_64_CAPS 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_PHRASE7 0.000000, __PHISH_SPEAR_GREETING 0.000000, __RCVD_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SEO_WEBSITE 0.000000, __SPEAR_FROM_NAME 0.000000, __STOCK_CRUFT 0.000000, __SUBJ_TRANSACTIONAL 0.000000, __SUBJ_TR_GEN 0.000000, __THANKING_PHRASE 0.000000, __TO_MALFORMED_2 0.000000, __TO_NO_NAME 0.000000, __URI_NO_MAILTO 0.000000, __X_PRI_HI 0.000000
    X-LASED-ImpersonationFalse
    X-Sophos-Tracker0.085099 fd4a6c31a6a87697ee53abb7b8e9f5e089d3fa86
    X-BAEAI-Source-GeoIP"US" "N/A" "N/A"
    X-BAEAI-SPFPASS
    X-BAEAI-DKIMPASS
    X-BAEAI-DMARCpass
    X-SilverSky-ARCnone
    X-BAEAI-Authentication-Ratingstrong
    X-BAEAI-Trust-Levelgreen
    Return-Pathno-reply@WILEY.COM
    X-MS-Exchange-Organization-ExpirationStartTime07 Oct 2024 21:31:14.4948 (UTC)
    X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
    X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
    X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
    X-MS-Exchange-Organization-Network-Message-Id 42efc625-5a76-4169-805e-08dce7175f10
    X-EOPAttributedMessage0
    X-EOPTenantAttributedMessage3778f0b2-789a-4d43-b25e-d4fe25a4c3c0:0
    X-MS-Exchange-Organization-MessageDirectionalityIncoming
    x-ms-publictraffictypeEmail
    X-MS-TrafficTypeDiagnostic BN2PEPF000044A1:EE_|PH7PR22MB5266:EE_|SN7PR22MB3885:EE_
    x-ms-exchange-organization-authsource BN2PEPF000044A1.namprd02.prod.outlook.com
    x-ms-exchange-organization-authasAnonymous
    X-MS-Office365-Filtering-Correlation-Id 42efc625-5a76-4169-805e-08dce7175f10
    X-MS-Exchange-AtpMessagePropertiesSA|SL
    X-MS-Exchange-Organization-SCL-1
    X-MS-Exchange-Organization-BypassClutter$true
    X-Microsoft-Antispam BCL:0;ARA:13230040|12012899012|2092899012|5062899012|3072899012|82310400026|3613699012;
    x-forefront-antispam-report CIP:165.212.64.87;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:postin03.mbox.net;PTR:postin03.mbox.net;CAT:NONE;SFS:(13230040)(12012899012)(2092899012)(5062899012)(3072899012)(82310400026)(3613699012);DIR:INB;
    X-MS-Exchange-CrossTenant-OriginalArrivalTime07 Oct 2024 21:31:14.2761 (UTC)
    X-MS-Exchange-CrossTenant-Network-Message-Id 42efc625-5a76-4169-805e-08dce7175f10
    X-MS-Exchange-CrossTenant-Id3778f0b2-789a-4d43-b25e-d4fe25a4c3c0
    X-MS-Exchange-CrossTenant-AuthSource BN2PEPF000044A1.namprd02.prod.outlook.com
    X-MS-Exchange-CrossTenant-AuthAsAnonymous
    X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
    X-MS-Exchange-Transport-CrossTenantHeadersStampedPH7PR22MB5266
    X-MS-Exchange-Transport-EndToEndLatency00:01:51.2519647
    X-MS-Exchange-Processed-By-BccFoldering15.20.8026.020
    X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
    X-Microsoft-Antispam-Message-Info O54nVe1paQSLoeENoTkyBToiGjyxKFXQuhNPYuRb4baejHmvKE1WetbJzlp8Eeeu8yrHmqHz8PCk+aquJ2N7FZEGGJx/lP2P6njvuKuML6kSbxp1iGgpwKMUUF1+sehniIfMzPdWVQsm8pwEDfWVCEL7AQNdVblWhm8Z+UAd5+iGLson1RlgTO1SKcC530+EXnxzn6mOKaekGx2aQ9I8UF05H/UmgElqLIxUFjNluYfaDSdAOzY8RX3WSz3zkLyJCy12ZSHs3ojQ9xNdHG4vmIIhBjoKLGGjFxI8FCflhZ7w7gKtR4YDdEq4n8fm2F7cieZBtDoyhMY1+W6ZXCYk773kkGrRBCnl58qTYNJyQbu1Z8BNpKypGwoJYjoYgnd6uyfOWa8S/6Tom91mkgwhNAYwOKx4gohK+iz6hVUdDcTJ3sFak3WEZcGr6yL6G/3RGvxjbOZwMUCZrjkpFXToLaFw9c6hQ6neiO5X7Lc26J4rRINUlGtP+9WQRd77wRHBYvbwBiyqRoaQkuTEjzexAbmIq1rYWkHxtR4oFDMAzT/ewLKknvduBFv25RfF42WkDiVa3I+K7qsvT5CIeVENAy4PzZLulWnYdmD+NVzCzL11F5wMDRjhOpcC783FNN8qGXuJeutk07N7bPchBbaRmNqVxP5viYSqJY8fj+w3AijnmrTd5qTnIFq4EL3Yd4lcWSFtPFmLUgBTN+lAG98i/LgkD0MCvCf/spJ4DzsTx3mNeTXvgyd1DGYx9U8bxEDQi2qIivJlb2R92FulWEEXiaRnWqWNaM5iEgNCCzG3A57u5Ok/pLUWGLImhxFcsuQzS5lM4yL9XvB0rDIxDGAO49cXtLd2JvRXGkCl/voXZ6AjPhKBAUzdiKfP8Z6O1/PzIIH1bw6s5lyyjkzgeSt8aYLNpHOBUb4Qckl26HbRC9naPBPlhJlxxVUWEX5MFm+dG9SSii0VLm9XrjP96djvUD8jW/9KA/ykargeOEo2r6M1Z2yRXbthB6Itqv2cdurNJhsUX135CWJhPy9s1YyCLe0kOqjy96knWVrCHQy4f+Troearia1uDxB0DG9IXCRb/0xAxsJdTUgbHuzOx+Pf7nyyGbYNXqb4hDdM/+VcGb+7Uu0IzjNwoc2nFyrohATLbs6aH2+QWG4WK9RwyCwiITjmlJcfMi/aD1AMURCEGGarBpTEa8dRkZDzRwJrmoAO4eUsmqBbhYuDI1g7nbeQOkOx76hi3/gQsnZrKbau42TpeHptiVHjJLBeS3zR4bK+md1RoeHrV1dMBDcSypAMl4B4oFflXmejWCYYjW3lF0pbQ8I2YSHBeBzqo4LYn3f0fBXzENn6oGEID/wxBAivGcUja2Mq2CKvXLQazMKR6xCInx4EpNFfyTjt6Vu9mDdlJQUpMGUp5B4vTKIjGK1wgZ2jpKVnGBMZ2Yid6L1AbSuP6hJ4P2E3eQGqcDsMCfrrbQSxKNBq4RJhts03E4NqSWhUu40u5okSYaqJEWXULBjf/+KXueFw1xN/yR3ADAwRCaiC3bSZS6tIY9Yvgvfge+NMDDtCE2GS38Cj6qVz9b1CrPRIloPbQnyveGHUnOqPrPxZKqoF7Z2FtEtww34TBwcLxR2UaUkjwz5EFwMFk3kKaYC82JqksoVj3MYFuDsG28cTVUQDEeTTPSeibSI95DOipQKvERnvseeV7FuxH3hF7jlMZauee+Prc0QIM9K6I5UJ9RaDEXLhYaJtspNB41gmTlvmn8yC9iTthfHmMvmvGOvkrTP5H/aMaKICHv1R1WsESE2CYXAamAiOalnK+O9eWuJ+VYzdGiQCFSyImrvtKvze50XlpXPp+l6cmc1uq9WjMfJAtp0gHtkbYJMr9zboGjyLuCYuqa2J4EhHxj3um26gov1Yt+X08w1hvfz3fPTXdXav6EKQofRxuBbtD4f5/TUy9m8W1bLBzV15dz7f+1gIVZhYFQuaeIuYR3cDDVlbI1W8AhL5VMAxyW+PlrzKN6asuTalcsasowDcW+TvVdN41iNeoqO+OslptRu1VXunWk/WaQwSMseucMyH+wZHc08VjQHw4LDXX5oPDPxETPynGq9fm3xe5HjXkTvnANsMWM9lFjdYxWBoI4KVKosgVwFiTghGyvjtNFshMnu9sF0wm++5lLAGEqXPdjwsRFRH1EA6j1eY7VC6u13xTPRCsNo+uy1NPwPNk75Jztg=
    x-ms-exchange-organization-originalclientipaddress165.212.64.87
    x-ms-exchange-organization-originalserveripaddress10.167.243.152
    X-Priority3
    X-MSMail-PriorityNormal
    Thread-IndexAQHbGQB+lw7ZsBytfkGLnMgnYRc6Cg==
    Message-ID <ADR49000000760759400005056896FCA1EDFA19E6BE89BF449B8@WILEY.COM>
    FromWiley Customer Service <no-reply@WILEY.COM>
    ToLarry Thompson <lthompson@firstfedweb.com>
    SubjectWiley Receipt: 9300207546
    DateMon, 07 Oct 2024 14:30:06 -0700
    MIME-Version1.0
    Content-typeMultipart/mixed; charset="us-ascii"; boundary="00B0FEED_message_boundary"
    Content-DescriptionMultipart message

    File Icon

    Icon Hash:46070c0a8e0c67d6