Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml

Overview

General Information

Sample name:Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml
Analysis ID:1529325
MD5:4277402f0f8e64fceaa82e1cc90aeba6
SHA1:6beda0fe292fd63f1053233f2b23ed14478f368e
SHA256:093e125920085275e5721961bb35039022950fa5729da3e5c6744f3adf31f8cb
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 1044 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3748 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "99C40A0F-776A-487C-8E8D-11929B287FEE" "A3741322-3BCF-4797-9D59-E5629B96B74B" "1044" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 6244 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LLD12K7J\Adfast Canada Request For Proposal (RFP) ID#9009.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6488 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6724 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=1552,i,11549516063796973626,5176606462275450794,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 1044, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\SearchToolbarsDisabled
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LLD12K7J\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 1044, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll
Source: classification engineClassification label: clean1.winEML@19/38@0/6
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241008T1508350184-1044.etl
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "99C40A0F-776A-487C-8E8D-11929B287FEE" "A3741322-3BCF-4797-9D59-E5629B96B74B" "1044" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LLD12K7J\Adfast Canada Request For Proposal (RFP) ID#9009.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=1552,i,11549516063796973626,5176606462275450794,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "99C40A0F-776A-487C-8E8D-11929B287FEE" "A3741322-3BCF-4797-9D59-E5629B96B74B" "1044" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LLD12K7J\Adfast Canada Request For Proposal (RFP) ID#9009.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=1552,i,11549516063796973626,5176606462275450794,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
52.113.194.132
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
2.19.11.102
unknownEuropean Union
719ELISA-ASHelsinkiFinlandEUfalse
52.109.28.46
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.109.68.130
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
184.28.90.27
unknownUnited States
16625AKAMAI-ASUSfalse
13.89.178.26
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1529325
Start date and time:2024-10-08 21:07:56 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:14
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml
Detection:CLEAN
Classification:clean1.winEML@19/38@0/6
Cookbook Comments:
  • Found application associated with file extension: .eml

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 184.28.90.27, 2.19.11.102, 2.19.11.103, 52.109.68.130, 13.89.178.26
  • Excluded domains from analysis (whitelisted): omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, onedscolprdcus00.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, frc-azsc-000.odc.officeapps.live.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-frc-bronze-azsc-000.francecentral.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, prod.odcsm1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtReadFile calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.
  • Report size getting too big, too many NtSetValueKey calls found.
  • Timeout during stream target processing, analysis might miss dynamic analysis data
  • VT rate limit hit for: Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml

LLM Input / Output

InputOutput
URL: Email Model: jbxai
{
"brand":["Adfast Canada"],
"contains_trigger_text":true,
"trigger_text":"Please find attached an important RFP (request for proposal) from Adfast Canada which requires your attention.",
"prominent_button_name":"Allow sender",
"text_input_field_labels":["File access key: rfp"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"text":"Ce message a t envoy de l'extrieur de l'organisation - This message was sent from outside your organization. Please advise if this is spam or a virus Drew Hauser Director of Design & Business Development Hons. Vis. Arts,
 B.Arch.,
 OAA,
 FRAIC,
 AIA,
 CAHP Cell 289.260.1171 From: Nils Keschtkar <nils.keschtkar@adfastcorp.com> Sent: Tuesday,
 October 8,
 2024 2:43:14 PM Subject: Adfast Canada Request For Proposal (RFP) ID#9009 Bonjour,
 Veuillez trouver ci-joint une RFP (demande de proposition) importante de Adfast Canada qui requiert votre attention. Cl d'accs au fichier : rfp [ID RFP #9009] Publi : 7 octobre 2024 Date limite de soumission : 31 octobre 2024 In English: Good morning,
 Please find attached an important RFP (request for proposal) from Adfast Canada which requires your attention. File access key: rfp [RFP ID #9009] Published: October 7,
 2024 Submission deadline: October 31,
 2024 Thanks,
 Nils Keschtkar Business Development Representative/Project Manager Nils.Keschtkar@adfastcorp.com 2685 rue Diab Montreal H4S1E7 QC Tel (514) 337-7307 ext:7054 www.adfastcorp.com",
"has_visible_qrcode":false}

Created / dropped Files

C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):118
Entropy (8bit):3.5700810731231707
Encrypted:false
SSDEEP:
MD5:573220372DA4ED487441611079B623CD
SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
Malicious:false
Reputation:unknown
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):294
Entropy (8bit):5.153822439869807
Encrypted:false
SSDEEP:
MD5:AE0959250BDE37DDFC13F44F4FDE4C1B
SHA1:7D518D846F52B486DF347BE08FBCE65A8BBEB620
SHA-256:F34305B026262DE01B6A0891F0B503BF2B9971F6F683B4E6F0534A59403B917B
SHA-512:39F5AC64652ACB8EA058301AAA10A6270C1DEEE03B588B24FE486FFA75852D977E89DF71F298A194556F7B79A03506F008821D7BDD68BF7AF8139BF6B77FA8E8
Malicious:false
Reputation:unknown
Preview:2024/10/08-15:08:50.709 19b0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/08-15:08:50.710 19b0 Recovering log #3.2024/10/08-15:08:50.711 19b0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):338
Entropy (8bit):5.1538766241041705
Encrypted:false
SSDEEP:
MD5:9E86179230019BDC88A595284ABA517C
SHA1:54837B5CF79709F56E48EA5BB2F560AFA006B6A0
SHA-256:95E0F504803917FB21E815A8E60DF72B15825737A3E8BD46262C5538E52007BC
SHA-512:B68A332274FAFD8C9408C9A12212C216489AEF4C5470FE9CDCBC30FB2919032C8A1B074060BE74BE5286F3AB58368088AEE2EE9BA4E23CEB2541031771EBEC1C
Malicious:false
Reputation:unknown
Preview:2024/10/08-15:08:50.629 1a58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/08-15:08:50.632 1a58 Recovering log #3.2024/10/08-15:08:50.632 1a58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1d310dc6-eed5-4ac5-94cc-9b5ce214fd4a.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):266
Entropy (8bit):4.8399217827843
Encrypted:false
SSDEEP:
MD5:189D1E7452200FB5F191CA4C9612EEA9
SHA1:946C6758AFEC0895387158C16B7DBC0CAEDC6ABE
SHA-256:1BCC5FA9D73827B9F71217A320DA24E399596699AD273F6B2D5C430058E75B74
SHA-512:7F325B33BAEC7001241643BED036D81D4A15280A646E4D76598FF67E210A401943967C3EBC60183A483E52DC020995E3059AF09DEE2EE5505CAAE52F1756F8E7
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:189D1E7452200FB5F191CA4C9612EEA9
SHA1:946C6758AFEC0895387158C16B7DBC0CAEDC6ABE
SHA-256:1BCC5FA9D73827B9F71217A320DA24E399596699AD273F6B2D5C430058E75B74
SHA-512:7F325B33BAEC7001241643BED036D81D4A15280A646E4D76598FF67E210A401943967C3EBC60183A483E52DC020995E3059AF09DEE2EE5505CAAE52F1756F8E7
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):6678
Entropy (8bit):5.243105497601438
Encrypted:false
SSDEEP:
MD5:1BA911249419BBA7DD5C334035C55E4E
SHA1:4A5265D23AC5436A5E742FB311950EC5635E6408
SHA-256:7D59526A9B02A3765D052AA1070B468DA24070EAAD3847455673972F197E9FEC
SHA-512:826D2788E825FD181E6DF4EB28A2FF290550657683BB286B64CA8B709E0751F9E608BB2DD81E84D9CF8A0E3D901F3223BF81FD14ED412BA1833E71F580C05E80
Malicious:false
Reputation:unknown
Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):326
Entropy (8bit):5.146482779828938
Encrypted:false
SSDEEP:
MD5:7154D2543AEAF0D808CB0DDFA7179B6C
SHA1:C35D28B04B1216F0192EFEDE33F3C6D1648F9805
SHA-256:39B9A5A185519D33E7ACD6FEBBC40099269373C00C82F18218FF6B6FE4C2D241
SHA-512:B97AD818DAE24DD811BF85FE536C9715095CD73A0797A6950AA12776790398F9E61B93598D2D35AF2953BD44E9A9934B602FCBD124B5BB10933584D4940D6ED6
Malicious:false
Reputation:unknown
Preview:2024/10/08-15:08:50.755 1a58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/08-15:08:50.757 1a58 Recovering log #3.2024/10/08-15:08:50.759 1a58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6336

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Reputation:unknown
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Reputation:unknown
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):259864
Entropy (8bit):3.202660492858591
Encrypted:false
SSDEEP:
MD5:BE9BCC8BB2DB177C5D0157BDE4A1D3FE
SHA1:31836566F2EBE2EB88519AA3771D24DB439D9457
SHA-256:19D825CC20881511801CAA8DD9107805442C3B7685AF39FF16944287482659AD
SHA-512:6BB9C6B2AD532D72F5B5D687B8D9F04CFBB4DFC62294283DCE484928F20BCAFD21E61798F303FA3CF7288B10CF0F4A6AC2B83E17C55BE9E819A9960ABF61BDCE
Malicious:false
Reputation:unknown
Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Reputation:unknown
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1969
Entropy (8bit):5.048440461942604
Encrypted:false
SSDEEP:
MD5:8484E4DA1AC9B6B94814400A7741E64C
SHA1:607164F77E463A29EA9E5DC7C536109205A8359E
SHA-256:2099864D0A19E93E97184C5FBEAE1FB32502C1DE619FE4076A6199178657BAB4
SHA-512:65408D38A79A7ACAC4D0A559A00EED401926D6C54D1A70B94BD4E36BD3B032B96848BF6BE8B7F31904AE73E101A2145153F69005DCDE659AA9E4FA0E452D05F8
Malicious:false
Reputation:unknown
Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1728414530000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a7d5f1623758b44a6bb1af710a205b8e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696586967000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b0f98dc45482391504041ce5d4455f67","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696586967000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9eb8200575456615765dda2e131b71fc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585522000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"2041266456e181a98e8e0a84e20ab5ca","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696585522000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"d3efd339915bc97d78dbef1d69dfc3c6","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1696585522000},{"id":"Edit_InApp_Aug2020","info":{"dg":"d

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
Category:dropped
Size (bytes):12288
Entropy (8bit):1.3575285153617682
Encrypted:false
SSDEEP:
MD5:1464847484D9FA61F6C9653E28225E7C
SHA1:A3C6851FC8B237099F337225948A32521ACBFF64
SHA-256:755CC17EB249124467B40E3D50270251BF3294B94AFC335E442F3439CB1D39BD
SHA-512:E5A95B24A8F57251C57BE9DF072A32094AE67D8EB62CF4B2A80399350429C41CEF14EEBDBC10313476A0257B3F7E4C38C3C6FB0978C12685DF2E1B8CD64C97F6
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.8309110093885994
Encrypted:false
SSDEEP:
MD5:4376DAEBA12A327B0836BAD488DE7384
SHA1:17AAF7F4160BDA6213FD32E3EEB9C17D0A349A59
SHA-256:E8CA99216BFC8B1A628C401280DA60B39A6E3174604A5ADF8E42170D8575719E
SHA-512:D39EB8BD89096E32A25B0E53210857880399B22DAC2427D81945BF3E49E8AC3D3A6D1808EDE79E449B1ED55A8126D037148B2A4DDCEAE911F708EFBC33A87F9C
Malicious:false
Reputation:unknown
Preview:.... .c.......@+......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):245980
Entropy (8bit):4.211036427230395
Encrypted:false
SSDEEP:
MD5:C82E9E7CF713D194ADA0A8A16F46F400
SHA1:8FEBE01B226FF0DD964CD33D1AE55F28E8055039
SHA-256:A4442206D92C3761ED40F1BD7F2C21E18A73AE6D7A5ADF7A26D0F8B89ABBC629
SHA-512:A43C85CDF3D68948C50709A71D6422424C09A43FAB316BCDA6916F21A6DCBB876985A61CD608E107B99901C5C1726C57B1C10FE769352E2E9BD460E179D52D15
Malicious:false
Reputation:unknown
Preview:TH02...... ....~........SM01........p.n............IPM.TaskRequest.Decline........h...............h............H..hT........@.D...h..........G.H..h\tor ...AppD...h..9.0..........hH["/..4........h........_`.k...h.X"/H...I.+w...h....P...8..k...0....\...............l.........2h...............k...........F..!h.............. h..i|.........#h....8.........$h..G.....@....."h.x4......|4...'h..............1hH["/..........0h..........k../h...........kH..h..4. ...T.....-h ...0.........+h.Z"/4...H.......t.y.-.L.i.c. ..............FS..............FIPM.TaskRequest.Decline.Form.d.dStandard.PM.Task Decline.PM.IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1111110000000000.icrMicrosoft.isThis form is used to decline a task request.........kf...... ..........&...........(.......(... ...@...............................................................................................................................D@..............D@x.............DG...p..........DH..www.wwp.....

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with very long lines (2159), with no line terminators
Category:dropped
Size (bytes):2159
Entropy (8bit):5.108771901994279
Encrypted:false
SSDEEP:
MD5:7D8647769CD3B8FDF0EDACB9C0E04368
SHA1:7D8E1DFE971F10972CD1E1A38D79603BA3B75B93
SHA-256:D1050064829B107EBD67EF9E973ED89FF2EDA47A251CECC147DACA9134F5769A
SHA-512:323B454D0EA0D29137ABDD8968011D700F585142BD001B37445732F80229D59FB22E5A7FAC3EAA3308CF6943D103C53FD3B4D31D511199AD937484A38AE856B5
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>14</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-10-08T19:08:42Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2024-10-08T19:08:42Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:55:52Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215426</Id><LAT>2023-10-06T09:55:52Z</LAT><key>37262344671.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-06T09:55:52Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:55:52Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:JSON data
Category:dropped
Size (bytes):521377
Entropy (8bit):4.9084889265453135
Encrypted:false
SSDEEP:
MD5:C37972CBD8748E2CA6DA205839B16444
SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
Malicious:false
Reputation:unknown
Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Open Sans\21798841561.ttf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegular1.10;1ASC;OpenSans-R
Category:dropped
Size (bytes):217276
Entropy (8bit):6.419567239266024
Encrypted:false
SSDEEP:
MD5:D7D5D4588A9F50C99264BC12E4892A7C
SHA1:513966E260BB7610D47B2329DBA194143831893E
SHA-256:13C03E22A633919BEB2847C58C8285FB8A735EE97097D7C48FD403F8294B05F8
SHA-512:CE9F98208CD818E486A12848B2D64BD14E12D42D84B2E47436A3C4420A242583EEFC4A9B42401B51CC204146C6133645975682E4BB5D48527B3796770EFA3397
Malicious:false
Reputation:unknown
Preview:...........0DSIG..D...;H...tGDEF.&....7(....GPOS.7.7..7H...8GSUB.+=...7.....OS/2.6.........`cmap............cvt .M..........fpgm~a.....<....gasp...#..7.....glyft8.K..$.../.head..cp...<...6hhea...s...t...$hmtx.5<.........kernT+.~..T....6loca)..........Vmaxp.C......... nameH.B.........post.C.l......&+prepC...................Ww.(_.<..........51......+.........b...........................{...............................V......./.\.......................3.......3.....f..................@. [...(....1ASC.@. ...........X ........H..... ...................#...5...+.3.......h...q.....^.R.^.=.j.V...h...?...T.!.........f.......d...^...+.......u...^...h...j.!...!.?...h...w...h.o...1.y...../.....}.....s...!.....}.......T.#.`.....'...9.......;.}.....;.}.....d.j.m...........h.......{.....R...........3.V.1.........s.^.......s...s.}.s.....b.'.............3.......q.........s.......s.D.....j.............9...1.'.......R...=.h.....H...h.....#.........?...{.....h...!.{...5...d...F...R...h...T...d.....m.....h

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Open Sans\23165521968.ttf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansBold1.10;1ASC;OpenSans-Bold
Category:dropped
Size (bytes):224452
Entropy (8bit):6.418018034788758
Encrypted:false
SSDEEP:
MD5:F5331CB6372B6C0D8BAF2DD7E200498C
SHA1:8387D4F8E061C264DC3AEBEBE6068B66E45D7C6F
SHA-256:1B43DE2449D39B65FF6F63315D4AFDA585F72FBBEC2E3D9A56F59DE6C75149D3
SHA-512:B534A27EE82942784155E087FF2A546AB6EAA7A6CDD1C449687B97DCEE2028D3ABF6F9B0A7459667797DFAEDA30C0342C01DB0F2826F7E80B6B9CCDC9902166A
Malicious:false
Reputation:unknown
Preview:...........0DSIG..t:..WP...tGDEF.&....S0....GPOS.7.7..SP...8GSUB.+=...S.....OS/2.m.........`cmap............cvt .-..........fpgm.s.u...<....gasp......S$....glyf......%...K.head.%I....<...6hhea.).R...t...$hmtx$...........kernT+.~..p....6loca..`+.......Vmaxp.5......... nameo)8...'.....post.C.l..,...&+prep...k.................4S_.<..........B.......+.....................................y...............................X......./.\.......................3.......3.....f..................@. [...(....1ASC. . ...........X ........^..... ...................J.u.....+.-...X.5.?...R.!.....R...=.\.?...X.R.?...=.H.u.N.....J...y...N...N...#...d...H...7...H...B.H.u.R.?...X...X...X.....-.f.....`.....w.....{...d.....w.......B...h.P...............^.w.....^.w.H...h.^...).....3.......V.........1.....N.....3.B...J.....L...V.......\...\...\...).....B...q...q.}.....q.......B.....\.......\.......\.y./.B.....................7.'...h...'.R...X.....J.u.......R...q.....h.....j.......d.../...R...X...=...d.....m.\...X

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
Category:dropped
Size (bytes):773040
Entropy (8bit):6.55939673749297
Encrypted:false
SSDEEP:
MD5:4296A064B917926682E7EED650D4A745
SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
Malicious:false
Reputation:unknown
Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (65536), with no line terminators
Category:dropped
Size (bytes):322260
Entropy (8bit):4.000299760592446
Encrypted:false
SSDEEP:
MD5:CC90D669144261B198DEAD45AA266572
SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
Malicious:false
Reputation:unknown
Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):10
Entropy (8bit):2.4464393446710155
Encrypted:false
SSDEEP:
MD5:5685ACDA068996814E30049F84ECF33D
SHA1:094C85323D5F455C79A9C781E0546D574883AA76
SHA-256:57F64E3416173B950F7574586D8C0F0D9803B64912E78A450E186E57E05D9A3C
SHA-512:ACCD84A5EE258059755B2709A907C878C2A4429902A0888A4C4F5700025B230502775882EF4C0A6083F37A290D5C93B2B2BA475FBDD2EBDF6D2DF9C8CF772EC7
Malicious:false
Reputation:unknown
Preview:1728414524

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\46CCCB43-45EC-4403-8E9B-79696940D29A

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):177810
Entropy (8bit):5.287216901012841
Encrypted:false
SSDEEP:
MD5:EF1EC099292213D2B4413246C8AF6A1C
SHA1:F3DD520FEACDBC4927B082BFC16DC91FE6EFD32E
SHA-256:1EB137DD713E1AE67F1FEF5284EE3E96FDE0ADCF484A711B371A77299B2C1066
SHA-512:0A984EFB5C1A5C3F3C174EDC079D59C5F6588E46CDD7055325206868DB4EEE9D69AAE9681914646336CC8F3675A2FABCE59631ADF8ECC911128A3D65254ED217
Malicious:false
Reputation:unknown
Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-08T19:08:41">.. Build: 16.0.18124.40132-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.04489304881463721
Encrypted:false
SSDEEP:
MD5:7DD96A81EA515F1075B7A50E360AB835
SHA1:8817E2A482BE4842365088FAC084AC6220E961C5
SHA-256:29AA3FF9F7AE20A76D151F272CFD41EF643114F7421DA93C1270EAF606F04F00
SHA-512:475D2BB242A53E7BD3972721D8F62C48810F39417511FEFF3BF3EAD4FFE464892748D3E33D765C85905F5B9CAF8B34E90B72AA8475C06C909CA091AB38409C34
Malicious:false
Reputation:unknown
Preview:..-..........................|.U....k..Y..k..S..-..........................|.U....k..Y..k..S........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Write-Ahead Log, version 3007000
Category:dropped
Size (bytes):49472
Entropy (8bit):0.4849706447255319
Encrypted:false
SSDEEP:
MD5:42DDE42D9089A39A5D4B21B3FB53271A
SHA1:3FF3DC4458F598ADCDFBD8E2F015E3B712F8E69C
SHA-256:0063336CDDEC7DCB97DA60C347979D818D82C669A217D2ACCED11D8197F485B8
SHA-512:A50194CF08536E88EAB5179A2C46621B03791FB9E1FD7FAA65AF7721066049E6936E8DECF206A8CEE055F572AF5FE12C194786A4401EC32DA45AA934F27F6BD9
Malicious:false
Reputation:unknown
Preview:7....-..............k..Y....l..............k..Yp.U.eZ.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LLD12K7J\Adfast Canada Request For Proposal (RFP) ID#9009.pdf:Zone.Identifier

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):26
Entropy (8bit):3.95006375643621
Encrypted:false
SSDEEP:
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:false
Reputation:unknown
Preview:[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{4FBA726E-1413-4A34-9246-A7635A10E0BA}.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):16804
Entropy (8bit):3.7063670775696
Encrypted:false
SSDEEP:
MD5:F8319DD346E3B524CAB2E4C38F4ADB62
SHA1:2E4F76087AEEEA84907DBCC6C04F498B4D10019A
SHA-256:C6A74045EF55330AC689B4B34DE16D3A9D017B4CC5F33F49DB73A2E8311ACA1F
SHA-512:28E17C06368000D1D9744CD12D2724C8B8020182C5514599032CA7B4E2EA34501B15506867C5874DD5AE0D5AC8CAE641DE549F9EE1239FA3697A5B70FB9985C8
Malicious:false
Reputation:unknown
Preview:....P.l.e.a.s.e. .a.d.v.i.s.e. .i.f. .t.h.i.s. .i.s. .s.p.a.m. .o.r. .a. .v.i.r.u.s. .D.r.e.w. .H.a.u.s.e.r. .D.i.r.e.c.t.o.r. .o.f. .D.e.s.i.g.n. .&. .........................................................................................................................................................................................................................................................................................................................................................................................................r...v...........`...d...f...............................................................................................................................................................................................................................................d............-D..M............[$.\$.....d,...........-D..M............[$.\$............-D..M............[$.\$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4........a..

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728414519562687900_EEE10F61-8964-4FDA-9F00-4F7FDEF43855.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (28793), with CRLF line terminators
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.18564750567319296
Encrypted:false
SSDEEP:
MD5:A176708737AC347E545941C1C4677501
SHA1:2F32A59E5A5708F913462EC5C0CCDB1D5E21B800
SHA-256:C10B66DF24E5E740EFBE0FAAC49E3B296E28C49A5F7A221E2CA76E15BFA9D386
SHA-512:F70B8A5C9BE155A2F2646B244CADE3DBB27217BD98184C5C5CFF2C4DA0D392F5E2899C3DF4F6BBEB41134FE7FC2F100C9DD3089F8CF0CD7B89FD00C1BFE07E34
Malicious:false
Reputation:unknown
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/08/2024 19:08:39.596.OUTLOOK (0x414).0xE50.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-10-08T19:08:39.596Z","Contract":"Office.System.Activity","Activity.CV":"YQ/h7mSJ2k+fAE9/3vQ4VQ.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/08/2024 19:08:39.612.OUTLOOK (0x414).0xE50.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-10-08T19:08:39.612Z","Contract":"Office.System.Activity","Activity.CV":"YQ/h7mSJ2k+fAE9/3vQ4VQ.4.10","Activity.Duration":13245,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVersi

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728414519563422000_EEE10F61-8964-4FDA-9F00-4F7FDEF43855.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241008T1508350184-1044.etl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):98304
Entropy (8bit):4.46126909393952
Encrypted:false
SSDEEP:
MD5:B7F48FD24355F545393603143FC8E158
SHA1:9D16AE5AE64F70766B2A5E509AE13C52DD0B131C
SHA-256:D5FFCA6307367D5B8096FB08C075E273B16F1A825D07642DEF801BE29F542BC2
SHA-512:56997D4A921389BCBEEC97820151F71608CE88596DD8C755C53321CFD87C8E1BC7E5B48997A5DF3A1C45A86A710285BB864B091367620C8F02E42BCD91E34380
Malicious:false
Reputation:unknown
Preview:............................................................................b...P.........Dy....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y............Dy............v.2._.O.U.T.L.O.O.K.:.4.1.4.:.d.a.8.5.8.7.0.c.0.f.5.6.4.e.0.8.9.d.9.f.1.e.e.d.f.0.1.7.d.7.7.8...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.8.T.1.5.0.8.3.5.0.1.8.4.-.1.0.4.4...e.t.l.............P.P.P.........Dy....................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 15-08-50-081.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.359827924713262
Encrypted:false
SSDEEP:
MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
Malicious:false
Reputation:unknown
Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):16603
Entropy (8bit):5.3474368558716145
Encrypted:false
SSDEEP:
MD5:30189435A0FFA4C9A61ECE45DA6A4B12
SHA1:58C26A02ECD5166FCE79FF7410FF7678A5A82AFE
SHA-256:167922DE0E65FA7C5DE1B7A09EEBB5EBA00B85FF7FF254C4DDF7ABBD1F31DC87
SHA-512:380DA8F9B834C633301395A8492AEC8DC0C7C4E6A630C085C7F1019483937A41D9441E18ABE6C5F1DCAAD57D71EF9D8DD87E8C53B6F2D823028E86AB0A3E4793
Malicious:false
Reputation:unknown
Preview:SessionID=b6fb1521-2855-4689-8238-35b93a816f9e.1728414530093 Timestamp=2024-10-08T15:08:50:093-0400 ThreadID=6520 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b6fb1521-2855-4689-8238-35b93a816f9e.1728414530093 Timestamp=2024-10-08T15:08:50:095-0400 ThreadID=6520 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b6fb1521-2855-4689-8238-35b93a816f9e.1728414530093 Timestamp=2024-10-08T15:08:50:095-0400 ThreadID=6520 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b6fb1521-2855-4689-8238-35b93a816f9e.1728414530093 Timestamp=2024-10-08T15:08:50:095-0400 ThreadID=6520 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b6fb1521-2855-4689-8238-35b93a816f9e.1728414530093 Timestamp=2024-10-08T15:08:50:096-0400 ThreadID=6520 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):35814
Entropy (8bit):5.4205732909158
Encrypted:false
SSDEEP:
MD5:A701753D4E310D71C44093D346706785
SHA1:3F476207AA2ABC0C46631B0A89BDF44351D7568B
SHA-256:4D5495107C17E743389D9D08654D0D42C6D86101584BF0F4B9155ABEC34B2466
SHA-512:59B9C4464FF888D43EAF266AD5E8F6BB4C72F0C75E012578A6C82DA8BBEABCA173F5F28527F673CDAC9D146D22AE749EE1D1E4AC6CD147CBD6DAFEB2E0D1CB92
Malicious:false
Reputation:unknown
Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\~DF3BA484A035543941.TMP

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):512
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:false
Reputation:unknown
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFA5AE0CAD9D473934.TMP

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):16384
Entropy (8bit):0.3613836054883338
Encrypted:false
SSDEEP:
MD5:679672A5004E0AF50529F33DB5469699
SHA1:427A4EC3281C9C4FAEB47A22FFBE7CA3E928AFB0
SHA-256:205D000AA762F3A96AC3AD4B25D791B5F7FC8EFB9056B78F299F671A02B9FD21
SHA-512:F8615C5E5CF768A94E06961C7C8BEF99BEB43E004A882A4E384F5DD56E047CA59B963A59971F78DCF4C35D1BB92D3A9BC7055BFA3A0D597635DE1A9CE06A3476
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):30
Entropy (8bit):1.2389205950315936
Encrypted:false
SSDEEP:
MD5:7C86AB673C66E7D920609D71A1992C43
SHA1:624761EA98CB629EDAC8E6ADF1C1FB1E6360DC53
SHA-256:1F973842C653BE42FD7D2238AE6C2959F7F99285AB3A9310ED24A0721D7027A9
SHA-512:54721940CDDE717B23ED6C420643522D0C3BABE5F8E704CB6E341B1A960F5818AEA26317205F3D6AEBD02375A160B79D98A4EFDBE00F1E5631B82F962257984C
Malicious:false
Reputation:unknown
Preview:....Y.........................

C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):16384
Entropy (8bit):0.6699171651619305
Encrypted:false
SSDEEP:
MD5:1916076FE41C1970E1EDC96D33C1C40E
SHA1:971DC46099618F42B804A53EE0E8C72D9B9321B4
SHA-256:E3D8A6B413BCF2B23379BEEEC65EBFE2E832597CBC5B737C99E3B9C36128FED2
SHA-512:5A51A5B19348A2183637F810AC3D6219A53BA99409538A74242EBA0A696A86C443CB24DAF185CDE260161E78672A44152EEDF77C7DC9DEFFB2B32933DF724DA7
Malicious:false
Reputation:unknown
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Outlook email folder (>=2003)
Category:dropped
Size (bytes):271360
Entropy (8bit):0.4173503542368155
Encrypted:false
SSDEEP:
MD5:BA2D1F6C64F753FF7D150D4844974B73
SHA1:723B901433FB7701CEF12EBB678597C449B42B18
SHA-256:49838E9F750B1C9DA606B9B7F573B71A2F8AA53C8ED2D27851CC813D7CDC16F4
SHA-512:310B9CC6DB4BA1DF17A042B3E68153FA07F72A79C64810848DFA3A2B47EDE97D66658EFB6D7C2BFC219826399BABFEBDA12BA6662D39B059B66794FE4F0338C8
Malicious:false
Reputation:unknown
Preview:!BDN....SM......\.......................&................@...............................................................................................................................$.......D......@...........................................................................................................................................................................................................................................................................................................................0........^..j.@.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):0.547662323273604
Encrypted:false
SSDEEP:
MD5:338C1377B46DEEE42A5194C205751C82
SHA1:3A64A5278F2C4B158E0DF408FCD4A1F7A43C54FE
SHA-256:3A6497B389529641043FB9167B0B1C01F84DE60E9351506A9FA9F8B55D016987
SHA-512:2E92EA3DE1EF5279A3C42BAC74A92B77A25F823549B4DE4E489512116DC3BA46FF6A95100A36C024977973D549702767CCEE49E2607AEE7185F20CB2123C9AD0
Malicious:false
Reputation:unknown
Preview:6./.C...#............. y......................#.!BDN....SM......\.......................&................@...............................................................................................................................$.......D......@...........................................................................................................................................................................................................................................................................................................................0........^..j.@... y.........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
Entropy (8bit):5.987703618135619
TrID:
  • E-Mail message (Var. 5) (54515/1) 100.00%
File name:Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml
File size:62'219 bytes
MD5:4277402f0f8e64fceaa82e1cc90aeba6
SHA1:6beda0fe292fd63f1053233f2b23ed14478f368e
SHA256:093e125920085275e5721961bb35039022950fa5729da3e5c6744f3adf31f8cb
SHA512:a22b0944e9039c4b3f18ede10e7d8d4a1581d1352dd99a7b471cd8b5a48434528489059e8b247ee7ade0b8581ce45f3e5119e83c00932daebcf4a02164c1b163
SSDEEP:768:NOKb+l3NrlYnkfyka7BoxKXf/+aEP9jC+0Pa4r4CIoZnQU:NOKb+l3xlYnktC1EoXbIyh
TLSH:A953F680AA500111F1B71A9C2F0ABD4EA6217A0FEED3CDD131E6619BDEDF467871B349
File Content Preview:Received: from YQBPR0101MB6441.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:42::9).. by YT2PR01MB5086.CANPRD01.PROD.OUTLOOK.COM with HTTPS; Tue, 8 Oct 2024.. 18:25:56 +0000..Received: from YT4PR01CA0020.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:d1::23).. by YQ

Static Mail

General

Subject:Fw: Adfast Canada Request For Proposal (RFP) ID#9009
From:Drew Hauser <drewh@mccallumsather.com>
To:Quadbridge Support <support@quadbridge.com>
Cc:
BCC:
Date:Tue, 08 Oct 2024 18:25:31 +0000
Communications:
  • Ce message a t envoy de l'extrieur de l'organisation - This message was sent from outside your organization. Please advise if this is spam or a virus Drew Hauser Director of Design & Business Development Hons. Vis. Arts, B.Arch., OAA, FRAIC, AIA, CAHP Cell 289.260.1171 ________________________________ From: Nils Keschtkar <nils.keschtkar@adfastcorp.com> Sent: Tuesday, October 8, 2024 2:43:14 PM Subject: Adfast Canada Request For Proposal (RFP) ID#9009 Bonjour, Veuillez trouver ci-joint une RFP (demande de proposition) importante de Adfast Canada qui requiert votre attention. Cl d'accs au fichier : rfp [ID RFP #9009] Publi : 7 octobre 2024 Date limite de soumission : 31 octobre 2024 In English: Good morning, Please find attached an important RFP (request for proposal) from Adfast Canada which requires your attention. File access key: rfp [RFP ID #9009] Published: October 7, 2024 Submission deadline: October 31, 2024 Thanks, Nils Keschtkar Business Development Representative/Project Manager Nils.Keschtkar@adfastcorp.com<mailto:Nils.Keschtkar@adfastcorp.com> 2685 rue Diab Montral H4S1E7 QC Tel (514) 337-7307 ext:7054 https://eu-west-1.protection.sophos.com?d=adfastcorp.com&u=d3d3LmFkZmFzdGNvcnAuY29t&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=dG9wbjdvOVdSMkNkK2JSUHlLRXVxU25HMkMzUWd3TGlwVERncFpQTTRiRT0=&h=66179e61a883466789c054663f91f253&s=AVNPUEhUT0NFTkNSWVBUSVZ2rckHTN4sNE1ZsoTc2btSDkJKX6TLBdzLzsEmY8a5Rw<https://us-east-2.protection.sophos.com?d=adfastcorp.com&u=aHR0cDovL3d3dy5hZGZhc3Rjb3JwLmNvbS8=&p=m&i=NjAwMDI5MjdjNzQ1NDY0ODkyYTNlYjA2&t=Vm11UXVXZnZnb1MzbmNnd28xeGV4anBZVStDUFhpS1RHekUwalVXWkw1cz0=&h=051025da07cf4956bd290d0fc0efdc23&s=AVNPUEhUT0NFTkNSWVBUSVby6S_Mjm_TcV9axpDQcvvq-zGwQVtDFRkbEIiqNyuA1g> [cid:b8aee9b2-946d-471b-9352-be2a44ee0668]<https://us-east-2.protection.sophos.com?d=youtube.com&u=aHR0cHM6Ly93d3cueW91dHViZS5jb20vY2hhbm5lbC9VQ0NybnhuZ2hQdXlvbm9YdjMzMkhlZkE=&p=m&i=NjAwMDI5MjdjNzQ1NDY0ODkyYTNlYjA2&t=K1lSUGdIeGtWaExGYWZ2N3UzVEdsbGswbk1oakxuZ3hqVFZTZEYxWlpsOD0=&h=051025da07cf4956bd290d0fc0efdc23&s=AVNPUEhUT0NFTkNSWVBUSVby6S_Mjm_TcV9axpDQcvvq-zGwQVtDFRkbEIiqNyuA1g>[cid:92618214-111d-4254-a35d-4047e5758dd7]<https://us-east-2.protection.sophos.com?d=facebook.com&u=aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL0FkZmFzdENvcnAv&p=m&i=NjAwMDI5MjdjNzQ1NDY0ODkyYTNlYjA2&t=QW9xbnhpUE9yMFFCamJmZ1U2UnhZbkRPWW9JV0JZL1ViZ0J3eWxaY09kST0=&h=051025da07cf4956bd290d0fc0efdc23&s=AVNPUEhUT0NFTkNSWVBUSVby6S_Mjm_TcV9axpDQcvvq-zGwQVtDFRkbEIiqNyuA1g> [cid:2faa2fef-9ee8-458f-88a0-f1dde199e339] <https://us-east-2.protection.sophos.com?d=linkedin.com&u=aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2NvbXBhbnkvMzg1NDMyOC9hZG1pbi8=&p=m&i=NjAwMDI5MjdjNzQ1NDY0ODkyYTNlYjA2&t=MDkyKzk0OGxBblB1Wm1CcTJJZGJCMmtpdGZOTTNEdEJkekNRY1RqZWtkaz0=&h=051025da07cf4956bd290d0fc0efdc23&s=AVNPUEhUT0NFTkNSWVBUSVby6S_Mjm_TcV9axpDQcvvq-zGwQVtDFRkbEIiqNyuA1g> [cid:6b8165df-1787-4a3d-9fbd-7a0ddc3f170e] <https://us-east-2.protection.sophos.com?d=instagram.com&u=aHR0cDovL2luc3RhZ3JhbS5jb20vYWRmYXN0X2NvcnAv&p=m&i=NjAwMDI5MjdjNzQ1NDY0ODkyYTNlYjA2&t=V3c2aXVDMlBKTnplcFkxVWdHcngxcjdhS1ZxdFNBQ1o1ekN6WXpjUDVBQT0=&h=051025da07cf4956bd290d0fc0efdc23&s=AVNPUEhUT0NFTkNSWVBUSVby6S_Mjm_TcV9axpDQcvvq-zGwQVtDFRkbEIiqNyuA1g> [cid:7e0be571-0da9-4287-abde-5e7826395304]
Attachments:
  • Adfast Canada Request For Proposal (RFP) ID#9009.pdf

Headers

Key Value
Receivedfrom YQBPR0101MB4745.CANPRD01.PROD.OUTLOOK.COM ([fe80::d224:1b0c:7cac:4756]) by YQBPR0101MB4745.CANPRD01.PROD.OUTLOOK.COM ([fe80::d224:1b0c:7cac:4756%7]) with mapi id 15.20.8026.020; Tue, 8 Oct 2024 18:25:31 +0000
Authentication-Resultsspf=pass (sender IP is 40.93.18.6) smtp.mailfrom=mccallumsather.com; dkim=fail (body hash did not verify) header.d=mccallumsather.onmicrosoft.com;dmarc=bestguesspass action=none header.from=mccallumsather.com;compauth=pass reason=109
Received-SPFSoftFail (protection.outlook.com: domain of transitioning mccallumsather.com discourages use of 103.246.251.226 as permitted sender)
X-Sophos-Product-TypeMailflow
X-Sophos-Email-ID858e926441be40aba494d0911cf671d2
Authentication-Results-Originaldkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mccallumsather.com;
ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZewJeks+HTPXPuGHzq+S2HtpePpVgRV0iJih8S/WFhsb1rxn4Wgxv2L04lC4MHwZZe1HETQwiTTi1CzccZWLepT+uyx9hHCsGMpO1f/YJhfB8WN18Vpvc8ND7BfUldn4Sh+15ro4AKr/gh94OOgGbgZYzMRifuHDgQT7T05DoAzLhANbmFdWCKwxRYr466Pskc2bW5isbQjKdxJ7E2jsthnUAwoukmuC74c1TpEZVADhmUwe7lqKKha7nFRg5L1efGv/UIfId6SyF2M53XorZRCG5acbAzayYUkX+KHghWL6B6ysU5MdADC4cL8GiV0RgsxlCpVXTqW0P5P+W5CpGg==
ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UyRM5Kzce6jJBuonjEkO7s858rLs52ka5C/gkFl6H34=; b=zDKXWhJAL2o+BIGfgoCuV+BKetmF2DPLMSMjnI8OYuexQzTHubyxIxfhzW0bsIszQIM7Jd/kaSKkGbD5BCvnNPpfirava7otu1wmOmjs3YFhj5M609MyQJDo64/EEw0e8334FM7P2QW30DZ/wnE3gVD/9aHPKI5XI5vGqP6C6coP3C/YfGKAbxlDYtIefJJ8G+8qj9L7eKDVwk/unsVH1gsKwYCmEkuaBLmtZtqrmFKBLNQ0NmSwpN2EJ4PqKvzr9WdQ1fo9thewZCAMhOVIbfKXsvWC9MjDngWTq8T/FYvBs3jFt2lZHWJsEGxYSP64m0cfrLZ3THUnJSFsWP4sUA==
ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mccallumsather.com; dmarc=pass action=none header.from=mccallumsather.com; dkim=pass header.d=mccallumsather.com; arc=none
DKIM-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1728411931; s=v1; d=mail-dkim-us-east-2.prod.hydra.sophos.com; h=Content-Type:Date:Subject:To:From; bh=j/Q1PN5VioNMM7Ny0hMFGxfSj9HUzG2eioN5pwWRjwE=; b=DP/z/tQ8yXhOCXH8f3u53PuR6lVtxjiOsT4jdts2oDeeP+KAR64CbbiSZY03syFz d+DdG8oQ4GqRaz8Lgj3wuFK2sKADjIbfkpP24c1zncPyxpyxUk8hbC3BQ3vep0EZuAl ETvDnP4IV12lhpAOg+G/JQ5o+T2kJ+RKfDiCVXYjmgljDn6J6fHCaKr6d5XFan9zJrW 1b6HnVSJLQp2hE2GcQXP40BMjHvpHkYqPwFPaLr04mPR2nCEqB3kgpl2T9Qns3l0VjO uK4bEsH/6l7kJ/2kuzoZ2d0yoxFhZn5H0k2ACnqwvcnHaEszAjFfQhgZjyoKxieKex6 MdQ+OZ499Q==
X-MS-Exchange-Authentication-Resultsspf=softfail (sender IP is 103.246.251.226) smtp.mailfrom=mccallumsather.com; dkim=pass (signature was verified) header.d=mail-dkim-us-east-2.prod.hydra.sophos.com;dmarc=none action=none header.from=mccallumsather.com;
FromDrew Hauser <drewh@mccallumsather.com>
ToQuadbridge Support <support@quadbridge.com>
SubjectFw: Adfast Canada Request For Proposal (RFP) ID#9009
Thread-TopicAdfast Canada Request For Proposal (RFP) ID#9009
Thread-IndexAQHbGag2rEwFZ9z8H0eULv3zP3a8obJ9K3EB
DateTue, 08 Oct 2024 18:25:31 +0000
Message-ID<YQBPR0101MB4745A2BD1C03CBDC88CB9839D47E2@YQBPR0101MB4745.CANPRD01.PROD.OUTLOOK.COM>
References<YT2PR01MB10792AFF7908EADCB96D92537F27E2@YT2PR01MB10792.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To<YT2PR01MB10792AFF7908EADCB96D92537F27E2@YT2PR01MB10792.CANPRD01.PROD.OUTLOOK.COM>
Accept-Languageen-CA, en-US
Content-Languageen-CA
X-MS-Has-Attachyes
X-MS-TNEF-Correlator
msip_labels
x-ms-reactionsallow
x-ms-traffictypediagnostic YQBPR0101MB4745:EE_|YT4PR01MB9814:EE_|TO1PEPF00005346:EE_|YT2PR01MB5774:EE_|YT2PEPF000001CD:EE_|YT2PR01MB8517:EE_|YT2PEPF000001CD:EE_|YQBPR0101MB6441:EE_|YT2PR01MB5086:EE_
X-MS-Office365-Filtering-Correlation-Idaa5e2d48-76ec-40ca-5916-08dce7c6a43d
X-MS-Exchange-SenderADCheck1
X-MS-Exchange-AntiSpam-Relay0
X-Microsoft-Antispam-UntrustedBCL:0;ARA:13230040|35042699022|3613699012;
X-Microsoft-Antispam-Message-Info-Original uUVJ0L9TxRVsLpOBQUy7pVwM7hVyH410he/yQSmFK1RUqpY5FrINS+TTRhhr3GXfLEsAqg4umEtlm/CBNq1mMfRmNvKaYbZpxIFrZFoklQTRCdQ5IYgzGqRN25PsgvsY775yWfDEnowNQN4zNthiHxxHOp43kvr5d4vmKKOAKW6Qo9aTn+QKq1Gcf2hCcCMbWLua+jgRChopWPHAgITBubioh5z5DjF8/Lxld3cH9Xm2zG99msd/5wkQWT7Q9OYSByEoYbcSj/RolnfSovxvlt3lhGxQpmiR8PGZSdAApNY20ryEiUA0uVTMu7z87UX9pk9mTZW2jqBW7/wkuwbecWy0u8OhtEyu9mtAdLJk0R0ZFRyFmeXg6Yg49h5G/532KQnSCX18hb0gDYyoKmMOBwjCpdh49BWt5TZsPCGlR//6CKo6UJggX28uJGdTXR8S/ewhVLmoz4iYQdMsjveZ8pLCBzttDQG/80bPhV3D5SwYEOmbpfBvKwAPJCp8aeSrPaE3Bf2LQW3MiKzuD7VMu9/lnkmjJU/u2PXgm7Dd2bEYkJW2wcHnavBRbr7BLGpT9z1rA+AbnYOw9X61U8n8HJU3ct6MboRgNOpIg/0VybZg04rOAXJ1nFcqhweoNgaoEzMzrGZWNafngVMtiS0EpkBadMhINaot7V9LENRW5rOZX3zUvXeV2Alh3lGX7fyWCNaN7q5T81fTVfcsRN2/RCFgMDwMlJd5Zanjl1QSBGKyzhMxPFRy+OppyHdFFlc9PR7c20tSjm9KFGa0K4b2SOomUwBiuKo1RDg7RDv3x1xR7W9oQecWvUbz2o5koakJSTCA9Rb7CiUE/4+AFBJqcCow/T55s69Mymi5jn0od4lgXB7UAHnqKz4kYOG4b7hcgvNubfHAp0QqhwvAzszDKv8eGOmCA8WrQqyGM9ZVdTqJv2RyaBsDnpkMGiUkwrn+vIiywodEGi8VqR9eAnLiCpGd+JC/wsTkW5NsmzJsmMfxISpReNJsB2Xa/NRdk6mmx1qp76nlHoryjzGIcPKmw8G+biqo4zQbL6BSW0AcihksrQdI1Q/4d75wVpMbVVHNyx0qGl5VRFaXLptBbXYW+iOjM6Zjhn61YVPrwbn65akaP0Uq7NLiyMlUylZrZZoDWvcXrK0jXJ8HrXiNj35h4j2d00/XrLXyBOyKIaMA621/x8NINF1xTnVoQKItZDYaF7E1crPvBtNBpn6hnZ5j3UHVre9WV28cV/W2CtepwMS+sCN59cIAUmdXkU72IwkLOA//1Rxy+/CPQ0mZDtC9747d/FE4MAhPd2/E7bQSKSUdLKVHIV0WlztZ5ThNx0tMYsLSnRRTOzHBocbFc+LjL6lL+5r6WPii87wOMKbujR25PNYkAhx0dX4iuIC7kTF9EfgiBWcL8xaKPOjVvmmZvK4nNaSHynKxKzA38q44UsnRWIj/A4lCQduMccuDB4DAVW4TacPm3S0Fmqjhe7LdzHlTOd2EZFSfk76Jy6vwuSMqb8eOGkO8qA8/E6R9L7EZZiCvCI3mQOVVffgulfzIfXYe5BsDaztFVYdGrCsLs3VcU9XS6BykFZi/ObeA1J6w8uzAx6Hle8ERzI+9AJea6aIMizpLTMN6tN5nOl/adUaSRhgz5rbeNnEOfd4145TG63cdYTN+jn7MR9sNlcxsn3DwYdppV4hhsN5GkXB1NWALFH4Y+PiSmk4FCbw8rPVoLpqQgHfiGc+EFwjNoKrkSvQAcvM7HRk0HSnxa/NKKQ8i5gH0KDhRpondbTYyE9OygJC+bJEuPfA9mT0r4YYtmZTUVFabxfgG+TBGZYqmPlf2WIr2dfLObFI+l4qmR3u11j1AUf13Az3vYVOo+7JnsTqmBCkdGxs7kwKyxxsXmL0=
X-Forefront-Antispam-Report-UntrustedCIP:40.107.193.72; CTRY:CA; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT6PR01CU002.outbound.protection.outlook.com; PTR:mail-canadacentralazon11022072.outbound.protection.outlook.com; CAT:NONE; SFS:(13230040)(35042699022)(3613699012); DIR:INB;
Content-Typemultipart/mixed; boundary="_010_YQBPR0101MB4745A2BD1C03CBDC88CB9839D47E2YQBPR0101MB4745_"
X-MS-Exchange-Transport-CrossTenantHeadersStampedYQBPR0101MB6441
X-Sophos-Email[eu-west-1] Antispam-Engine: 6.0.0, AntispamData: 2024.10.8.174815
X-LASED-From-ReplyTo-DiffFrom:<ableone.com>:11
X-LASED-SpamProbability0.091123
X-LASED-HitsARCAUTH_PASSED 0.000000, BODYTEXTH_SIZE_3000_MORE 0.000000, BODY_SIZE_10000_PLUS 0.000000, BODY_SIZE_25K_PLUS 0.000000, BODY_SIZE_50K_PLUS 0.000000, DKIM_SIGNATURE 0.000000, DQ_S_H 0.000000, ECARD_KNOWN_DOMAINS 0.000000, FONT_STYLE_0PT 0.000000, FRAUD_ATTACH 0.050000, HTML_90_100 0.100000, HTML_FONT_INVISIBLE 0.100000, HTML_NO_HTTP 0.100000, IMG_AR_1 0.000000, IMG_ATTACHED_2P 0.000000, IMP_FROM_NOTSELF 0.000000, INBOUND_SOPHOS 0.000000, INBOUND_SOPHOS_TOP_REGIONS 0.000000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000, MULTIPLE_ATTACHMENTS 0.000000, NO_FUR_HEADER 0.000000, NO_URI_HTTPS 0.000000, OBFUSCATION 0.000000, PDF_ATTACHED 0.000000, PDF_ATTACHED_1 0.000000, PNG_PIXPERBYTE_LOW 0.000000, PNG_PIXPERBYTE_MED 0.000000, REFERENCES 0.000000, SUPERLONG_LINE 0.050000, SUSP_DH_NEG 0.000000, TEXT_DIRECTION 0.000000, TEXT_DIR_LTR_ONLY 0.000000, URI_WITH_PATH_ONLY 0.000000, WEBMAIL_SOURCE 0.000000, __ANY_URI 0.000000, __ARCAUTH_DKIM_PASSED 0.000000, __ARCAUTH_DMARC_NONE 0.000000, __ARCAUTH_DMARC_PASSED 0.000000, __ARCAUTH_PASSED 0.000000, __ARC_SEAL_CV_FAIL 0.000000, __ARC_SEAL_MICROSOFT 0.000000, __ARC_SIGNATURE_MICROSOFT 0.000000, __ATTACHMENT_NOT_IMG 0.000000, __ATTACHMENT_PHRASE 0.000000, __ATTACHMENT_SIZE_10_25K 0.000000, __ATTACH_CTE_BASE64 0.000000, __ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __AUTH_RES_DKIM_PASS 0.000000, __AUTH_RES_ORIG_DKIM_NONE 0.000000, __AUTH_RES_ORIG_DMARC_NONE 0.000000, __AUTH_RES_PASS 0.000000, __BEC_SUBJ_KEYWORD 0.000000, __BODY_TEXT_X4 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __BUSINESS_SIGNATURE 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_MIXED 0.000000, __DQ_D_H 0.000000, __DQ_IP_FSO_LARGE 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __DQ_S_DOMAIN_HD_10_P 0.000000, __DQ_S_DOMAIN_HD_1_P 0.000000, __DQ_S_DOMAIN_HD_20_P 0.000000, __DQ_S_DOMAIN_HD_5_P 0.000000, __DQ_S_DOMAIN_HIST_1 0.000000, __DQ_S_DOMAIN_MC_100_P 0.000000, __DQ_S_DOMAIN_MC_10_P 0.000000, __DQ_S_DOMAIN_MC_1K_P 0.000000, __DQ_S_DOMAIN_MC_1_P 0.000000, __DQ_S_DOMAIN_MC_50_P 0.000000, __DQ_S_DOMAIN_MC_5_P 0.000000, __DQ_S_DOMAIN_RE_49_L 0.000000, __DQ_S_DOMAIN_RE_99_L 0.000000, __DQ_S_DOMAIN_SP_0_P 0.000000, __DQ_S_HIST_1 0.000000, __DQ_S_HIST_2 0.000000, __DQ_S_IP_HD_10_P 0.000000, __DQ_S_IP_MC_100_P 0.000000, __DQ_S_IP_MC_10_P 0.000000, __DQ_S_IP_MC_1_P 0.000000, __DQ_S_IP_MC_5_P 0.000000, __DQ_S_IP_RE_0 0.000000, __DQ_S_IP_RE_49_L 0.000000, __DQ_S_IP_RE_4_L 0.000000, __DQ_S_IP_RE_99_L 0.000000, __DQ_S_IP_RE_9_L 0.000000, __DQ_S_IP_SC_1_P 0.000000, __DQ_S_IP_SC_5_P 0.000000, __EXTORTION_MALWARE 0.000000, __FRAUD_INTRO 0.000000, __FRAUD_MONEY_BIG_COIN 0.000000, __FRAUD_MONEY_BIG_COIN_DIG 0.000000, __FUR_RDNS_OUTLOOK 0.000000, __HAS_ATTACHMENT 0.000000, __HAS_ATTACHMENT1 0.000000, __HAS_ATTACHMENT2 0.000000, __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_X_FF_ASR 0.000000, __HAS_X_FF_ASR_CAT 0.000000, __HAS_X_FF_ASR_SFV 0.000000, __HIDDEN_HTML_CONTENT 0.000000, __HIGHBIT_ASCII_MIX 0.000000, __HTML_ATTR_DIR 0.000000, __HTML_BAD_END 0.000000, __HTML_BOLD 0.000000, __HTML_DIR_LTR 0.000000, __HTML_TAG_DIV 0.000000, __HTML_TAG_TABLE 0.000000, __IMG_ATTACHED 0.000000, __IMG_SIZE_1K_10K 0.000000, __IMG_SIZE_1K_LESS 0.000000, __IMP_FROM_NOTSELF 0.000000, __INBOUND_SOPHOS_EU_WEST_1 0.000000, __IN_REP_TO 0.000000, __JSON_HAS_MODELS 0.000000, __JSON_HAS_SCHEMA_VERSION 0.000000, __JSON_HAS_SENDER_AUTH 0.000000, __JSON_HAS_TENANT_DOMAINS 0.000000, __JSON_HAS_TENANT_ID 0.000000, __JSON_HAS_TENANT_SCHEMA_VERSION 0.000000, __JSON_HAS_TENANT_VIPS 0.000000, __JSON_HAS_TRACKING_ID 0.000000, __KNOWN_SPAMMER_ADDRESS_5 0.000000, __MAIL_CHAIN 0.000000, __MIME_ATTACHMENT_1_N 0.000000, __MIME_ATTACHMENT_1_N_N 0.000000, __MIME_ATTACHMENT_N_2 0.000000, __MIME_ATTACHMENT_N_3 0.000000, __MIME_ATTACHMENT_N_4 0.000000, __MIME_HTML 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MODEL_THREAT_GE_25 0.000000, __MODEL_THREAT_SINGLE_GE_25 0.000000, __MSGID_32_64_CAPS 0.000000, __MTHREAT_50 0.000000, __MTL_50 0.000000, __MULTIPLE_URI_TEXT 0.000000, __PART_TYPE_HTML 0.000000, __PHISH_PHRASE10_D 0.000000, __PHISH_SPEAR_GREETING 0.000000, __PNG_AR_1 0.000000, __PNG_WIDTH_100 0.000000, __RCVD_PASS 0.000000, __RDNS_WEBMAIL 0.000000, __REFERENCES 0.000000, __RUS_OBFU_PHONE 0.000000, __SANE_MSGID 0.000000, __SCAN_DETAILS 0.000000, __SCAN_DETAILS_SANE 0.000000, __SCAN_DETAILS_TL_0 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __STOCK_CRUFT 0.000000, __STYLE_RATWARE_NEG 0.000000, __STYLE_TAG 0.000000, __SUBJ_FORWARD 0.000000, __TAG_EXISTS_BODY 0.000000, __TAG_EXISTS_HEAD 0.000000, __TAG_EXISTS_HTML 0.000000, __TAG_EXISTS_META 0.000000, __TEXT_DIR_LTR 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_PATH 0.000000, __URI_NS 0.000000, __URI_REDIR 0.000000, __X_FF_ASR_SCL_NSP 0.000000, __X_FF_ASR_SFV_NSPM 0.000000
X-LASED-ImpersonationFalse
X-LASED-SpamNonSpam
X-Sophos-Mailflow-Processing-Id68ac95dac2cb497189789a5b0fa09d48
X-EOPAttributedMessage2
X-MS-Exchange-Transport-CrossTenantHeadersStripped YT2PEPF000001CD.CANPRD01.PROD.OUTLOOK.COM
X-MS-Office365-Filtering-Correlation-Id-Prvs 39a76dcb-d6b5-4611-ea47-08dce7c69cb6
X-EOPTenantAttributedMessage7136a643-f43a-4e59-b470-0f0804af0ab7:1
X-MS-Exchange-Transport-CrossTenantHeadersPromotedYT2PEPF000001CD.CANPRD01.PROD.OUTLOOK.COM
X-MS-Exchange-AtpMessagePropertiesSA|SL
Content-Transfer-Encoding8bit
X-Sophos-Email-Scan-Details27140d1e1540510e7e771140550e7d75
X-Sophos-SenderHistoryip=40.107.193.72, fs=9003032, fso=9003032, da=221870556, mc=803, sc=6, hc=797, sp=1, re=0, sd=0, hd=20
X-Sophos-DomainHistoryd=mccallumsather.com, fs=50040471, fso=63513402, da=82613380, mc=3578, sc=0, hc=3578, sp=0, re=21, sd=0, hd=24
X-Sophos-MH-Mail-Info-KeyNFhOUGJNMlZyc3pSaFF0LTE3Mi4xOS4xLjU=
Return-Pathdrewh@mccallumsather.com
X-MS-Exchange-Organization-ExpirationStartTime08 Oct 2024 18:25:52.4792 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id aa5e2d48-76ec-40ca-5916-08dce7c6a43d
X-MS-Exchange-Organization-MessageDirectionalityIncoming
X-MS-Exchange-SkipListedInternetSender ip=[40.93.18.6];domain=YT3PR01CU008.outbound.protection.outlook.com
X-MS-Exchange-ExternalOriginalInternetSender ip=[40.93.18.6];domain=YT3PR01CU008.outbound.protection.outlook.com
X-MS-PublicTrafficTypeEmail
X-MS-Exchange-Organization-AuthSource YT2PEPF000001CD.CANPRD01.PROD.OUTLOOK.COM
X-MS-Exchange-Organization-AuthAsAnonymous
X-MS-Exchange-Organization-SCL-1
X-Microsoft-Antispam BCL:0;ARA:13230040|35042699022|2040899013|82310400026|3613699012;
X-Forefront-Antispam-Report CIP:198.154.180.200;CTRY:CA;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKN;H:YT3PR01CU008.outbound.protection.outlook.com;PTR:mail-canadacentralazlp17010006.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(35042699022)(2040899013)(82310400026)(3613699012);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime08 Oct 2024 18:25:52.1823 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Idaa5e2d48-76ec-40ca-5916-08dce7c6a43d
X-MS-Exchange-CrossTenant-Id7136a643-f43a-4e59-b470-0f0804af0ab7
X-MS-Exchange-CrossTenant-AuthSource YT2PEPF000001CD.CANPRD01.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAsAnonymous
X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
X-MS-Exchange-Transport-EndToEndLatency00:00:04.7656370
X-MS-Exchange-Processed-By-BccFoldering15.20.8048.010
X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(4955320)(920097)(930097)(140003);
X-Microsoft-Antispam-Message-Info mJE5opqRBTQpv+6AHbttsZK6U5qUmSn476Js2wiu72PTudoJuJybi5C9lzQ90NR/GQ7Kmffizwa5MExxvp8NkcF+QOnhwyhNr3zdNH60t0xcOqyOhBaBc+6fN62qa9IAa8hHHeR7wVfPoJzxxyhMMIM6q+bdC3u2/QLcASULIEbQXN1w4t2HbPq7rYho3lqzAOXowu0UcdkIa9bKeiMMTVKOK18wAyLwozcfPSg6a7Z4+XyfRwIdh0JjHRh6PpgXVahFJaPTVQXCRxbnQEnNzY8f9JroLoGsb2YypnfYXdUlgMV44OqePcScjnF7Zzn1d82jzR6K9UkD+vwSwN8y+gaYkOj6fI5pR90PASNnPvqeLgWaC5GsrPRiuvH6Vbr7TP+sVu9JaH/cm9filNdgbYTf5o+rZqJecXpP88TsbtHiKH3addoOu0ygh6KilVOjpRLPb3+ZYwKtiYhtHxvEPTjjPKHr73Y9tLyXwqJimVUwOky0Vbw1zVQ1c82MZ5K1m3UxZawo/Apys3RtlYpcDMXLZT4zVhReIWWOc596PcSu7pQatyEjdk5WjsWPGzlZkJHGy6bTw1H/aZYyVOfNSFOLCw/f6Zr5a6lvpHR5qlW0RRpyDSU1Mkz2ov+q7bcNC3TwCXz/98LbgmmyzzhlSRCyOWiixVUa6Mf/ctGlOmx7ReA4HepfYDlw3XxVO24bjk0v5aMTkBzr+EmLeti2arv9ziAgIxBmnTykYElLP/yQ0ZeFkVhoEnisZa/diKxIjz10OlLc9wOuusVZVUAnPfjk+LmYCRxlShaWQSeLpLBMBf6aj6sGSZHpYbFVfDt6MnazECRKtHBNqU+jFO0eA25Onv+iAFC6yIJXJvN0mx3eyqGcc2cpM6hC1VwXu/m+n9Sp6H00uDBjF8SXrGDKlqS5aEC5SZpkvoEvcdjKngk+3OeOtz2AzkFDkiPeK6z/LMGs821q705RYYC+xlSDsNccTw+VtEWGlpHk6luhuceMy/Q19EzJ5cTKUDiG/WS5Q5nktq7IIjuK8TJ0FqtSmJiU8YYeJx74h2Peyu2ehoUbjkEYNj7koaODB5l3yMcJkPvyEVBzsNFF+uOSaSELxLLusKOYEU+rqkYCJKcW0b7ibqvBnA6HYSvYaAWFeIWEoM2G6aTnnUmKf6/P1jSGHXgbNv4nhkZJZHwsYcgTC9DnTLWOFzhypKCzz/57VBXv29S4BuKpb7IbJIr+9R9uo8Hm4gHtb+46WCwSmIj/qSvEHs5kFri59/6OmWem8dhos1oCAeMLPnL7ImLvXDZpHD65zmuLyfl8q3Q4LKC6a/d983fu6n7vNCEwwWPGpgiMPbBKA02cfpgmZFtWerHd0i1PlpvCI3fgejjLAPgNtlDpNyUCkPPZhxMhY0QaQFR0KpToLsBSrcdJ/zXCu1feBPSL+VoeYzukgElpHHjujz8q9DxnjANJCWqhnnS1Oj5dEq7WXgZEutk1rKlVMvw5mV+rtcWd0S4yL51lXaGQeEcy0RWVeGivoEqyTbU/9+6Syjagy5rcbmz3iDKhLS4fXVdRbOXx462dLc0Ho/RRO9rdJSKvPmVVTF4MxW8wpKVPdzxkgapx4st4w7QBURBsJJaEZ0yQMFQVvxqFPFdfehiC7DCm28ivIoCApI20IgctAEAPA3vlmgAE/INpijHnQUtc3I9q9fXDgnKS91h97NpMY+mN8fAzuh6rVNtNRxsTlg4eW9N+sT9L62/Zhy59Kl2m3WCkveWEXK3uWtolxX1qlAZobTh49CZatyoSnKu2MgqPeTS/34AJhTy6l06tfobMz+1H5MP2yFm5ZUFJDr9koaoRfQ8dB7ocqpxTTaTq+Jv9UplA3hFPvJqrjxbjtwuw279GDS39sxrALJePjMZgbxrdV3bQpZ684JZvA54ajnKAZWXeQpICLdWZPkvOvCyRd28eTA2FYj9ZqLOX5njYuMW3OR9ellN/zXQcxMTO2ysa1bF+WL04gnJk20cuygmag6YO5nTP7H3y7e4H/klRBF7AwrcM1M3O3q8nh4ZgZc/CQbpN8eWSGq3HsSRV13cOWBWZ4yX9yINN06k016ybmuWw7n1Y05ftu7WYfX1UEZxIAuucxSScaJzIem5fjUT7N6PiyhpUjVwBDnq1YXJ2q3ejYApAXGfrSPlaYLzCcXlQXFJeTS+3lBR+CtHdlINLHeGi1v69cySHWBvsjig=
MIME-Version1.0

File Icon

Icon Hash:46070c0a8e0c67d6