Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
R_ stampa su plotter SESTE CARNIVAL.eml

Overview

General Information

Sample name:R_ stampa su plotter SESTE CARNIVAL.eml
Analysis ID:1546426
MD5:525c3c0f7e7a7bf75ebd440ca598a46b
SHA1:e0c30f30fe1ff3e6670acec02ed77762041841c3
SHA256:c35adccd8d5c7425063277a60e610d4e067050f45f74e81d130e26a79f861264
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6864 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\R_ stampa su plotter SESTE CARNIVAL.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6664 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A0CAE0D2-9C40-403E-B425-E6C771B89183" "CF374F57-CCF7-4759-9CDB-0DA4C15B87F0" "6864" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 6736 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LUN35Q36\DDTA202403389.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6272 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 4888 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1572,i,9027920132659057289,6595490232884719662,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6864, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LUN35Q36\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6864, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-31T21:42:05.430849+010020229301A Network Trojan was detected4.175.87.197443192.168.2.1649704TCP
2024-10-31T21:42:43.370438+010020229301A Network Trojan was detected4.175.87.197443192.168.2.1649722TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.16:49722
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.16:49704
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: ~WRS{96C6C273-FDBF-4111-8E2D-9A38567629B8}.tmp.1.drString found in binary or memory: HYPERLINK "https://www.facebook.com/APIresinfloors" equals www.facebook.com (Facebook)
Source: ~WRS{96C6C273-FDBF-4111-8E2D-9A38567629B8}.tmp.1.drString found in binary or memory: HYPERLINK "https://www.linkedin.com/company/api-spa/" equals www.linkedin.com (Linkedin)
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: ://www.facebook.com/APIresinfloors> [cid:8pyxVc1u40yLxnlyd01p6QIconINSTAA= equals www.facebook.com (Facebook)
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: <span style=3D"color:blue"><u><a href=3D"https://www.facebook.com/APIresinf= equals www.facebook.com (Facebook)
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: <span style=3D"color:blue"><u><a href=3D"https://www.linkedin.com/company/a= equals www.linkedin.com (Linkedin)
Source: ~WRS{96C6C273-FDBF-4111-8E2D-9A38567629B8}.tmp.1.drString found in binary or memory: HYPERLINK "https://www.facebook.com/APIresinfloors" equals www.facebook.com (Facebook)
Source: ~WRS{96C6C273-FDBF-4111-8E2D-9A38567629B8}.tmp.1.drString found in binary or memory: HYPERLINK "https://www.linkedin.com/company/api-spa/" equals www.linkedin.com (Linkedin)
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: cid:image008.png@01DB2958.7124F570] <https://www.linkedin.com/company/api-s= equals www.linkedin.com (Linkedin)
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: href=3D"https://www.linkedin.com/company/api-spa/"><img data-outlook-trace= equals www.linkedin.com (Linkedin)
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: nbsp;&nbsp;<a href=3D"https://www.facebook.com/APIresinfloors"><img data-ou= equals www.facebook.com (Facebook)
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: pa/> [cid:image009.png@01DB2958.7124F570] <https://www.facebook.com/APIre= equals www.facebook.com (Facebook)
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: s://www.facebook.com/APIresinfloors> [cid:ZdtT1uvXYkqW2GGkqPKfXwIconINSTA= equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 77EC63BDA74BD0D0E0426DC8F80085060.11.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 2D85F72862B55C4EADD9E66E06947F3D0.11.drString found in binary or memory: http://x1.i.lencr.org/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.aadrm.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.aadrm.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.cortana.ai
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.diagnostics.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.microsoftstream.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.office.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.onedrive.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://api.scheduler.
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://app.powerbi.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://augloop.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://augloop.office.com/v2
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://canary.designerapp.
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.entity.
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 795e6132-e24f-4415-b013-1f9a87d2776d.tmp.12.dr, ad954aeb-0ffc-414d-a203-f9dc077dee28.tmp.12.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://clients.config.office.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://clients.config.office.net/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cortana.ai
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cortana.ai/api
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://cr.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://d.docs.live.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://dev.cortana.ai
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://devnull.onenote.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://directory.services.
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ecs.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://edge.skype.com/rps
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://graph.ppe.windows.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://graph.windows.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://graph.windows.net/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ic3.teams.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://invites.office.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://lifecycle.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://login.microsoftonline.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://login.microsoftonline.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.dr, OUTLOOK_16_0_16827_20130-20241031T1642030473-6864.etl.1.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241031T1642030473-6864.etl.1.drString found in binary or memory: https://login.windows.local_AlR
Source: OUTLOOK_16_0_16827_20130-20241031T1642030473-6864.etl.1.drString found in binary or memory: https://login.windows.localnullBoo
Source: OUTLOOK_16_0_16827_20130-20241031T1642030473-6864.etl.1.drString found in binary or memory: https://login.windows.localnullot_D
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://make.powerautomate.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://management.azure.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://management.azure.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://messaging.action.office.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://messaging.office.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://mss.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ncus.contentsync.
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://officeapps.live.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://officepyservice.office.net/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://onedrive.live.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://otelrules.azureedge.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://outlook.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://outlook.office.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://outlook.office365.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://outlook.office365.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://powerlift.acompli.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://res.cdn.office.net
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://service.powerapps.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://settings.outlook.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://staging.cortana.ai
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://substrate.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://tasks.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://webshell.suite.office.com
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://wus2.contentsync.
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://wus2.pagecontentsync.
Source: R_ stampa su plotter SESTE CARNIVAL.eml, ~WRS{96C6C273-FDBF-4111-8E2D-9A38567629B8}.tmp.1.drString found in binary or memory: https://www.apiresinfloors.com/en/
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: https://www.apiresinfloors.com/en/=
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: https://www.apiresinfloors.com/en=
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: https://www.apiresinfloors.com=
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: https://www.instagram.co=
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: https://www.instagram.com/apiresin=
Source: ~WRS{96C6C273-FDBF-4111-8E2D-9A38567629B8}.tmp.1.drString found in binary or memory: https://www.instagram.com/apiresinfloors/
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: https://www.linkedin.com/company/a=
Source: R_ stampa su plotter SESTE CARNIVAL.emlString found in binary or memory: https://www.linkedin.com/company/api-s=
Source: ~WRS{96C6C273-FDBF-4111-8E2D-9A38567629B8}.tmp.1.drString found in binary or memory: https://www.linkedin.com/company/api-spa/
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean2.winEML@19/102@1/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241031T1642030473-6864.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\R_ stampa su plotter SESTE CARNIVAL.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A0CAE0D2-9C40-403E-B425-E6C771B89183" "CF374F57-CCF7-4759-9CDB-0DA4C15B87F0" "6864" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LUN35Q36\DDTA202403389.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1572,i,9027920132659057289,6595490232884719662,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A0CAE0D2-9C40-403E-B425-E6C771B89183" "CF374F57-CCF7-4759-9CDB-0DA4C15B87F0" "6864" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LUN35Q36\DDTA202403389.pdf"Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1572,i,9027920132659057289,6595490232884719662,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager14
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546426 Sample: R_ stampa su plotter SESTE ... Startdate: 31/10/2024 Architecture: WINDOWS Score: 2 18 x1.i.lencr.org 2->18 20 bg.microsoft.map.fastly.net 2->20 8 OUTLOOK.EXE 508 173 2->8         started        process3 process4 10 Acrobat.exe 66 8->10         started        12 ai.exe 8->12         started        process5 14 AcroCEF.exe 108 10->14         started        process6 16 AcroCEF.exe 6 14->16         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://api.diagnosticssdf.office.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://login.microsoftonline.com/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://shell.suite.office.com:1443346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://designerapp.azurewebsites.net346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://autodiscover-s.outlook.com/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://useraudit.o365auditrealtimeingestion.manage.office.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://outlook.office365.com/connectors346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://cdn.entity.346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://api.addins.omex.office.net/appinfo/query346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://clients.config.office.net/user/v1.0/tenantassociationkey346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://powerlift.acompli.net346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://rpsticket.partnerservices.getmicrosoftkey.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
      • URL Reputation: safe
      		unknown
      https://www.instagram.co=R_ stampa su plotter SESTE CARNIVAL.emlfalse
        		unknown
        https://lookup.onenote.com/lookup/geolocation/v1346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
        • URL Reputation: safe
        		unknown
        https://cortana.ai346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
        • URL Reputation: safe
        		unknown
        https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
        • URL Reputation: safe
        		unknown
        https://api.powerbi.com/v1.0/myorg/imports346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
        • URL Reputation: safe
        		unknown
        https://notification.m365.svc.cloud.microsoft/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          		unknown
          https://cloudfiles.onenote.com/upload.aspx346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          • URL Reputation: safe
          		unknown
          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          • URL Reputation: safe
          		unknown
          https://entitlement.diagnosticssdf.office.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          • URL Reputation: safe
          		unknown
          https://api.aadrm.com/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          • URL Reputation: safe
          		unknown
          https://ofcrecsvcapi-int.azurewebsites.net/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          • URL Reputation: safe
          		unknown
          https://canary.designerapp.346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          • URL Reputation: safe
          		unknown
          https://ic3.teams.office.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          • URL Reputation: safe
          		unknown
          https://www.yammer.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          • URL Reputation: safe
          		unknown
          https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
          • URL Reputation: safe
          		unknown
          https://api.microsoftstream.com/api/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
            		unknown
            https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
            • URL Reputation: safe
            		unknown
            https://cr.office.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
            • URL Reputation: safe
            		unknown
            https://www.apiresinfloors.com/en/=R_ stampa su plotter SESTE CARNIVAL.emlfalse
              		unknown
              https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                		unknown
                https://messagebroker.mobile.m365.svc.cloud.microsoft346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                • URL Reputation: safe
                		unknown
                https://otelrules.svc.static.microsoft346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  		unknown
                  https://portal.office.com/account/?ref=ClientMeControl346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://clients.config.office.net/c2r/v1.0/DeltaAdvisory346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://edge.skype.com/registrar/prod346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://graph.ppe.windows.net346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://res.getmicrosoftkey.com/api/redemptionevents346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://powerlift-frontdesk.acompli.net346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://tasks.office.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://officeci.azurewebsites.net/api/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://sr.outlook.office.net/ws/speech/recognize/assistant/work346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://api.scheduler.346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://my.microsoftpersonalcontent.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                    		unknown
                    https://store.office.cn/addinstemplate346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.aadrm.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://edge.skype.com/rps346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://outlook.office.com/autosuggest/api/v1/init?cvid=346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                      		unknown
                      https://globaldisco.crm.dynamics.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://messaging.engagement.office.com/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://login.windows.local_AlROUTLOOK_16_0_16827_20130-20241031T1642030473-6864.etl.1.drfalse
                        		unknown
                        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://dev0-api.acompli.net/autodetect346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.odwebp.svc.ms346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.diagnosticssdf.office.com/v2/feedback346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.powerbi.com/v1.0/myorg/groups346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://web.microsoftstream.com/video/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.addins.store.officeppe.com/addinstemplate346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://graph.windows.net346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://dataservice.o365filtering.com/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://officesetup.getmicrosoftkey.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://analysis.windows.net/powerbi/api346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://prod-global-autodetect.acompli.net/autodetect346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.instagram.com/apiresin=R_ stampa su plotter SESTE CARNIVAL.emlfalse
                          		unknown
                          https://login.windows.localnullBooOUTLOOK_16_0_16827_20130-20241031T1642030473-6864.etl.1.drfalse
                            		unknown
                            https://substrate.office.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://outlook.office365.com/autodiscover/autodiscover.json346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://consent.config.office.com/consentcheckin/v1.0/consents346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://notification.m365.svc.cloud.microsoft/PushNotifications.Register346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                              		unknown
                              https://d.docs.live.net346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                		unknown
                                https://safelinks.protection.outlook.com/api/GetPolicy346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://ncus.contentsync.346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.apiresinfloors.com/en=R_ stampa su plotter SESTE CARNIVAL.emlfalse
                                  		unknown
                                  https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                    		unknown
                                    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://weather.service.msn.com/data.aspx346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://apis.live.net/v5.0/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://officepyservice.office.net/service.functionality346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://templatesmetadata.office.net/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://messaging.lifecycle.office.com/346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.apiresinfloors.com/en/R_ stampa su plotter SESTE CARNIVAL.eml, ~WRS{96C6C273-FDBF-4111-8E2D-9A38567629B8}.tmp.1.drfalse
                                      		unknown
                                      https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://mss.office.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://pushchannel.1drv.ms346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://management.azure.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://outlook.office365.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://wus2.contentsync.346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://incidents.diagnostics.office.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://clients.config.office.net/user/v1.0/ios346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://make.powerautomate.com346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD.1.drfalse
                                      • URL Reputation: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      No contacted IP infos

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1546426
                                      Start date and time:2024-10-31 21:41:21 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 4m 50s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:18
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:R_ stampa su plotter SESTE CARNIVAL.eml
                                      Detection:CLEAN
                                      Classification:clean2.winEML@19/102@1/0
                                      EGA Information:Failed
                                      HCA Information:
                                      • Successful, ratio: 100%
                                      • Number of executed functions: 0
                                      • Number of non-executed functions: 0
                                      Cookbook Comments:
                                      • Found application associated with file extension: .eml

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 52.109.76.243, 2.19.126.160, 2.19.126.151, 52.109.28.48, 52.168.112.66, 184.28.88.176, 18.207.85.246, 54.144.73.197, 107.22.247.231, 34.193.227.236, 162.159.61.3, 172.64.41.3, 2.23.197.184, 23.32.184.135, 93.184.221.240, 2.19.126.143, 2.19.126.149, 2.16.100.168, 88.221.110.91
                                      • Excluded domains from analysis (whitelisted): osiprod-uks-bronze-azsc-000.uksouth.cloudapp.azure.com, odc.officeapps.live.com, slscr.update.microsoft.com, weu-azsc-config.officeapps.live.com, a767.dspw65.akamai.net, acroipm2.adobe.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, acroipm2.adobe.com.edgesuite.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, ssl.adobe.com.edgekey.net, uks-azsc-000.odc.officeapps.live.com, s-0005.s-msedge.net, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, geo2.adobe.com, europe.configsvc1.live.com.akadns.net, omex.cdn.office.net, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, europe.odcsm1.live.com.akadns.net, e4578.dscb.akamaiedge.net, eur.roaming1.live.com.akadns.net, wu.azureedge.net, neu-azsc-000.roaming
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtCreateFile calls found.
                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                      • Report size getting too big, too many NtSetValueKey calls found.
                                      • VT rate limit hit for: R_ stampa su plotter SESTE CARNIVAL.eml

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      16:42:28API Interceptor2x Sleep call for process: AcroCEF.exe modified

                                      LLM Input / Output

                                      Joe Sandbox View / Context

                                      IPs

                                      No context

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      bg.microsoft.map.fastly.netpCUif26EC3.pdfGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      https://usps.com-trackrsm.top/lGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      https://t.ly/4Nq2xGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                      • 199.232.214.172
                                      Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      QUOTATION#09678.exeGet hashmaliciousRedLineBrowse
                                      • 199.232.210.172
                                      https://hidrive.ionos.com/lnk/FamigcCEFGet hashmaliciousUnknownBrowse
                                      • 199.232.214.172
                                      http://djaahaf.r.af.d.sendibt2.comGet hashmaliciousUnknownBrowse
                                      • 199.232.214.172
                                      http://www.kristinsacademy.com/?wptouch_switch=desktop&redirect=http://lagunaua.comGet hashmaliciousHTMLPhisherBrowse
                                      • 199.232.214.172
                                      Invoice Ref ++_Donuts.htmlGet hashmaliciousUnknownBrowse
                                      • 199.232.210.172
                                      https://0nline1.logs-trading.site/?O462BZ3P81OgZBKGet hashmaliciousHTMLPhisherBrowse
                                      • 199.232.210.172

                                      ASNs

                                      No context

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.216263807138287
                                      Encrypted:false
                                      SSDEEP:6:mpT+q2PRN2nKuAl9OmbnIFUt8LpeE5Zmw+LpeEtVkwORN2nKuAl9OmbjLJ:m4vaHAahFUt8LkE5/+LkET5JHAaSJ
                                      MD5:4C32E961A553224427CA2A41F66B41BD
                                      SHA1:4532EE0FCE4DB95396CE5D7B3E78C86EFB020CC8
                                      SHA-256:A815778B0FFF876110F00DF0E83884378CDB5742348571A6055D16E53C12F243
                                      SHA-512:14067F375D229ABFD375EAB3B67245C5CA5478FACA53D73B876B0FAF6E38CB77B4BA06C380152EFE89D7676C03709EB86E33FC143E60D4F5A13EE1552BF20217
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/10/31-16:42:15.632 8a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-16:42:15.634 8a8 Recovering log #3.2024/10/31-16:42:15.634 8a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.216263807138287
                                      Encrypted:false
                                      SSDEEP:6:mpT+q2PRN2nKuAl9OmbnIFUt8LpeE5Zmw+LpeEtVkwORN2nKuAl9OmbjLJ:m4vaHAahFUt8LkE5/+LkET5JHAaSJ
                                      MD5:4C32E961A553224427CA2A41F66B41BD
                                      SHA1:4532EE0FCE4DB95396CE5D7B3E78C86EFB020CC8
                                      SHA-256:A815778B0FFF876110F00DF0E83884378CDB5742348571A6055D16E53C12F243
                                      SHA-512:14067F375D229ABFD375EAB3B67245C5CA5478FACA53D73B876B0FAF6E38CB77B4BA06C380152EFE89D7676C03709EB86E33FC143E60D4F5A13EE1552BF20217
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/10/31-16:42:15.632 8a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-16:42:15.634 8a8 Recovering log #3.2024/10/31-16:42:15.634 8a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):334
                                      Entropy (8bit):5.209088359948798
                                      Encrypted:false
                                      SSDEEP:6:mrycMq2PRN2nKuAl9Ombzo2jMGIFUt8Lrh6XZmw+LrmMkwORN2nKuAl9Ombzo2jz:mrnMvaHAa8uFUt8Lrg/+Lrz5JHAa8RJ
                                      MD5:94D0B11A59470030D4179B8D671886F0
                                      SHA1:2F0C0D59507A3731B235B615CEDA589EA4E3B154
                                      SHA-256:4D1BEBAA61CE58F5AA8E2336003E00A24370F7B0A82E6121176E79BFD92D6FA1
                                      SHA-512:118A94EA1205EA57AD848ADAB3525749E53C210C2C98A4648E816D59039860547BC6947EDFFF91F2DDCCAE27ABECD7FF6F77C996B6095FB5DA4F66D43FEC5B75
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/10/31-16:42:15.492 1574 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-16:42:15.495 1574 Recovering log #3.2024/10/31-16:42:15.496 1574 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):334
                                      Entropy (8bit):5.209088359948798
                                      Encrypted:false
                                      SSDEEP:6:mrycMq2PRN2nKuAl9Ombzo2jMGIFUt8Lrh6XZmw+LrmMkwORN2nKuAl9Ombzo2jz:mrnMvaHAa8uFUt8Lrg/+Lrz5JHAa8RJ
                                      MD5:94D0B11A59470030D4179B8D671886F0
                                      SHA1:2F0C0D59507A3731B235B615CEDA589EA4E3B154
                                      SHA-256:4D1BEBAA61CE58F5AA8E2336003E00A24370F7B0A82E6121176E79BFD92D6FA1
                                      SHA-512:118A94EA1205EA57AD848ADAB3525749E53C210C2C98A4648E816D59039860547BC6947EDFFF91F2DDCCAE27ABECD7FF6F77C996B6095FB5DA4F66D43FEC5B75
                                      Malicious:false
                                      Reputation:low
                                      Preview:2024/10/31-16:42:15.492 1574 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-16:42:15.495 1574 Recovering log #3.2024/10/31-16:42:15.496 1574 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\795e6132-e24f-4415-b013-1f9a87d2776d.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):403
                                      Entropy (8bit):4.953858338552356
                                      Encrypted:false
                                      SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                      MD5:4C313FE514B5F4E7E89329630909F8DC
                                      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                      Malicious:false
                                      Reputation:moderate, very likely benign file
                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):403
                                      Entropy (8bit):4.953858338552356
                                      Encrypted:false
                                      SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                      MD5:4C313FE514B5F4E7E89329630909F8DC
                                      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5d13e1.TMP (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):403
                                      Entropy (8bit):4.953858338552356
                                      Encrypted:false
                                      SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                      MD5:4C313FE514B5F4E7E89329630909F8DC
                                      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ad954aeb-0ffc-414d-a203-f9dc077dee28.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:JSON data
                                      Category:modified
                                      Size (bytes):403
                                      Entropy (8bit):4.990470962627203
                                      Encrypted:false
                                      SSDEEP:12:YHO8sqZ2sBdOg2H9caq3QYiubrP7E4T3y:YXsSbdMHM3QYhbz7nby
                                      MD5:29B3EFC65D85E05ABA9EF253E5DA0CC9
                                      SHA1:6D7C0665AABFEA4300A6E771ED46A2D0914EFBC2
                                      SHA-256:A9D6010EA0689B52632F70AAED7A706CCDFCC55ADCB2E036404C0863DA7207E1
                                      SHA-512:21C98624556C269D7F686FDE9B8A9073AC38C100AD3E45F5744927CD5D86E79CE2C7BB9571487D497E3AA7DEC1BD32BA7AE7E0C621C1138247B132C33A960920
                                      Malicious:false
                                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374967341283971","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":248090},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4099
                                      Entropy (8bit):5.228647446549873
                                      Encrypted:false
                                      SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xe+HPz:OLT0bTIeYa51Ogu/0OZARBT8kN88+HPz
                                      MD5:22498E3F19D998EF660858F1D61EEC59
                                      SHA1:2B3BAF9E1989D5EF8043066ABEA42C9A998A4525
                                      SHA-256:C835B8987334D40D89081C142431C874D9ED10599486020B99B301CBC037B558
                                      SHA-512:58743DC8436FBD2C94BCF8DA26B3C6BDCD72C3C379ED2E3D3D1FBBAEBCA3B2AC7C1DDF24BC815CB9097BBC1296791AD398CC5F0C7CF579F9C834D523DA4B66F7
                                      Malicious:false
                                      Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):322
                                      Entropy (8bit):5.232209598255726
                                      Encrypted:false
                                      SSDEEP:6:mpJIq2PRN2nKuAl9OmbzNMxIFUt8LpcXZmw+Lpb2kwORN2nKuAl9OmbzNMFLJ:mnIvaHAa8jFUt8LG/+LE5JHAa84J
                                      MD5:ED5038E164A5CB87DB4939DCCA9F5AD5
                                      SHA1:14F17B9180704A33D08F80E2E5A5770A1ED54D52
                                      SHA-256:8725777FE018263DD419DD05FF17969C3C07B36053A7F3EF2A6895552F8F5F86
                                      SHA-512:A05D22B012EDD3E8F9F988F123CF35F1B5E03A7380875246649C722AB69032A069602EFA3B8A9D3456E633016FA96F117AD514A7F42F0CB67FE1A2E59325A760
                                      Malicious:false
                                      Preview:2024/10/31-16:42:15.658 1574 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-16:42:15.659 1574 Recovering log #3.2024/10/31-16:42:15.662 1574 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:ASCII text
                                      Category:dropped
                                      Size (bytes):322
                                      Entropy (8bit):5.232209598255726
                                      Encrypted:false
                                      SSDEEP:6:mpJIq2PRN2nKuAl9OmbzNMxIFUt8LpcXZmw+Lpb2kwORN2nKuAl9OmbzNMFLJ:mnIvaHAa8jFUt8LG/+LE5JHAa84J
                                      MD5:ED5038E164A5CB87DB4939DCCA9F5AD5
                                      SHA1:14F17B9180704A33D08F80E2E5A5770A1ED54D52
                                      SHA-256:8725777FE018263DD419DD05FF17969C3C07B36053A7F3EF2A6895552F8F5F86
                                      SHA-512:A05D22B012EDD3E8F9F988F123CF35F1B5E03A7380875246649C722AB69032A069602EFA3B8A9D3456E633016FA96F117AD514A7F42F0CB67FE1A2E59325A760
                                      Malicious:false
                                      Preview:2024/10/31-16:42:15.658 1574 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-16:42:15.659 1574 Recovering log #3.2024/10/31-16:42:15.662 1574 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241031204219Z-181.bmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PC bitmap, Windows 3.x format, 106 x -152 x 32, cbSize 64502, bits offset 54
                                      Category:dropped
                                      Size (bytes):64502
                                      Entropy (8bit):1.5336900301497922
                                      Encrypted:false
                                      SSDEEP:192:fjNBww6bpw37wB6RPqh7EoJiEcpekh/PQpAm2:fv76tw3XqViEcpekhHj
                                      MD5:7714800D76AE00CEFD7CBE43E30C7B4A
                                      SHA1:A91E097FC0BCB9FA2FD3B40247CC1489F32FED35
                                      SHA-256:1A1BA3AFD79D4D479964D259C9A6B9E68813AC1C1B00B63C24CE6EBCA7D698D7
                                      SHA-512:BA4A94644EF825379F7BA8538D16379FE8E9A787F08B3A038CE8FEF89B02A793B37D66E478D7D350D8480528D65DEE66339EC6E0A2F06E78EADD0182AE3FAD46
                                      Malicious:false
                                      Preview:BM........6...(...j...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                      Category:dropped
                                      Size (bytes):57344
                                      Entropy (8bit):3.291927920232006
                                      Encrypted:false
                                      SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
                                      MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                      SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                      SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                      SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):16928
                                      Entropy (8bit):1.2137099588769833
                                      Encrypted:false
                                      SSDEEP:24:7+tAvqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Zb:7MYqLmFTIF3XmHjBoGGR+jMz+Lhzq
                                      MD5:8395CCF51B31CBE9DF242789EFE82DA1
                                      SHA1:A69B99F853098C435699982A561A22985D51ACA1
                                      SHA-256:CDCCF1A6A3F5B020F0B0029914A75961EBA496A40815D5DED49D8F9718BF7C2F
                                      SHA-512:4FA138CD55ECC088B4337620957517BFFA1A4C2BAA63932082708F5856A17A1843785E4FA4A4046653F80AD18649632D398FA134B571D112B16973323C4961B6
                                      Malicious:false
                                      Preview:.... .c.......o.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:Certificate, Version=3
                                      Category:dropped
                                      Size (bytes):1391
                                      Entropy (8bit):7.705940075877404
                                      Encrypted:false
                                      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                      Malicious:false
                                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                      Category:dropped
                                      Size (bytes):71954
                                      Entropy (8bit):7.996617769952133
                                      Encrypted:true
                                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                      Malicious:false
                                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):192
                                      Entropy (8bit):2.756901573172974
                                      Encrypted:false
                                      SSDEEP:3:kkFklMymwC31fllXlE/HT8kBllXNNX8RolJuRdxLlGB9lQRYwpDdt:kKV2T8kldNMa8RdWBwRd
                                      MD5:397112CD3667DEC404D4394ED3FF39CF
                                      SHA1:BAFF02EEE95AEA78CEE83A2D34D24B085E1A0149
                                      SHA-256:A94F9CFB80ECD27CD654158CFF4C9F91EACED0092172003AC3231FB28FAC43AA
                                      SHA-512:23C4E27D75FE344CF2776A9338201CF4FAAA42BF9A31200403E8A49292EEFDC3B45B298856F52D646F2B887D0373D0364DE5CEA611046186721DB03667DBB8E1
                                      Malicious:false
                                      Preview:p...... ...........f.+..(....................................................... ..........W.....u..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:data
                                      Category:modified
                                      Size (bytes):328
                                      Entropy (8bit):3.144086598890895
                                      Encrypted:false
                                      SSDEEP:6:kKA9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:TDnLNkPlE99SNxAhUe/3
                                      MD5:FBC6B614DED12AECF2BDFF8814DC5D56
                                      SHA1:29EAD5B3405E46C3632AA265675B56E60664A43B
                                      SHA-256:C169213157D1163243388BCE2AAAF6738E127F7A991CCF763A565E0F2F4386E1
                                      SHA-512:00D7525A92CCE6967562BC2A76735DC02178AF654388CD947B92CBF409D4AD45B75E2120DDAB30D87353DD15461BD4BF8E26BA80F1225AE4E2D3CEFA2ABDB770
                                      Malicious:false
                                      Preview:p...... .........Q.y.+..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3816

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):185099
                                      Entropy (8bit):5.182478651346149
                                      Encrypted:false
                                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:PostScript document text
                                      Category:dropped
                                      Size (bytes):185099
                                      Entropy (8bit):5.182478651346149
                                      Encrypted:false
                                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                      Malicious:false
                                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):295
                                      Entropy (8bit):5.362606728642745
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXJ4fH5yR5IRR4UhUR0Yz5/eoAvJM3g98kUwPeUkwRe9:YvXKXJqyRWRuUhUJ/VGMbLUkee9
                                      MD5:076DE24D3FB49166ADD9F35D0C98C2D7
                                      SHA1:7C4E63CA8852366F133E01F72F78ADAC416CCBAF
                                      SHA-256:7433CE1324B19B2A6F38724BD798A51D12849C5B0D982D7B4B35D5B5153589D3
                                      SHA-512:18A8DD44F4B2D03A5CFB05E1DBC87C16170E593E785948F570599A4E9F9DD7990A5FC78D486AA898E586D0356168EEF3BC906B09023188C99C2AD7856F2850F3
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.3068999149422105
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXJ4fH5yR5IRR4UhUR0Yz5/eoAvJfBoTfXpnrPeUkwRe9:YvXKXJqyRWRuUhUJ/VGWTfXcUkee9
                                      MD5:330EC7445E288A6DBE85D4BAA5294F20
                                      SHA1:909F372A121D8F481DB714184D5AE9F5F14CA3CB
                                      SHA-256:1CF789216952CA7B6B1802EC14AFE33B70905B024EB8990BFBE0D540A10B507E
                                      SHA-512:16E6BA9B2D7657A09065916B43D7079CECD07F9BF3B560D8F1C30C4A319B7349D12C7F3F41D205EB091FD0CA88F1E8D3DDB157965F3AC50226CA3DCBADE5D965
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):294
                                      Entropy (8bit):5.2859793791471725
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXJ4fH5yR5IRR4UhUR0Yz5/eoAvJfBD2G6UpnrPeUkwRe9:YvXKXJqyRWRuUhUJ/VGR22cUkee9
                                      MD5:CF0C9645C23DFE1F22D9BC03A5A9B9CC
                                      SHA1:D23DC63B5E25543D2CB22A2F8B2CC81E5FF351F9
                                      SHA-256:B7BFAE5DC4604838EE76A7C50B9F68864E822FAF88080C2795281CD1730729BD
                                      SHA-512:447B2747F0CBB9FC9559414BAB75C46C77CD1C5321F962116AD0872B0463556C647438099528BD774897B3CEFC6EAF924F0AF42D456248811FD6EE8F5F1F3BDE
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):285
                                      Entropy (8bit):5.350960367991655
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXJ4fH5yR5IRR4UhUR0Yz5/eoAvJfPmwrPeUkwRe9:YvXKXJqyRWRuUhUJ/VGH56Ukee9
                                      MD5:085C2B9216331DEA3BC88481918F0F96
                                      SHA1:DFBA71F0C327B317FADA875A029E16BF406E48FD
                                      SHA-256:182B0E32C8836D2EFF96256734216B6BA6BB2F2553C7D0F789C6C0BB3589156B
                                      SHA-512:B458C9E1D2D7234128501D679EF29035B5246AAEBAF79822C6ADCD9EABFEDA99BE73DBE13424A6169FA63B532B1329C08A51BEED0D630A6B0D954CC80B05F9AC
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1055
                                      Entropy (8bit):5.660338677499225
                                      Encrypted:false
                                      SSDEEP:24:Yv6XAbUkpLgEscLf7nnl0RCmK8czOCCSfU:YvtUkhgGzaAh8cv/s
                                      MD5:1E1397D0F1DAD172B42A37B242DBEE43
                                      SHA1:4A6D9825AA1E8BDC228266C325E079E8C67F47BD
                                      SHA-256:BC2105B84320E131AE45C6BFC41FE251A6F32992F5727E502CACDF43FE4D4900
                                      SHA-512:FEDBC20CA92AD05E2393568365F5A7247168FCD5C353FC2628AA09DA6B1014A33BAE71E336DA0542873F59FCF63C9F75474B6AAFFD7A37F786E29DC9DC26213B
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1050
                                      Entropy (8bit):5.650074691827078
                                      Encrypted:false
                                      SSDEEP:24:Yv6XAbU+VLgEF0c7sbnl0RCmK8czOCYHflEpwiVoU:YvtU+Fg6sGAh8cvYHWpws
                                      MD5:64B14ED1513EDE7F8AB0E41370604B11
                                      SHA1:7A3A8434A311DD749AAE74A3996EB552BF6A980F
                                      SHA-256:36FD023F55E772C6CF2F3BBD8EAF21657FB200838B7E2EA1E336666AEB5DF81A
                                      SHA-512:F89FA3288D2F640259A7CA485EDC40871CC74977B4A663C21EDFFA249AEF18D46C9E305FE22E802380D56E2D1E2FD89979C44FC3A16F12162415C96EBEFE00CB
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):292
                                      Entropy (8bit):5.301222771584111
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXJ4fH5yR5IRR4UhUR0Yz5/eoAvJfQ1rPeUkwRe9:YvXKXJqyRWRuUhUJ/VGY16Ukee9
                                      MD5:D2BA9AC2A156764D11BD6AE18E400D11
                                      SHA1:FA3F026A8BCE78234DC59CA2DE12165DA6FA3349
                                      SHA-256:FC555618DA8144723AE10468EBB9D2AC3A08DA94B1052454F910A165CDA71B4F
                                      SHA-512:AE75342CA8188AB39D7DFE5BA6040285D8DF21B14F3C14A68F33B51952B974EF59C35A012384D0DAB168594413F72C55762B78A97BB036DE161B1F4E74C5E0E9
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1038
                                      Entropy (8bit):5.646116438827228
                                      Encrypted:false
                                      SSDEEP:24:Yv6XAbUL2LgEF7cciAXs0nl0RCmK8czOCAPtciBoU:YvtULogc8hAh8cvAr
                                      MD5:41C5A259085B3DE61AF97AE8FA1641FE
                                      SHA1:49B4136A6B2B6DF0691BA697E85A691C2AF3E724
                                      SHA-256:90871961E81B8E48D55E71440E521D1BEFA4EE9F5DE8FEADF20A5EF4C007B2B3
                                      SHA-512:41BB5D22F89D34530FC7881B2712DB87A27E2EA8FE0111DCBF49CD2EE9C61418ED99A5F232AA598CF93D6963B58F7326FD6D0E78093060A6A9102191A4115030
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1164
                                      Entropy (8bit):5.695875422724625
                                      Encrypted:false
                                      SSDEEP:24:Yv6XAbUHKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5oU:YvtUHEgqprtrS5OZjSlwTmAfSKf
                                      MD5:5F4A07D59D61302F3B0BE8AA33A70256
                                      SHA1:8ABF07EBFA5328C26C45A06559055F87C60BF4FE
                                      SHA-256:024119B0C1C16D21FEE9359B3B33F5C28B961D21918356B738DC159B9F822A6D
                                      SHA-512:1C8133B6B3265FE9AF7BD07B03D5BED3B35FA2FA9A33933ACEDFD37FE218CDF2E7E1784312FDF1B4F23E74FC0506236B04FB8579F127E3710EADE0C9D4290FA6
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):289
                                      Entropy (8bit):5.30484636141662
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXJ4fH5yR5IRR4UhUR0Yz5/eoAvJfYdPeUkwRe9:YvXKXJqyRWRuUhUJ/VGg8Ukee9
                                      MD5:485FC7F81A6BA7D1C0FE299801C9D42D
                                      SHA1:B63EB5528BCBE3F58E39DC2EE86E65F2B5425355
                                      SHA-256:F769156E0BDFA5EFA9DE9F782641E9F7454D84EA7F582F98A7B6EE51AE5B6D87
                                      SHA-512:978F9AA2BC317C60E79F0E12EE3144DEBD69DF33FB422E63A453D1FAB530C2E71B7372E87B849337B834129E511B196D091CC500D605C1165D9234DA1C0B39C5
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1395
                                      Entropy (8bit):5.7730528806546575
                                      Encrypted:false
                                      SSDEEP:24:Yv6XAbUarLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNgU:YvtUaHgDv3W2aYQfgB5OUupHrQ9FJf
                                      MD5:B1753A308C598932D78AE0EC90A70084
                                      SHA1:9A76A0EBB9BD63D146C60ED11434FB17F75A1577
                                      SHA-256:D62CE5BC8F460F4B2F9F316D5A266FACE9F7AC60C3A40A7C5F6BB2AFD1EA132A
                                      SHA-512:0FCB2EBABB3F9941DD1E3E3EA2E09A96DFF98DA577DDFE2100103AEAF8733E523DCBF27E41705963C711995E7846709327EEC7DFE5B922ABBED79FE6DB7EE91F
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):291
                                      Entropy (8bit):5.288360150764595
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXJ4fH5yR5IRR4UhUR0Yz5/eoAvJfbPtdPeUkwRe9:YvXKXJqyRWRuUhUJ/VGDV8Ukee9
                                      MD5:AEB30E7EB589BC96758832F699345E1F
                                      SHA1:4B14D096EC722E38C1D8AA42383ADA90AA32D22F
                                      SHA-256:2C7AC20FEBF582D1E5645B5AAF62CB381EB0937AF4DC795520BC01AF2854292C
                                      SHA-512:DAA9A9585E45286FAD5AD96E3EF0DEBB81ED3ED4565A3AAF1A3A14AC03C2657E229BCB7ACF4C86A62531A6D0B71C3CCAA2CD74B165411CFDE64E73D45DD4690E
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):287
                                      Entropy (8bit):5.291808551957485
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXJ4fH5yR5IRR4UhUR0Yz5/eoAvJf21rPeUkwRe9:YvXKXJqyRWRuUhUJ/VG+16Ukee9
                                      MD5:75C189B1E5334B3D64A1DFAD268C84AB
                                      SHA1:78C8DCDBF7A47CFF228545ACE026268DD2262E0B
                                      SHA-256:71EF95B0DBE8F962724FFE963920041211827CCFF51B529A35CFC4BAABB02567
                                      SHA-512:2AA68BD53E398B264A3DB0C1CD5C76718F1AEEBBD4DED0BDCFA17071E2F2488FB35D42A1D4939C12D3DDDDBB48A86B56F5A2735AE792C07DE015687DA07C4DEF
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):1026
                                      Entropy (8bit):5.630380532468325
                                      Encrypted:false
                                      SSDEEP:24:Yv6XAbUAamXayLgE7cMCBNaqnl0RCmK8czOC/BSfU:YvtUGBgACBOAh8cvMs
                                      MD5:03E133CD41C8489C64C6A9289FD4027E
                                      SHA1:926AE3EE836312E92F532471A51A40F8D6E0F415
                                      SHA-256:35671C2F5B04A4AC4576305C9484BDDCDD42BAE1E86FAA4A0E0EF024F1C838B5
                                      SHA-512:393D8C2A6F93F289D3A3A52C462FD3A9D96601AB3F8FFC6888E02791605D2202BDB2023F3093402289B5C8501335B32645A6BE00EECDC7D9D0D64F7B7FF3E3CA
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):286
                                      Entropy (8bit):5.270298812103444
                                      Encrypted:false
                                      SSDEEP:6:YEQXJ2HXJ4fH5yR5IRR4UhUR0Yz5/eoAvJfshHHrPeUkwRe9:YvXKXJqyRWRuUhUJ/VGUUUkee9
                                      MD5:D501B5AE81BFC9D2095D8F56C25A7192
                                      SHA1:D659402FE7290A1898881A984EBE33C55CAB3150
                                      SHA-256:EFD11A631D1787B563823D4DF2A8F169B28D295556549E5B81539BF293199DD9
                                      SHA-512:C31BA52B2C56A724EE0D40BD8DB2D12D1797B14591B076C7A05F4C961E1E6FFE14DBACF93872151C7EBB614D29C2A5B973DC5011480D93897C07CE271CF72AAA
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):782
                                      Entropy (8bit):5.371249886679449
                                      Encrypted:false
                                      SSDEEP:12:YvXKXJqyRWRuUhUJ/VGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWMU:Yv6XAbUv168CgEXX5kcIfANhfU
                                      MD5:6FA2CAD8223505FFC143E4E253862C43
                                      SHA1:AE6372B08B961A03805ACFD64D672883B9098002
                                      SHA-256:05DFAE1F6980C5AB390E072A1729FABCEA01B7103A289EE130795690C1E69EE8
                                      SHA-512:B7C0F4F2E4A54AB334CBD194D5CDA345B3C2A3686730E1225DEC0E5291D0D4256B792E237C3EB09F51977F479E7548756A489028BC61CD26833043845A8F554E
                                      Malicious:false
                                      Preview:{"analyticsData":{"responseGUID":"c67a4ffb-b77b-4e74-b53a-1fc2e3b4e0e5","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730580906358,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730407341392}}}}

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4
                                      Entropy (8bit):0.8112781244591328
                                      Encrypted:false
                                      SSDEEP:3:e:e
                                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                      Malicious:false
                                      Preview:....

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):2818
                                      Entropy (8bit):5.129803277401132
                                      Encrypted:false
                                      SSDEEP:24:YA+26mO1aBUayBn4DjSUEoXZwGC/eGY4AKI++FmIG2jfzosj0S40+Phx2c1n82Lt:Y5NAzGv5AH7s+ijn8vla8PA99
                                      MD5:280BC2200407DF3E6F144C09AB276C32
                                      SHA1:62D02D846E6123A702A5614FFFAD7BFD45B0B0A9
                                      SHA-256:BCB4BC97F6BC4247B2762AFF17A20BB3DC7E3CA9EDD7B2B02F37922C650735FA
                                      SHA-512:77608177BB28430931EAEE111F535594FD17E73CEB1048D377D66445E355845C9DD500709740A32E0EF5B3539443555FA99A5C315DF87C8EC667A4E142F7D7DF
                                      Malicious:false
                                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"78b4f1edfe82fe9106daa3ad10477659","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730407341000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"69feac7b8629cf8b7d0c8c78f1bdd8c7","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730407341000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"59576d07f1b2579140272727b217c58d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730407341000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"ac053786bc6b8d12e584354d4380f1d3","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730407341000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"0a722e35f1af909f65a68f5dd9a3491c","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730407341000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"17b9f02a339e65c8840d250a537fe513","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"t

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                      Category:dropped
                                      Size (bytes):12288
                                      Entropy (8bit):0.9884510280498394
                                      Encrypted:false
                                      SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6QeNnaIcLESiAielnaF:TVl2GL7ms67YXtrncI8w
                                      MD5:0089664DDC454F1E15CA6ACB4C3F9A45
                                      SHA1:CF6CE2A76E6FEF71B3CCDB8516222AD32E3DF5A8
                                      SHA-256:A26986766047E914CEE5DD7FB51AD9FB54A5649E2F7597246A56A35309847AF2
                                      SHA-512:B9100670B6DDC0DD955A7B3506CA5DAE78F0C3D7AAA6FE059BF63399984C7D2212C5174901077320286A12260F9C2C13E8F856D815F4DA587C05DFDE0188B3C5
                                      Malicious:false
                                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):8720
                                      Entropy (8bit):1.3447194163059557
                                      Encrypted:false
                                      SSDEEP:24:7+tCASY9QmQ6QeNna7cLESiAi0mY9QqqLBx/XYKQvGJF7urs2:7MClYXtrkcI8KYfqll2GL7ms2
                                      MD5:F1D86FDF938E0257329E1D2FA3AE6A2D
                                      SHA1:D2424115A875E15A8D2F5B254028E2968751B235
                                      SHA-256:D54880C33F1711B5B53A3AFD18E9AAD9A77F25212731D9D4E3F0BA0BABBD1552
                                      SHA-512:34BED2C38404D3ADA1960C0DE9393A9BF2BE4DD30F2D749E10482F934A003D3F7711E037114F2A1ABD842FB0145B3C735F7ABEAEC02CB458D5EB4FB07C5401BD
                                      Malicious:false
                                      Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):231348
                                      Entropy (8bit):4.3809717199059275
                                      Encrypted:false
                                      SSDEEP:3072:vIgN9dgVmiGu2WqoQMrt0FvOj1u9jSPy7H:vXemi2jQ1u9jSPyD
                                      MD5:7DEDAE5E01148F3A7AE2EA273E5CA57A
                                      SHA1:47DEFD16BD2AB73D63BF3222A7E2D13146A19F8B
                                      SHA-256:A3876E5B841055EDDBC9BFB0FE5B5BA0B1E694C30C223611BB3FEBBCF05E7004
                                      SHA-512:E3AF487A148A8809AB4C33FB4F8F3DFA4E90A0CC2AD50C13D45991EC7F9DD1098C3A1B4A3235FFC76EAE7532D25B6AAA4BC66481FF87D47E871186153B17D0E9
                                      Malicious:false
                                      Preview:TH02...... ... H.+......SM01X...,...0Q.H.+..........IPM.Activity...........h...............h............H..h..y.......<m...h............H..h\cal ...pDat...h....0.....y....h...............h........_`Pk...hW...@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. h........ .y...#h....8.........$h........8....."h..............'h..............1h....<.........0h....4....Uk../h....h.....UkH..h....p.....y...-h .......L.y...+h..........y................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                      Category:dropped
                                      Size (bytes):322260
                                      Entropy (8bit):4.000299760592446
                                      Encrypted:false
                                      SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                      MD5:CC90D669144261B198DEAD45AA266572
                                      SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                      SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                      SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                      Malicious:false
                                      Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:ASCII text, with no line terminators
                                      Category:dropped
                                      Size (bytes):10
                                      Entropy (8bit):2.7219280948873625
                                      Encrypted:false
                                      SSDEEP:3:LcM:gM
                                      MD5:24AAE1678124C8CA173CEDCF2D06977C
                                      SHA1:BC0BF94A7E2B1A63F0447397557873FC56D376A7
                                      SHA-256:88D8CB828692998C4F105A3402DAFDD2FC8BEE569B1CB3753BAE38A3F44362BF
                                      SHA-512:194F9FD344065048F2811EB980AB20C0EAF64FB0479FEE02C5BCA443B5974282A9FCEA3D15B9DA29D142096CF1CB9A8449AAB513CF4AA16B3C9BEEE15BE6C8DF
                                      Malicious:false
                                      Preview:1730407329

                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\346BA20C-BF5A-4959-9BAC-86A5C6EC1ADD

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):180288
                                      Entropy (8bit):5.290996689729061
                                      Encrypted:false
                                      SSDEEP:1536:si2XfRAqFbH41gLEwLe7HW8QM/o/NMOcAZl1p5ihs7EXXOEADpOoagYdGVF8S7CC:2Pe7HW8QM/o/aXbbkx
                                      MD5:39A288654E94B3C9422EE7B248428284
                                      SHA1:31F0D98FE824140FF4EA032783B8F7A4586E30E0
                                      SHA-256:66156923A943BCB7A1965937C2E0425822F7E8005AEAC5EC807636816CC77CF9
                                      SHA-512:D36750A10524F4839F1E14F04A03E9F80052040A6C7266141EC81B83CCBA3C62406EB815E0D92E57B5972AFBBEA6F4CC3E710F8509C7D2D5790A0C603CAC47C3
                                      Malicious:false
                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-31T20:42:05">.. Build: 16.0.18223.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                      Category:dropped
                                      Size (bytes):4096
                                      Entropy (8bit):0.09216609452072291
                                      Encrypted:false
                                      SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                      MD5:F138A66469C10D5761C6CBB36F2163C3
                                      SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                      SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                      SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                      Malicious:false
                                      Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:SQLite Rollback Journal
                                      Category:dropped
                                      Size (bytes):4616
                                      Entropy (8bit):0.13760166725504608
                                      Encrypted:false
                                      SSDEEP:3:7FEG2l+1rIK/FllkpMRgSWbNFl/sl+ltlslVlllfll+Fn:7+/log9bNFlEs1EP/OFn
                                      MD5:3C53EE9A20DF72393253257A746DA794
                                      SHA1:F9968C1D5789C48AB403687EA45F8F3E152497EA
                                      SHA-256:510D63BA473305E267FB29B7B4C228CE7FEBBB5CAB98B73A436A275F92AE1930
                                      SHA-512:2B32410CE79D62262FB3577CAD4146C89B328D43B72009A4A6D1ED84B3927676304AA226C17D762FE403F83AC3D264159EE618DD45431A2A2FF7814951967C87
                                      Malicious:false
                                      Preview:.... .c.....P..`....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):32768
                                      Entropy (8bit):0.04474441261042196
                                      Encrypted:false
                                      SSDEEP:6:G4l2HOldXPYynl2HOldXPYyaL9XXPH4l942U:l2qdXgyl2qdXgya5A0
                                      MD5:757C1640E58713BC73C545935565625F
                                      SHA1:C01B9DA35505A468271228616DC628E765FD4488
                                      SHA-256:ACA01DC75F02025C03D94D1ABF597946EB5191696CD6FA932815616877A46478
                                      SHA-512:48E8D276B865C11C3FF263C4FAD3BE2DC43585972A8452AF04CBD797DC225B59E0B78619D21DEB28D1A957C2A85406393E6ECBDFF820CE5256908F52B0F861BD
                                      Malicious:false
                                      Preview:..-.....................m..+..|.{..`f....W.}...-.....................m..+..|.{..`f....W.}.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:SQLite Write-Ahead Log, version 3007000
                                      Category:dropped
                                      Size (bytes):45352
                                      Entropy (8bit):0.39616757273953945
                                      Encrypted:false
                                      SSDEEP:24:KjAQ3zRDQhUll7DBtDi4kZERDmbzqt8VtbDBtDi4kZERDz:mAQ1UhUll7DYMuzO8VFDYM
                                      MD5:B523652475F00F86D81945312B2BF705
                                      SHA1:966A4421660FAAEA297C60E9CFB16FC0A45E20B8
                                      SHA-256:410ACD55FBEE3A32C767E38AB04EBFFF61CA9E73CB91DFDB11978F568AB0D7DF
                                      SHA-512:929D41A02E68267308F5E6C4D1A6FDAA2B8DFE4B90377FEF19765B7FD6DFEAC92EF6859E6154D7156621BC6A1039731C84AC457FF01135974C08F44DA58EBA0D
                                      Malicious:false
                                      Preview:7....-..........{..`f...5..|&..........{..`f.........Y+SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1F171B19.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):882
                                      Entropy (8bit):7.685339557961777
                                      Encrypted:false
                                      SSDEEP:24:o/2x+Q1N9aKf8+ToXH6DbwgrzzyUYLyYSlavi8mq:9+gfRfoXU/zzynLyvlQi/q
                                      MD5:3C9A18F0691B2DEF6EB4259CF12ED9BA
                                      SHA1:5AE8221D24143C8EC7F18087ABC559C61B6CA399
                                      SHA-256:9F09762D94A0FE51E5AF52D6E18159523F8244FEE2DE0284D025FA98A562791E
                                      SHA-512:2A04F25A0BC956F286E20FF517B46E092316B3510E18BA1527CBF673AD7113F8EFD893BBBC41A9FD2F93202F69D023DD1FD4F4DB754BBF3CF042EB3026993C58
                                      Malicious:false
                                      Preview:.PNG........IHDR.............rP6.....sRGB.........gAMA......a.....pHYs..........+......IDAT8O..kH.Q...wfvW.|..u.F...PT.AQ..K.D/. *..>.B(."....... .PPF.RZV.&.v.L.....=..n......9.s.s.3..$V.#.>.U"rU.....9y..z...3.....a........`b....r.p.)....>..'...4.....m.JD.M*....G.F2..@P.N.)M......D....P...Q.*V..wwM.4n1.'.S.|......%.....>....._=....\...W".p"vM[.....-.u"....j...>.{.`...f..8.4F.v..:.^.[..?!.=...P....5..Sz(........./.S...vs.Y.4..3B..@c..aRfF.}K8..t...f........w..m]O../p....b..R.....t.Cb.((......c...Qb.h......R.H2..U4...`H\.e:./..@4(.....f.T...@.(.!.. .....H.!.!..H6C...}..g.qv...8I*..E[..v......[.'.3(%..i....N...z..~}....zfu$..vo\.h&.r.`E.94.Z9b.T3..gw....X....6#wg........5.e........#.I5K`......F\:5Z...nF....)....io..I@w..b.....B....W..A.........&t.~y's.pT0n...P..G.x.Y_.r0........c}l......4|.b...4.)q...L.....W..8..&....:...S.....IEND.B`.

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\20BE0D6D.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 659x90, components 3
                                      Category:dropped
                                      Size (bytes):51302
                                      Entropy (8bit):7.971667680202935
                                      Encrypted:false
                                      SSDEEP:768:umFa4DySrQGvfgDIrtLOa8zP6MoqOrtxi+B0LBcnEI+jDF05G9w4xyLUUaae:umFasPECfgDqtqOMovxj0u3yZcyyYwe
                                      MD5:18B9643A605705FA456995D8279D286B
                                      SHA1:D441B6F133D798BEECAFFC3421F1D0B95D77E6FF
                                      SHA-256:26CAAAD0F7C250D08187E43A94454FFE91E7B3B7BB221F5EEBB7FB0C6F001E55
                                      SHA-512:55B6AE3C635AB2323A40063CBD5081EDA8EA1C0560A1B6B4C12A111D2FDAFCF5EEA3E653C171994167F216FEB3EBC850C2072F3983FAE61CF1798C96A11C11AF
                                      Malicious:false
                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................Z.......................................................................................................!...."...X.1..w9A.#.6V....8.yQv7W....)Yia2B3$Ux.:b%5e..qRS.4dE'........................!..1..AQa"q..2.U.....B#.4t.u6..Rr.3s.T.5&V7..b.....eW..Cc$....Sd......8............?......yfn.Z.....b..A.b...].j>MYY.Ud..Q....E#.t.)DJR.B...KXk.OA..h..^n...JA..C..j...4.~.....a...J ..N1..:....g.=ke.!.....+YRq..`.&>..l....y(.r$C.j.%_p.....|=.""....k...T.juM..T....A.C.!......m...SX....2\.*$.z..Ry"...v...p....S...[..?X~..~R?.............v...p....S...[.....t..........p......N.......{/..q........8|_..V.....C.).......Oe...n<?X~..~R?....o....S.H~E;Y....t........:..G...~..Z.~J....k?....=..U...a..A.H..>/..W..O.!...g.............?X.?).....7.j..).$?".....?.?.._.V........#.p..F..\?%?...S.....G....

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\32569EC2.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):1052
                                      Entropy (8bit):7.754173484941769
                                      Encrypted:false
                                      SSDEEP:24:zZ27Omh/vfJwFxDKsJeUcoFayK1fEtN+cQ3O7O3eWRkOXN/NCRK9:nq/HexAyOfEl4OS3YOd/NCRK9
                                      MD5:06983AA07E45AC34F142B622C4768F0E
                                      SHA1:3BE36BB6E4E6EC1CD3AAF81692F69596120DABEE
                                      SHA-256:21BD332EBB254D1001731573292FD2C5D58AFEF23D52FA5662DF90097D0CD510
                                      SHA-512:98FADEE8DCB9C0DB53459B5BBDAA99ECEA8FE608185327AD783F3470057BE99BB8D8926CBCFAFF0DD2F204E9B12F75CB3EF45FC1C8F7E6C6942B97D4B84A7DB4
                                      Malicious:false
                                      Preview:.PNG........IHDR.............V.W....sRGB.........gAMA......a.....pHYs..........+......IDAT8OmTkh.U.>....&.Ml.}.....Zk[c.(U...."I..a.U.......R.....`Kc...%%T">.PB0...M.v..i..cw.><3N....2..9.{.|w........'... d..*0y.....H......+.4.\mW....F=...F...Ph..@..*.y..^.;.y`.........~..... u....R.S.Q.H`.9..X..Y.<...x./...i.8.w...n.........oI.}z........e.jQ7Rz.Z..u.._...Uu.VF.O<u....bz..p...;>F.Z.4....Qj1.S.GuM.gq..u ..\....r[.R.7.._..P$<H....h..7....#.0N..k_.{0..^0.,....5...C.MO(..z.f....:..............O..srqq,:.^.i....|)}........J..N0..}<`}..\H.....|z.....J.O.1..).l.,o..,3..q.B.V.Q.E...F..p._t.......q..Z7k...F.f....q.]....._.9B.1va...........$#.T...l....VC.S.......TW4G..]....C..D.nu....#(`....U...gH.|........ef.s.n ......|r..\xg......X>.......@_8X?.7.4y..U..T.w.2..G@:...5..b. }.N../.2O....s...M.....9..Xub..R:.%T.w.6.\.?MC...'.amh...Zh..5...U....X'I...i.&.0J......}.K+O..z.R..,R.2...VJlVe.A..3...`.Ui@../..V.P..w./])...{.3;.:.....P..{![..d.d.!H..O.).%...Z

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\410C7C7D.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 166 x 35, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):3167
                                      Entropy (8bit):7.916434050322473
                                      Encrypted:false
                                      SSDEEP:48:1VIx8ZDib/Yu+VIpxxkVVm6K02+9zTExuPG8uLnL3nGzcdSFWua5M:1iFcxqxK26KZ+hQxuLHzcQFWJC
                                      MD5:1451037937D98B286D900E836E1D0529
                                      SHA1:8BF22227F5D0F7E8A8BD192CE027D63CD6A416C1
                                      SHA-256:91770D739A042E364319F7ECF3474DFAD9A021FE9CAF16B6D6F822049485FA07
                                      SHA-512:4291F618D9C6F6A9B4C1F6851AF38FB58F22FAAA648F71C7835E7ADA8B4C486710C5E65E850485A9FD0AD0CD1F1ED3340E5174E60C3CFC54A7B5C95E44C6C25F
                                      Malicious:false
                                      Preview:.PNG........IHDR.......#.......q.....sRGB.........gAMA......a.....pHYs...#...#.x.?v....IDATx^.{pT.....n6.!.%..(.T...:b.&...j[.8.Ck........L....R|U[..N;S.....XQl..C....H.PZ.0.Q...+.....{..${.>.K....e..{........t....}..5.n.\a.o..C.....%...&..%............9{yz5^....!.B.'.~..D.o......].........=......-......A.N5.0.B.........EQ............!. h(.;.O.c..BC /...C..{.m.=v.5..bhT..4...-.J..C.....o..A......~..+....C.1..=.?.oCl.....1..A.A4.e.d........O...k.w..B.^..x.t'4.....]....!..-(O.....$_..v7.^..|..'r=....}......w.M..b.I^.h ..-..G..[.....K...q6........Y.(=.?!z.x~.=..B.......:.{.....bL... z..!.R<....m.k4;.S......1........*=....7.Z.M......?/B/B.U..i..#.Z........c4.-...1/.C..Q.#..r....2,t. ...C}............9.!6..Nln.@...j.......BG...C.th7...(D....0.M...a.........TA.^..1^.A.....!..H.f.l....hd,t6....@...w..8.fx.D.....s..1e.DNCWB<..l.ip....}.5GAl....o^...~~.b.k8D#d.Jx}V.xC.'e..... .(..4xV.<}..&cE..CBO.../........M:=W#D/D.;..'..4...D#cs....t%....&.=m..&.t...C....x.M

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\471C3C4B.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 112x85, components 3
                                      Category:dropped
                                      Size (bytes):2407
                                      Entropy (8bit):7.7512918199974035
                                      Encrypted:false
                                      SSDEEP:48:3iWxuERAzMyKl6LVO7xmFg0F4ziioOuBATmmOFlBv7L4i4CsEzY4Ocub775e:yE7gA7QFhFqiw+kmRFj9icuf7A
                                      MD5:5D6B262B07E9BCF40BC23E13C1375AF3
                                      SHA1:F51B7A468C5D64F049AA4AAA292448F4F9DF9700
                                      SHA-256:71333029707314064E325FB1D71746759159DDCF0273513EFA2A3D79043B3A2F
                                      SHA-512:5A1ACD591E9373952DA422C9BC83534DAF37C8E39A8B1C5959F4B33C75AEB178D85C8DB6F9B95DA89D35624A796A20B451E1C117AEC50F26A9E9D99F0B78F85F
                                      Malicious:false
                                      Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......U.p.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...2i(.?z.&..J(.rh....&..J(.rh....&..ZJ(...........m.[?......Z....f}[e..q"-.k.>V.k^.I...o.c.Am{....TQE..E.P.E.P.E.P.R...w:Ak..L...jY.....O..E.......i.F..<..dPgZR.$....._.>.q......F.....2p.s.W._MI....&..^..6...Po)....?.....>.I../QR..C....G..3...F.S.)E5.M^.z...I...c.@.ff...}...6..2.._^.....F.].2...............0$.BG#.|..a.j.....w.9.-.QA..QE..R.I......~.x

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4D02791.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):1052
                                      Entropy (8bit):7.754173484941769
                                      Encrypted:false
                                      SSDEEP:24:zZ27Omh/vfJwFxDKsJeUcoFayK1fEtN+cQ3O7O3eWRkOXN/NCRK9:nq/HexAyOfEl4OS3YOd/NCRK9
                                      MD5:06983AA07E45AC34F142B622C4768F0E
                                      SHA1:3BE36BB6E4E6EC1CD3AAF81692F69596120DABEE
                                      SHA-256:21BD332EBB254D1001731573292FD2C5D58AFEF23D52FA5662DF90097D0CD510
                                      SHA-512:98FADEE8DCB9C0DB53459B5BBDAA99ECEA8FE608185327AD783F3470057BE99BB8D8926CBCFAFF0DD2F204E9B12F75CB3EF45FC1C8F7E6C6942B97D4B84A7DB4
                                      Malicious:false
                                      Preview:.PNG........IHDR.............V.W....sRGB.........gAMA......a.....pHYs..........+......IDAT8OmTkh.U.>....&.Ml.}.....Zk[c.(U...."I..a.U.......R.....`Kc...%%T">.PB0...M.v..i..cw.><3N....2..9.{.|w........'... d..*0y.....H......+.4.\mW....F=...F...Ph..@..*.y..^.;.y`.........~..... u....R.S.Q.H`.9..X..Y.<...x./...i.8.w...n.........oI.}z........e.jQ7Rz.Z..u.._...Uu.VF.O<u....bz..p...;>F.Z.4....Qj1.S.GuM.gq..u ..\....r[.R.7.._..P$<H....h..7....#.0N..k_.{0..^0.,....5...C.MO(..z.f....:..............O..srqq,:.^.i....|)}........J..N0..}<`}..\H.....|z.....J.O.1..).l.,o..,3..q.B.V.Q.E...F..p._t.......q..Z7k...F.f....q.]....._.9B.1va...........$#.T...l....VC.S.......TW4G..]....C..D.nu....#(`....U...gH.|........ef.s.n ......|r..\xg......X>.......@_8X?.7.4y..U..T.w.2..G@:...5..b. }.N../.2O....s...M.....9..Xub..R:.%T.w.6.\.?MC...'.amh...Zh..5...U....X'I...i.&.0J......}.K+O..z.R..,R.2...VJlVe.A..3...`.Ui@../..V.P..w./])...{.3;.:.....P..{![..d.d.!H..O.).%...Z

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4DE66B6C.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 112x85, components 3
                                      Category:dropped
                                      Size (bytes):2407
                                      Entropy (8bit):7.7512918199974035
                                      Encrypted:false
                                      SSDEEP:48:3iWxuERAzMyKl6LVO7xmFg0F4ziioOuBATmmOFlBv7L4i4CsEzY4Ocub775e:yE7gA7QFhFqiw+kmRFj9icuf7A
                                      MD5:5D6B262B07E9BCF40BC23E13C1375AF3
                                      SHA1:F51B7A468C5D64F049AA4AAA292448F4F9DF9700
                                      SHA-256:71333029707314064E325FB1D71746759159DDCF0273513EFA2A3D79043B3A2F
                                      SHA-512:5A1ACD591E9373952DA422C9BC83534DAF37C8E39A8B1C5959F4B33C75AEB178D85C8DB6F9B95DA89D35624A796A20B451E1C117AEC50F26A9E9D99F0B78F85F
                                      Malicious:false
                                      Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......U.p.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...2i(.?z.&..J(.rh....&..J(.rh....&..ZJ(...........m.[?......Z....f}[e..q"-.k.>V.k^.I...o.c.Am{....TQE..E.P.E.P.E.P.R...w:Ak..L...jY.....O..E.......i.F..<..dPgZR.$....._.>.q......F.....2p.s.W._MI....&..^..6...Po)....?.....>.I../QR..C....G..3...F.S.)E5.M^.z...I...c.@.ff...}...6..2.._^.....F.].2...............0$.BG#.|..a.j.....w.9.-.QA..QE..R.I......~.x

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4E9DC72E.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 659x90, components 3
                                      Category:dropped
                                      Size (bytes):51302
                                      Entropy (8bit):7.971667680202935
                                      Encrypted:false
                                      SSDEEP:768:umFa4DySrQGvfgDIrtLOa8zP6MoqOrtxi+B0LBcnEI+jDF05G9w4xyLUUaae:umFasPECfgDqtqOMovxj0u3yZcyyYwe
                                      MD5:18B9643A605705FA456995D8279D286B
                                      SHA1:D441B6F133D798BEECAFFC3421F1D0B95D77E6FF
                                      SHA-256:26CAAAD0F7C250D08187E43A94454FFE91E7B3B7BB221F5EEBB7FB0C6F001E55
                                      SHA-512:55B6AE3C635AB2323A40063CBD5081EDA8EA1C0560A1B6B4C12A111D2FDAFCF5EEA3E653C171994167F216FEB3EBC850C2072F3983FAE61CF1798C96A11C11AF
                                      Malicious:false
                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................Z.......................................................................................................!...."...X.1..w9A.#.6V....8.yQv7W....)Yia2B3$Ux.:b%5e..qRS.4dE'........................!..1..AQa"q..2.U.....B#.4t.u6..Rr.3s.T.5&V7..b.....eW..Cc$....Sd......8............?......yfn.Z.....b..A.b...].j>MYY.Ud..Q....E#.t.)DJR.B...KXk.OA..h..^n...JA..C..j...4.~.....a...J ..N1..:....g.=ke.!.....+YRq..`.&>..l....y(.r$C.j.%_p.....|=.""....k...T.juM..T....A.C.!......m...SX....2\.*$.z..Ry"...v...p....S...[..?X~..~R?.............v...p....S...[.....t..........p......N.......{/..q........8|_..V.....C.).......Oe...n<?X~..~R?....o....S.H~E;Y....t........:..G...~..Z.~J....k?....=..U...a..A.H..>/..W..O.!...g.............?X.?).....7.j..).$?".....?.?.._.V........#.p..F..\?%?...S.....G....

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4EDD7157.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=591, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1181], baseline, precision 8, 472x236, components 3
                                      Category:dropped
                                      Size (bytes):63377
                                      Entropy (8bit):7.749318190420506
                                      Encrypted:false
                                      SSDEEP:768:3VH95lC9zVTAMCBnwwR2L+ZFf76ynZDtOb+aZAxhQDkrEOe9ydM9W4Jw2L1iU6wp:FEToBG+ZF5dtOd0QDxkWrJLHjM4RyC7
                                      MD5:BC5DC27521AAF7EE5F7471454EAFBF51
                                      SHA1:FFB025199ABB338CA362BC29FBFEE3F4341D031B
                                      SHA-256:D8FAF2EC686C3D8B4606EB056633439BE5409B755A25C75D3969A12112F7526A
                                      SHA-512:A41EEE7D60A32B8A675DCEE63012714D4D50AF02BB6731A4C42DEA5663100704B56C7D581A288BC9140C04895BD5F016D2B391019A379D293603DC7D6069F1BB
                                      Malicious:false
                                      Preview:......Exif..MM.*...........................O...........................................................................(...........1.....!.....2..........i.............$.......-....'..-....'.Adobe Photoshop 21.2 (Macintosh).2020:07:02 17:18:25..............0231..................................................................r...........z.(.................................~.......H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................8.q.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...u.a_f+..A....}.~.....b.._.3.t.....V..o../g..X.>..2..j...e1.neT....f....

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\63181978.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 18 x 19, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):763
                                      Entropy (8bit):7.606734686199198
                                      Encrypted:false
                                      SSDEEP:12:6v/7J/tkOynLulDOc6Vi9vBm4DL/l06YkC+tFFsiiTNDobHn+aIiPaYbhedpFlZG:uHhOcgi95m4Dq6M+CiaU6iPdbkb1DC
                                      MD5:0604A1D7D0303382026338A44FA4B38A
                                      SHA1:4C6109CA6CC751C6A21802EA39EA0CD5C87DBADF
                                      SHA-256:D25137B3A8D83AC3B0EF4EE375ECBFF8248344B66B0D8A3ECA4770E6073EBF97
                                      SHA-512:F0DE6751D555352AED3B58758870C47261BDA2CF49FA94D18FE3590BF2DE97A7E251EBB90E7BED437CFF1BF98A7F6D4A6C07472CA16975EA0C6AAE508388D981
                                      Malicious:false
                                      Preview:.PNG........IHDR...............].....sRGB.........gAMA......a.....pHYs..........+......IDAT8O..OH.Q.......2..n..R.!b.K...A...........=H....%0:T.........F.D.$.a...n.n.N.;3.7.k]...a...o.w~.....U`.W.....:...t.TF,.Qd.......h....w1..,.P..,.$..........f...eF_.G.fr..rF..J#.1I.......e..s...$..0..V.Q2.......VN..TS.....2q....Q...=p..-T^..H-..>..r....b.....j.P.FQ....m.!5..E.Y.1.:o...w:=..)^..^-.....`.2C..<............V.QobvG).."..C.4...!.4.`P....).."BZ.. 0...Cv.j..W.Q.Zz.L7"..tU...(.zH.v.A.|P.6.VU%...D.5./...'..j...g...@.i..Y.F.D.E..c.+..w;6.5.'..`.+!T...V...>..G...D_..tOh..".......U|.(.Xq...#0.r..+....`...np!....q...`.....#.6}....,b..l.g.L..?B.S.3.J. ....5......Ne...hD.P......&..**d..t@.....W...SE..B.#...c..._ZS.f........IEND.B`.

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6A9441F.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=591, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1181], baseline, precision 8, 472x236, components 3
                                      Category:dropped
                                      Size (bytes):63377
                                      Entropy (8bit):7.749318190420506
                                      Encrypted:false
                                      SSDEEP:768:3VH95lC9zVTAMCBnwwR2L+ZFf76ynZDtOb+aZAxhQDkrEOe9ydM9W4Jw2L1iU6wp:FEToBG+ZF5dtOd0QDxkWrJLHjM4RyC7
                                      MD5:BC5DC27521AAF7EE5F7471454EAFBF51
                                      SHA1:FFB025199ABB338CA362BC29FBFEE3F4341D031B
                                      SHA-256:D8FAF2EC686C3D8B4606EB056633439BE5409B755A25C75D3969A12112F7526A
                                      SHA-512:A41EEE7D60A32B8A675DCEE63012714D4D50AF02BB6731A4C42DEA5663100704B56C7D581A288BC9140C04895BD5F016D2B391019A379D293603DC7D6069F1BB
                                      Malicious:false
                                      Preview:......Exif..MM.*...........................O...........................................................................(...........1.....!.....2..........i.............$.......-....'..-....'.Adobe Photoshop 21.2 (Macintosh).2020:07:02 17:18:25..............0231..................................................................r...........z.(.................................~.......H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................8.q.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...u.a_f+..A....}.~.....b.._.3.t.....V..o../g..X.>..2..j...e1.neT....f....

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6D5D741C.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):882
                                      Entropy (8bit):7.685339557961777
                                      Encrypted:false
                                      SSDEEP:24:o/2x+Q1N9aKf8+ToXH6DbwgrzzyUYLyYSlavi8mq:9+gfRfoXU/zzynLyvlQi/q
                                      MD5:3C9A18F0691B2DEF6EB4259CF12ED9BA
                                      SHA1:5AE8221D24143C8EC7F18087ABC559C61B6CA399
                                      SHA-256:9F09762D94A0FE51E5AF52D6E18159523F8244FEE2DE0284D025FA98A562791E
                                      SHA-512:2A04F25A0BC956F286E20FF517B46E092316B3510E18BA1527CBF673AD7113F8EFD893BBBC41A9FD2F93202F69D023DD1FD4F4DB754BBF3CF042EB3026993C58
                                      Malicious:false
                                      Preview:.PNG........IHDR.............rP6.....sRGB.........gAMA......a.....pHYs..........+......IDAT8O..kH.Q...wfvW.|..u.F...PT.AQ..K.D/. *..>.B(."....... .PPF.RZV.&.v.L.....=..n......9.s.s.3..$V.#.>.U"rU.....9y..z...3.....a........`b....r.p.)....>..'...4.....m.JD.M*....G.F2..@P.N.)M......D....P...Q.*V..wwM.4n1.'.S.|......%.....>....._=....\...W".p"vM[.....-.u"....j...>.{.`...f..8.4F.v..:.^.[..?!.=...P....5..Sz(........./.S...vs.Y.4..3B..@c..aRfF.}K8..t...f........w..m]O../p....b..R.....t.Cb.((......c...Qb.h......R.H2..U4...`H\.e:./..@4(.....f.T...@.(.!.. .....H.!.!..H6C...}..g.qv...8I*..E[..v......[.'.3(%..i....N...z..~}....zfu$..vo\.h&.r.`E.94.Z9b.T3..gw....X....6#wg........5.e........#.I5K`......F\:5Z...nF....)....io..I@w..b.....B....W..A.........&t.~y's.pT0n...P..G.x.Y_.r0........c}l......4|.b...4.)q...L.....W..8..&....:...S.....IEND.B`.

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6E695646.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 659x90, components 3
                                      Category:dropped
                                      Size (bytes):51302
                                      Entropy (8bit):7.971667680202935
                                      Encrypted:false
                                      SSDEEP:768:umFa4DySrQGvfgDIrtLOa8zP6MoqOrtxi+B0LBcnEI+jDF05G9w4xyLUUaae:umFasPECfgDqtqOMovxj0u3yZcyyYwe
                                      MD5:18B9643A605705FA456995D8279D286B
                                      SHA1:D441B6F133D798BEECAFFC3421F1D0B95D77E6FF
                                      SHA-256:26CAAAD0F7C250D08187E43A94454FFE91E7B3B7BB221F5EEBB7FB0C6F001E55
                                      SHA-512:55B6AE3C635AB2323A40063CBD5081EDA8EA1C0560A1B6B4C12A111D2FDAFCF5EEA3E653C171994167F216FEB3EBC850C2072F3983FAE61CF1798C96A11C11AF
                                      Malicious:false
                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................Z.......................................................................................................!...."...X.1..w9A.#.6V....8.yQv7W....)Yia2B3$Ux.:b%5e..qRS.4dE'........................!..1..AQa"q..2.U.....B#.4t.u6..Rr.3s.T.5&V7..b.....eW..Cc$....Sd......8............?......yfn.Z.....b..A.b...].j>MYY.Ud..Q....E#.t.)DJR.B...KXk.OA..h..^n...JA..C..j...4.~.....a...J ..N1..:....g.=ke.!.....+YRq..`.&>..l....y(.r$C.j.%_p.....|=.""....k...T.juM..T....A.C.!......m...SX....2\.*$.z..Ry"...v...p....S...[..?X~..~R?.............v...p....S...[.....t..........p......N.......{/..q........8|_..V.....C.).......Oe...n<?X~..~R?....o....S.H~E;Y....t........:..G...~..Z.~J....k?....=..U...a..A.H..>/..W..O.!...g.............?X.?).....7.j..).$?".....?.?.._.V........#.p..F..\?%?...S.....G....

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6EC3CF94.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 112x85, components 3
                                      Category:dropped
                                      Size (bytes):2407
                                      Entropy (8bit):7.7512918199974035
                                      Encrypted:false
                                      SSDEEP:48:3iWxuERAzMyKl6LVO7xmFg0F4ziioOuBATmmOFlBv7L4i4CsEzY4Ocub775e:yE7gA7QFhFqiw+kmRFj9icuf7A
                                      MD5:5D6B262B07E9BCF40BC23E13C1375AF3
                                      SHA1:F51B7A468C5D64F049AA4AAA292448F4F9DF9700
                                      SHA-256:71333029707314064E325FB1D71746759159DDCF0273513EFA2A3D79043B3A2F
                                      SHA-512:5A1ACD591E9373952DA422C9BC83534DAF37C8E39A8B1C5959F4B33C75AEB178D85C8DB6F9B95DA89D35624A796A20B451E1C117AEC50F26A9E9D99F0B78F85F
                                      Malicious:false
                                      Preview:......JFIF.............C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......U.p.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...2i(.?z.&..J(.rh....&..J(.rh....&..ZJ(...........m.[?......Z....f}[e..q"-.k.>V.k^.I...o.c.Am{....TQE..E.P.E.P.E.P.R...w:Ak..L...jY.....O..E.......i.F..<..dPgZR.$....._.>.q......F.....2p.s.W._MI....&..^..6...Po)....?.....>.I../QR..C....G..3...F.S.)E5.M^.z...I...c.@.ff...}...6..2.._^.....F.].2...............0$.BG#.|..a.j.....w.9.-.QA..QE..R.I......~.x

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6F71205A.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):1052
                                      Entropy (8bit):7.754173484941769
                                      Encrypted:false
                                      SSDEEP:24:zZ27Omh/vfJwFxDKsJeUcoFayK1fEtN+cQ3O7O3eWRkOXN/NCRK9:nq/HexAyOfEl4OS3YOd/NCRK9
                                      MD5:06983AA07E45AC34F142B622C4768F0E
                                      SHA1:3BE36BB6E4E6EC1CD3AAF81692F69596120DABEE
                                      SHA-256:21BD332EBB254D1001731573292FD2C5D58AFEF23D52FA5662DF90097D0CD510
                                      SHA-512:98FADEE8DCB9C0DB53459B5BBDAA99ECEA8FE608185327AD783F3470057BE99BB8D8926CBCFAFF0DD2F204E9B12F75CB3EF45FC1C8F7E6C6942B97D4B84A7DB4
                                      Malicious:false
                                      Preview:.PNG........IHDR.............V.W....sRGB.........gAMA......a.....pHYs..........+......IDAT8OmTkh.U.>....&.Ml.}.....Zk[c.(U...."I..a.U.......R.....`Kc...%%T">.PB0...M.v..i..cw.><3N....2..9.{.|w........'... d..*0y.....H......+.4.\mW....F=...F...Ph..@..*.y..^.;.y`.........~..... u....R.S.Q.H`.9..X..Y.<...x./...i.8.w...n.........oI.}z........e.jQ7Rz.Z..u.._...Uu.VF.O<u....bz..p...;>F.Z.4....Qj1.S.GuM.gq..u ..\....r[.R.7.._..P$<H....h..7....#.0N..k_.{0..^0.,....5...C.MO(..z.f....:..............O..srqq,:.^.i....|)}........J..N0..}<`}..\H.....|z.....J.O.1..).l.,o..,3..q.B.V.Q.E...F..p._t.......q..Z7k...F.f....q.]....._.9B.1va...........$#.T...l....VC.S.......TW4G..]....C..D.nu....#(`....U...gH.|........ef.s.n ......|r..\xg......X>.......@_8X?.7.4y..U..T.w.2..G@:...5..b. }.N../.2O....s...M.....9..Xub..R:.%T.w.6.\.?MC...'.amh...Zh..5...U....X'I...i.&.0J......}.K+O..z.R..,R.2...VJlVe.A..3...`.Ui@../..V.P..w./])...{.3;.:.....P..{![..d.d.!H..O.).%...Z

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\84C5EC20.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 18 x 19, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):763
                                      Entropy (8bit):7.606734686199198
                                      Encrypted:false
                                      SSDEEP:12:6v/7J/tkOynLulDOc6Vi9vBm4DL/l06YkC+tFFsiiTNDobHn+aIiPaYbhedpFlZG:uHhOcgi95m4Dq6M+CiaU6iPdbkb1DC
                                      MD5:0604A1D7D0303382026338A44FA4B38A
                                      SHA1:4C6109CA6CC751C6A21802EA39EA0CD5C87DBADF
                                      SHA-256:D25137B3A8D83AC3B0EF4EE375ECBFF8248344B66B0D8A3ECA4770E6073EBF97
                                      SHA-512:F0DE6751D555352AED3B58758870C47261BDA2CF49FA94D18FE3590BF2DE97A7E251EBB90E7BED437CFF1BF98A7F6D4A6C07472CA16975EA0C6AAE508388D981
                                      Malicious:false
                                      Preview:.PNG........IHDR...............].....sRGB.........gAMA......a.....pHYs..........+......IDAT8O..OH.Q.......2..n..R.!b.K...A...........=H....%0:T.........F.D.$.a...n.n.N.;3.7.k]...a...o.w~.....U`.W.....:...t.TF,.Qd.......h....w1..,.P..,.$..........f...eF_.G.fr..rF..J#.1I.......e..s...$..0..V.Q2.......VN..TS.....2q....Q...=p..-T^..H-..>..r....b.....j.P.FQ....m.!5..E.Y.1.:o...w:=..)^..^-.....`.2C..<............V.QobvG).."..C.4...!.4.`P....).."BZ.. 0...Cv.j..W.Q.Zz.L7"..tU...(.zH.v.A.|P.6.VU%...D.5./...'..j...g...@.i..Y.F.D.E..c.+..w;6.5.'..`.+!T...V...>..G...D_..tOh..".......U|.(.Xq...#0.r..+....`...np!....q...`.....#.6}....,b..l.g.L..?B.S.3.J. ....5......Ne...hD.P......&..**d..t@.....W...SE..B.#...c..._ZS.f........IEND.B`.

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8F458F.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=591, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1181], baseline, precision 8, 472x236, components 3
                                      Category:dropped
                                      Size (bytes):63377
                                      Entropy (8bit):7.749318190420506
                                      Encrypted:false
                                      SSDEEP:768:3VH95lC9zVTAMCBnwwR2L+ZFf76ynZDtOb+aZAxhQDkrEOe9ydM9W4Jw2L1iU6wp:FEToBG+ZF5dtOd0QDxkWrJLHjM4RyC7
                                      MD5:BC5DC27521AAF7EE5F7471454EAFBF51
                                      SHA1:FFB025199ABB338CA362BC29FBFEE3F4341D031B
                                      SHA-256:D8FAF2EC686C3D8B4606EB056633439BE5409B755A25C75D3969A12112F7526A
                                      SHA-512:A41EEE7D60A32B8A675DCEE63012714D4D50AF02BB6731A4C42DEA5663100704B56C7D581A288BC9140C04895BD5F016D2B391019A379D293603DC7D6069F1BB
                                      Malicious:false
                                      Preview:......Exif..MM.*...........................O...........................................................................(...........1.....!.....2..........i.............$.......-....'..-....'.Adobe Photoshop 21.2 (Macintosh).2020:07:02 17:18:25..............0231..................................................................r...........z.(.................................~.......H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................8.q.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...u.a_f+..A....}.~.....b.._.3.t.....V..o../g..X.>..2..j...e1.neT....f....

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\92995BDB.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):585
                                      Entropy (8bit):7.4482373216805335
                                      Encrypted:false
                                      SSDEEP:12:6v/7nK/MjQUY3MLR4otUJi+4PKFA6D7VbKwxCaMs1/6b5Y7:oaU6M7UJ14POA27VvxCaMo/R7
                                      MD5:A3E601703F21B1DB4A03F341CB5D54C3
                                      SHA1:C4105DB24EC3B4AEA789EF098376B8BB3EB9E792
                                      SHA-256:762E3CDF0E7DDE65FF58A7FF49626FEB6C799305B1D0BA3212AD1F26F860C8A1
                                      SHA-512:D0596F0B9264D0BBA32FF7040E0D159854306AC8BF4724538D67D6F119973404BE145B05B98DBEFB9FB56F3627D6B2B0977292E84019E4FB3831A50B4294A835
                                      Malicious:false
                                      Preview:.PNG........IHDR.............rP6.....sRGB.........gAMA......a.....pHYs..........+......IDAT8O...O.A.........@P...@....7@........y!J...O..........Bj...m..b.m..<g.!..!..L...}w..f....q....@@B..... j.Q.....r...r..tp........J%2.5..\A.?.g%.G.#.l......'.........q....;.N........Zc..........#.....".z.@U....w......6s.e..=...-..]...m.FH/o..`.....G.B.s.......|l.v?.....*..8...W...S*...M.ZK....V.,@..@.......F...CCd3@.4....Mm.....D7.D.q...c.1...zN.>.....G)T.j4...#.qv '_.K..C.....w.dA.H.......*W..A..(.f.fpnv.....h.D~.....l'.'.3.....o.4......._...y..ME......IEND.B`.

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9A33D4F2.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 465x465, components 3
                                      Category:dropped
                                      Size (bytes):10819
                                      Entropy (8bit):7.291258910973579
                                      Encrypted:false
                                      SSDEEP:192:W++ORx28vPxf4L/4ATg6q2sFdI3WnqJYd5OPiwgllzlOFBlI:h+Yx28J4L/42283WnqJnqwOlz2lI
                                      MD5:ADBDD43D133FF211B3A93E19CC2098BE
                                      SHA1:CF84DF6EE09773BDC183FEA6D549A4A6B86802F7
                                      SHA-256:91F2B185D78B44DFF2660B698A59C7C99DB0F71C901DA10EA828BDD009278496
                                      SHA-512:4E56D36912A0B8F62F901830576124C517D0CE06051EF47F86B415A525A70E6D6BAECD6B1805DE25609BAEB46B578CD911269E1F199A1410CDB66731960E8DAA
                                      Malicious:false
                                      Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A53B6F03.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 463x463, components 3
                                      Category:dropped
                                      Size (bytes):16221
                                      Entropy (8bit):7.627533868952096
                                      Encrypted:false
                                      SSDEEP:384:9HPfrJcQaXPjfZ4lGvSaRRRP2FwMj+D76GiBLEBZ+kJeYwy:9vFcPLZ4gvRR+j+aGidEX+6jB
                                      MD5:80B821DAEA2A0E801734616302747511
                                      SHA1:E0B06D02397863B6BBF86EAF52FE1CF8228F77B2
                                      SHA-256:1600CF5DE3388B246CF5B414520D2B0508579CD12F959F9E06E02586E623F0D8
                                      SHA-512:6727C8092C4D94D7B4AF2B6A366D4328CA27B330531ABFDDCF4D00F4F55D732BF38BA8C4E930C9840C3D8491DF5A6754D006F108E3A2F9C946BE423DDE66CCDE
                                      Malicious:false
                                      Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(..<W...........t..@..........

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A941BDA1.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):882
                                      Entropy (8bit):7.685339557961777
                                      Encrypted:false
                                      SSDEEP:24:o/2x+Q1N9aKf8+ToXH6DbwgrzzyUYLyYSlavi8mq:9+gfRfoXU/zzynLyvlQi/q
                                      MD5:3C9A18F0691B2DEF6EB4259CF12ED9BA
                                      SHA1:5AE8221D24143C8EC7F18087ABC559C61B6CA399
                                      SHA-256:9F09762D94A0FE51E5AF52D6E18159523F8244FEE2DE0284D025FA98A562791E
                                      SHA-512:2A04F25A0BC956F286E20FF517B46E092316B3510E18BA1527CBF673AD7113F8EFD893BBBC41A9FD2F93202F69D023DD1FD4F4DB754BBF3CF042EB3026993C58
                                      Malicious:false
                                      Preview:.PNG........IHDR.............rP6.....sRGB.........gAMA......a.....pHYs..........+......IDAT8O..kH.Q...wfvW.|..u.F...PT.AQ..K.D/. *..>.B(."....... .PPF.RZV.&.v.L.....=..n......9.s.s.3..$V.#.>.U"rU.....9y..z...3.....a........`b....r.p.)....>..'...4.....m.JD.M*....G.F2..@P.N.)M......D....P...Q.*V..wwM.4n1.'.S.|......%.....>....._=....\...W".p"vM[.....-.u"....j...>.{.`...f..8.4F.v..:.^.[..?!.=...P....5..Sz(........./.S...vs.Y.4..3B..@c..aRfF.}K8..t...f........w..m]O../p....b..R.....t.Cb.((......c...Qb.h......R.H2..U4...`H\.e:./..@4(.....f.T...@.(.!.. .....H.!.!..H6C...}..g.qv...8I*..E[..v......[.'.3(%..i....N...z..~}....zfu$..vo\.h&.r.`E.94.Z9b.T3..gw....X....6#wg........5.e........#.I5K`......F\:5Z...nF....)....io..I@w..b.....B....W..A.........&t.~y's.pT0n...P..G.x.Y_.r0........c}l......4|.b...4.)q...L.....W..8..&....:...S.....IEND.B`.

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\AA73A0C7.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 18 x 19, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):763
                                      Entropy (8bit):7.606734686199198
                                      Encrypted:false
                                      SSDEEP:12:6v/7J/tkOynLulDOc6Vi9vBm4DL/l06YkC+tFFsiiTNDobHn+aIiPaYbhedpFlZG:uHhOcgi95m4Dq6M+CiaU6iPdbkb1DC
                                      MD5:0604A1D7D0303382026338A44FA4B38A
                                      SHA1:4C6109CA6CC751C6A21802EA39EA0CD5C87DBADF
                                      SHA-256:D25137B3A8D83AC3B0EF4EE375ECBFF8248344B66B0D8A3ECA4770E6073EBF97
                                      SHA-512:F0DE6751D555352AED3B58758870C47261BDA2CF49FA94D18FE3590BF2DE97A7E251EBB90E7BED437CFF1BF98A7F6D4A6C07472CA16975EA0C6AAE508388D981
                                      Malicious:false
                                      Preview:.PNG........IHDR...............].....sRGB.........gAMA......a.....pHYs..........+......IDAT8O..OH.Q.......2..n..R.!b.K...A...........=H....%0:T.........F.D.$.a...n.n.N.;3.7.k]...a...o.w~.....U`.W.....:...t.TF,.Qd.......h....w1..,.P..,.$..........f...eF_.G.fr..rF..J#.1I.......e..s...$..0..V.Q2.......VN..TS.....2q....Q...=p..-T^..H-..>..r....b.....j.P.FQ....m.!5..E.Y.1.:o...w:=..)^..^-.....`.2C..<............V.QobvG).."..C.4...!.4.`P....).."BZ.. 0...Cv.j..W.Q.Zz.L7"..tU...(.zH.v.A.|P.6.VU%...D.5./...'..j...g...@.i..Y.F.D.E..c.+..w;6.5.'..`.+!T...V...>..G...D_..tOh..".......U|.(.Xq...#0.r..+....`...np!....q...`.....#.6}....,b..l.g.L..?B.S.3.J. ....5......Ne...hD.P......&..**d..t@.....W...SE..B.#...c..._ZS.f........IEND.B`.

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B2A51C8A.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 469 x 331, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):34768
                                      Entropy (8bit):7.9743113272505095
                                      Encrypted:false
                                      SSDEEP:768:TGJVDQOyYaSM6MsUnTuNoW3CrNtrAUDaHKwPe75Jia:QSsi2oW3CrNtrASKq5Jia
                                      MD5:D2963CA100A705CF333D9D34D7A1A808
                                      SHA1:53D26BD3220D77672EEA6DD19B9003A0BDAB9C3D
                                      SHA-256:1FBDC34562FDBE0EE74FDA376EA33B23B67713D91A2239387797A0BFE9E82014
                                      SHA-512:E93FA2322082DC049FAA9BF1D4EBA1FE5C24D00B866AB1ED98366DB01ABE26B1900BDD2EE969E44E9F2C044A416E5243DF36A416E3F4D83F3CF6EB335B320D06
                                      Malicious:false
                                      Preview:.PNG........IHDR.......K.............sRGB.........pHYs..........+......tEXtSoftware.Microsoft Office..5q...PIDATx^.i..]v..k>...G...vl.V...D...2HV.AD.. .#."..!$.?@....`.@.~. ..."&.h;.;.b............3.\<..{W...9...S.z..s.sk.{.g...........Ix.S..z3L........Q....,*F....u5[.hw#.z.V...PU...=D...k......(Q.^.[...V.(.{.u..k.*27.-b'...L2G=7...........E*..1.m...g|..i.j2G_@=.l.}..>....]u...s..f......}Z.F.F.......a6=..j....?._.x..S......:.v..~....9VE....5...?.....6^.b...%./..V.D..U.].lj/q......~jD...*e.....f.O...U.(.V^...>../.;.,..c....5.aS..e,...^U.\l.R.......JK.Y=.3]5e........yO.=.#.m...#*..H.e.....<6....Qf....hL.1..>.k..LFI.d.f...k..Z......e.vI=k...c{.....i.YS...sP*.w_.-.."3+....s...G....u.......2`..l\jy.../.}X.._Pf.m.x.v(....Y0..l>Ld...."./.xY...UX..o..........QF.[...zm...U..'.._.3E.MK.b..d...KC.,y. .../.%...1...*..v.._..gX.q.w2n.2..ON.6L...T.a6.e.Ua.7..h...|..^.......r;..+.bl.a......1VM...#V/...(...]."...........'.Mf.;..^..J..u/G....@..C...

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B7EC85E.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):585
                                      Entropy (8bit):7.4482373216805335
                                      Encrypted:false
                                      SSDEEP:12:6v/7nK/MjQUY3MLR4otUJi+4PKFA6D7VbKwxCaMs1/6b5Y7:oaU6M7UJ14POA27VvxCaMo/R7
                                      MD5:A3E601703F21B1DB4A03F341CB5D54C3
                                      SHA1:C4105DB24EC3B4AEA789EF098376B8BB3EB9E792
                                      SHA-256:762E3CDF0E7DDE65FF58A7FF49626FEB6C799305B1D0BA3212AD1F26F860C8A1
                                      SHA-512:D0596F0B9264D0BBA32FF7040E0D159854306AC8BF4724538D67D6F119973404BE145B05B98DBEFB9FB56F3627D6B2B0977292E84019E4FB3831A50B4294A835
                                      Malicious:false
                                      Preview:.PNG........IHDR.............rP6.....sRGB.........gAMA......a.....pHYs..........+......IDAT8O...O.A.........@P...@....7@........y!J...O..........Bj...m..b.m..<g.!..!..L...}w..f....q....@@B..... j.Q.....r...r..tp........J%2.5..\A.?.g%.G.#.l......'.........q....;.N........Zc..........#.....".z.@U....w......6s.e..=...-..]...m.FH/o..`.....G.B.s.......|l.v?.....*..8...W...S*...M.ZK....V.,@..@.......F...CCd3@.4....Mm.....D7.D.q...c.1...zN.>.....G)T.j4...#.qv '_.K..C.....w.dA.H.......*W..A..(.f.fpnv.....h.D~.....l'.'.3.....o.4......._...y..ME......IEND.B`.

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\BFC7F1D0.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 166 x 35, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):3167
                                      Entropy (8bit):7.916434050322473
                                      Encrypted:false
                                      SSDEEP:48:1VIx8ZDib/Yu+VIpxxkVVm6K02+9zTExuPG8uLnL3nGzcdSFWua5M:1iFcxqxK26KZ+hQxuLHzcQFWJC
                                      MD5:1451037937D98B286D900E836E1D0529
                                      SHA1:8BF22227F5D0F7E8A8BD192CE027D63CD6A416C1
                                      SHA-256:91770D739A042E364319F7ECF3474DFAD9A021FE9CAF16B6D6F822049485FA07
                                      SHA-512:4291F618D9C6F6A9B4C1F6851AF38FB58F22FAAA648F71C7835E7ADA8B4C486710C5E65E850485A9FD0AD0CD1F1ED3340E5174E60C3CFC54A7B5C95E44C6C25F
                                      Malicious:false
                                      Preview:.PNG........IHDR.......#.......q.....sRGB.........gAMA......a.....pHYs...#...#.x.?v....IDATx^.{pT.....n6.!.%..(.T...:b.&...j[.8.Ck........L....R|U[..N;S.....XQl..C....H.PZ.0.Q...+.....{..${.>.K....e..{........t....}..5.n.\a.o..C.....%...&..%............9{yz5^....!.B.'.~..D.o......].........=......-......A.N5.0.B.........EQ............!. h(.;.O.c..BC /...C..{.m.=v.5..bhT..4...-.J..C.....o..A......~..+....C.1..=.?.oCl.....1..A.A4.e.d........O...k.w..B.^..x.t'4.....]....!..-(O.....$_..v7.^..|..'r=....}......w.M..b.I^.h ..-..G..[.....K...q6........Y.(=.?!z.x~.=..B.......:.{.....bL... z..!.R<....m.k4;.S......1........*=....7.Z.M......?/B/B.U..i..#.Z........c4.-...1/.C..Q.#..r....2,t. ...C}............9.!6..Nln.@...j.......BG...C.th7...(D....0.M...a.........TA.^..1^.A.....!..H.f.l....hd,t6....@...w..8.fx.D.....s..1e.DNCWB<..l.ip....}.5GAl....o^...~~.b.k8D#d.Jx}V.xC.'e..... .(..4xV.<}..&cE..CBO.../........M:=W#D/D.;..'..4...D#cs....t%....&.=m..&.t...C....x.M

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E46C8093.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 19 x 19, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):585
                                      Entropy (8bit):7.4482373216805335
                                      Encrypted:false
                                      SSDEEP:12:6v/7nK/MjQUY3MLR4otUJi+4PKFA6D7VbKwxCaMs1/6b5Y7:oaU6M7UJ14POA27VvxCaMo/R7
                                      MD5:A3E601703F21B1DB4A03F341CB5D54C3
                                      SHA1:C4105DB24EC3B4AEA789EF098376B8BB3EB9E792
                                      SHA-256:762E3CDF0E7DDE65FF58A7FF49626FEB6C799305B1D0BA3212AD1F26F860C8A1
                                      SHA-512:D0596F0B9264D0BBA32FF7040E0D159854306AC8BF4724538D67D6F119973404BE145B05B98DBEFB9FB56F3627D6B2B0977292E84019E4FB3831A50B4294A835
                                      Malicious:false
                                      Preview:.PNG........IHDR.............rP6.....sRGB.........gAMA......a.....pHYs..........+......IDAT8O...O.A.........@P...@....7@........y!J...O..........Bj...m..b.m..<g.!..!..L...}w..f....q....@@B..... j.Q.....r...r..tp........J%2.5..\A.?.g%.G.#.l......'.........q....;.N........Zc..........#.....".z.@U....w......6s.e..=...-..]...m.FH/o..`.....G.B.s.......|l.v?.....*..8...W...S*...M.ZK....V.,@..@.......F...CCd3@.4....Mm.....D7.D.q...c.1...zN.>.....G)T.j4...#.qv '_.K..C.....w.dA.H.......*W..A..(.f.fpnv.....h.D~.....l'.'.3.....o.4......._...y..ME......IEND.B`.

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E7F48244.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=591, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1181], baseline, precision 8, 472x236, components 3
                                      Category:dropped
                                      Size (bytes):63377
                                      Entropy (8bit):7.749318190420506
                                      Encrypted:false
                                      SSDEEP:768:3VH95lC9zVTAMCBnwwR2L+ZFf76ynZDtOb+aZAxhQDkrEOe9ydM9W4Jw2L1iU6wp:FEToBG+ZF5dtOd0QDxkWrJLHjM4RyC7
                                      MD5:BC5DC27521AAF7EE5F7471454EAFBF51
                                      SHA1:FFB025199ABB338CA362BC29FBFEE3F4341D031B
                                      SHA-256:D8FAF2EC686C3D8B4606EB056633439BE5409B755A25C75D3969A12112F7526A
                                      SHA-512:A41EEE7D60A32B8A675DCEE63012714D4D50AF02BB6731A4C42DEA5663100704B56C7D581A288BC9140C04895BD5F016D2B391019A379D293603DC7D6069F1BB
                                      Malicious:false
                                      Preview:......Exif..MM.*...........................O...........................................................................(...........1.....!.....2..........i.............$.......-....'..-....'.Adobe Photoshop 21.2 (Macintosh).2020:07:02 17:18:25..............0231..................................................................r...........z.(.................................~.......H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................8.q.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...u.a_f+..A....}.~.....b.._.3.t.....V..o../g..X.>..2..j...e1.neT....f....

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\EA1A8285.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PNG image data, 166 x 35, 8-bit/color RGBA, non-interlaced
                                      Category:dropped
                                      Size (bytes):3167
                                      Entropy (8bit):7.916434050322473
                                      Encrypted:false
                                      SSDEEP:48:1VIx8ZDib/Yu+VIpxxkVVm6K02+9zTExuPG8uLnL3nGzcdSFWua5M:1iFcxqxK26KZ+hQxuLHzcQFWJC
                                      MD5:1451037937D98B286D900E836E1D0529
                                      SHA1:8BF22227F5D0F7E8A8BD192CE027D63CD6A416C1
                                      SHA-256:91770D739A042E364319F7ECF3474DFAD9A021FE9CAF16B6D6F822049485FA07
                                      SHA-512:4291F618D9C6F6A9B4C1F6851AF38FB58F22FAAA648F71C7835E7ADA8B4C486710C5E65E850485A9FD0AD0CD1F1ED3340E5174E60C3CFC54A7B5C95E44C6C25F
                                      Malicious:false
                                      Preview:.PNG........IHDR.......#.......q.....sRGB.........gAMA......a.....pHYs...#...#.x.?v....IDATx^.{pT.....n6.!.%..(.T...:b.&...j[.8.Ck........L....R|U[..N;S.....XQl..C....H.PZ.0.Q...+.....{..${.>.K....e..{........t....}..5.n.\a.o..C.....%...&..%............9{yz5^....!.B.'.~..D.o......].........=......-......A.N5.0.B.........EQ............!. h(.;.O.c..BC /...C..{.m.=v.5..bhT..4...-.J..C.....o..A......~..+....C.1..=.?.oCl.....1..A.A4.e.d........O...k.w..B.^..x.t'4.....]....!..-(O.....$_..v7.^..|..'r=....}......w.M..b.I^.h ..-..G..[.....K...q6........Y.(=.?!z.x~.=..B.......:.{.....bL... z..!.R<....m.k4;.S......1........*=....7.Z.M......?/B/B.U..i..#.Z........c4.-...1/.C..Q.#..r....2,t. ...C}............9.!6..Nln.@...j.......BG...C.th7...(D....0.M...a.........TA.^..1^.A.....!..H.f.l....hd,t6....@...w..8.fx.D.....s..1e.DNCWB<..l.ip....}.5GAl....o^...~~.b.k8D#d.Jx}V.xC.'e..... .(..4xV.<}..&cE..CBO.../........M:=W#D/D.;..'..4...D#cs....t%....&.=m..&.t...C....x.M

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\EBF5B575.dat

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=591, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1181], baseline, precision 8, 472x236, components 3
                                      Category:dropped
                                      Size (bytes):63377
                                      Entropy (8bit):7.749318190420506
                                      Encrypted:false
                                      SSDEEP:768:3VH95lC9zVTAMCBnwwR2L+ZFf76ynZDtOb+aZAxhQDkrEOe9ydM9W4Jw2L1iU6wp:FEToBG+ZF5dtOd0QDxkWrJLHjM4RyC7
                                      MD5:BC5DC27521AAF7EE5F7471454EAFBF51
                                      SHA1:FFB025199ABB338CA362BC29FBFEE3F4341D031B
                                      SHA-256:D8FAF2EC686C3D8B4606EB056633439BE5409B755A25C75D3969A12112F7526A
                                      SHA-512:A41EEE7D60A32B8A675DCEE63012714D4D50AF02BB6731A4C42DEA5663100704B56C7D581A288BC9140C04895BD5F016D2B391019A379D293603DC7D6069F1BB
                                      Malicious:false
                                      Preview:......Exif..MM.*...........................O...........................................................................(...........1.....!.....2..........i.............$.......-....'..-....'.Adobe Photoshop 21.2 (Macintosh).2020:07:02 17:18:25..............0231..................................................................r...........z.(.................................~.......H.......H..........Adobe_CM......Adobe.d.................................................................................................................................................8.q.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...u.a_f+..A....}.~.....b.._.3.t.....V..o../g..X.>..2..j...e1.neT....f....

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LUN35Q36\DDTA202403389 (002).pdf

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PDF document, version 1.4, 1 pages
                                      Category:dropped
                                      Size (bytes):65986
                                      Entropy (8bit):7.486932543043902
                                      Encrypted:false
                                      SSDEEP:1536:+SuLqvgt3EJxs4nSkSUFNW06M7ykK9232B:8qvskxs4nxpjW06M7vu232B
                                      MD5:6C72FC34B8FE19DB86BF363D734CCD16
                                      SHA1:1A7B7552924AA0C31001695CDDE629E6A2C8AD28
                                      SHA-256:4BDF1D582D77B9F74259ECA5E4E861C2ABF8E641B0EB694F49BBBEF1D2D48560
                                      SHA-512:5EE1376A2A6B50FF8088BD0007472D5B843A0EFB2D10C07317BAFD232892F9818B88D088370F084A298954D267184EF00A52E60C90746660778CA49784160402
                                      Malicious:false
                                      Preview:%PDF-1.4..%......%..%wPDF3 by WPCubed GmbH V3.65[40] 32bit unicode ..%..%..1 0 obj..<</Type/Metadata/Subtype/XML/Length 1404 >>..stream.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701">.<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">.<rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>WPTools</xmp:CreatorTool>. <xmp:CreateDate>2024-10-30T14:34:09Z</xmp:CreateDate>. <xmp:ModifyDate>2024-10-30T14:34:09Z</xmp:ModifyDate>. <xmp:MetadataDate>2024-10-30T14:34:09Z</xmp:MetadataDate>.</rdf:Description>.<rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>application/pdf</dc:format>. <dc:title><rdf:Alt>. <rdf:li xml:lang="x-default"/>.</rdf:Alt></dc:title>. <dc:description><rdf:Alt>. <rdf:li xml:lang="x-default"/>.</rdf:Alt></dc:description>. <dc:subject>. <rdf:Bag>. <rdf:li/>. </rdf:Bag>.</dc:subject>. <dc:creator>.<rdf:Seq>. <rdf:li>U9</rd

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LUN35Q36\DDTA202403389 (002).pdf:Zone.Identifier

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:modified
                                      Size (bytes):26
                                      Entropy (8bit):3.95006375643621
                                      Encrypted:false
                                      SSDEEP:3:gAWY3n:qY3n
                                      MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                      SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                      SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                      SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                      Malicious:false
                                      Preview:[ZoneTransfer]..ZoneId=3..

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LUN35Q36\DDTA202403389.pdf

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:PDF document, version 1.4, 1 pages
                                      Category:dropped
                                      Size (bytes):65986
                                      Entropy (8bit):7.486932543043902
                                      Encrypted:false
                                      SSDEEP:1536:+SuLqvgt3EJxs4nSkSUFNW06M7ykK9232B:8qvskxs4nxpjW06M7vu232B
                                      MD5:6C72FC34B8FE19DB86BF363D734CCD16
                                      SHA1:1A7B7552924AA0C31001695CDDE629E6A2C8AD28
                                      SHA-256:4BDF1D582D77B9F74259ECA5E4E861C2ABF8E641B0EB694F49BBBEF1D2D48560
                                      SHA-512:5EE1376A2A6B50FF8088BD0007472D5B843A0EFB2D10C07317BAFD232892F9818B88D088370F084A298954D267184EF00A52E60C90746660778CA49784160402
                                      Malicious:false
                                      Preview:%PDF-1.4..%......%..%wPDF3 by WPCubed GmbH V3.65[40] 32bit unicode ..%..%..1 0 obj..<</Type/Metadata/Subtype/XML/Length 1404 >>..stream.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1-701">.<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">.<rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:CreatorTool>WPTools</xmp:CreatorTool>. <xmp:CreateDate>2024-10-30T14:34:09Z</xmp:CreateDate>. <xmp:ModifyDate>2024-10-30T14:34:09Z</xmp:ModifyDate>. <xmp:MetadataDate>2024-10-30T14:34:09Z</xmp:MetadataDate>.</rdf:Description>.<rdf:Description rdf:about="". xmlns:dc="http://purl.org/dc/elements/1.1/">. <dc:format>application/pdf</dc:format>. <dc:title><rdf:Alt>. <rdf:li xml:lang="x-default"/>.</rdf:Alt></dc:title>. <dc:description><rdf:Alt>. <rdf:li xml:lang="x-default"/>.</rdf:Alt></dc:description>. <dc:subject>. <rdf:Bag>. <rdf:li/>. </rdf:Bag>.</dc:subject>. <dc:creator>.<rdf:Seq>. <rdf:li>U9</rd

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LUN35Q36\DDTA202403389.pdf:Zone.Identifier

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):26
                                      Entropy (8bit):3.95006375643621
                                      Encrypted:false
                                      SSDEEP:3:gAWY3n:qY3n
                                      MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                      SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                      SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                      SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                      Malicious:false
                                      Preview:[ZoneTransfer]..ZoneId=3..

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{34D4891B-1321-4DED-8063-4C7250047D4C}.tmp

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):1024
                                      Entropy (8bit):0.03351732319703582
                                      Encrypted:false
                                      SSDEEP:3:ol3lG:40
                                      MD5:830FBF83999E052538EAF156AB6ECB17
                                      SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                      SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                      SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                      Malicious:false
                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{652CD4E4-4141-4D50-B0E3-F59D50AC9FC0}.tmp

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):4096
                                      Entropy (8bit):2.8927214380531066
                                      Encrypted:false
                                      SSDEEP:24:yIIYkN3JhCxNxecJhCxN0oTi2WYeNajJhoN1efIO4JhCxN9oTigYelJhoNUoTigC:ENnKeg+lH7ueedHUHq
                                      MD5:4DF147E101127BFC0F8BA995DFDB3917
                                      SHA1:B89BFE804730C69A32078A8DCA402E6DAA89525D
                                      SHA-256:2ECDB2390AF2BDD9184AE4E9CB2FCD8291A0A2242BD920ED5EEABB80B4662449
                                      SHA-512:78D172D37C5322EE0E0A1ADADE90BE0D6A352D655FF4788F96AE4B6D2C1BF991DD1391CA104B8856BA890798BBFBA02260791F41F0D88AFB14E0D6C67A253CDB
                                      Malicious:false
                                      Preview:....1.2.....1.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...c.a.l.i...c............................................................................................................................................................................................................................................................................................................................................................................................... ..."...(...*...0...2...8...:...@...B...H...J...P...R...V...X...\...^...d...f...l...................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{96C6C273-FDBF-4111-8E2D-9A38567629B8}.tmp

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):114496
                                      Entropy (8bit):3.452781425298797
                                      Encrypted:false
                                      SSDEEP:768:qWrldDzeLjJk+ldEhbC6CKakPaqldJhb6p8wsy5Uld5EwSbP/zMEldQldwwO7XAy:Tn0nIFC7qn0inO/rQnzQnWo
                                      MD5:8C1B8CF4F5168C91D4DAA7BA9D9D7A78
                                      SHA1:9B4171D390B14C956231829D3D25D61F8E62ABB3
                                      SHA-256:67CDF2DA420A115E9996CEA855304690F136BCFD3A51D206E98C353E7B76F269
                                      SHA-512:B6527347DAB8D76FB88D56E82328E3344940FED0F36093D452DA47D68C2567D1820CEF128479257103684370F5522EB492B11C2C058BF79BFA7AEFC52AF5220E
                                      Malicious:false
                                      Preview:....a.l.l.e.g.o. .b.o.l.l.a...........I.N.C.L.U.D.E.P.I.C.T.U.R.E. .".c.i.d.:.5.2.8.f.4.c.7.0.-.9.2.8.3.-.4.b.1.4.-.8.8.e.5.-.e.f.6.2.e.9.9.d.0.3.d.9.". .\.*. .M.E.R.G.E.F.O.R.M.A.T.I.N.E.T... . ............................................................................................................................................................................................................................................................................................................................................."...&...........@...H...............4..."...V...Z...^...b...f...t...x...|...............................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B36B5C5F-AA35-49A1-9CCE-8D04DB90F264}.tmp

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):1024
                                      Entropy (8bit):0.03351732319703582
                                      Encrypted:false
                                      SSDEEP:3:ol3lG:40
                                      MD5:830FBF83999E052538EAF156AB6ECB17
                                      SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                      SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                      SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                      Malicious:false
                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B9312E54-C7EC-4DD3-B3FC-C801D0739E31}.tmp

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):1024
                                      Entropy (8bit):0.03351732319703582
                                      Encrypted:false
                                      SSDEEP:3:ol3lG:40
                                      MD5:830FBF83999E052538EAF156AB6ECB17
                                      SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                      SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                      SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                      Malicious:false
                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730407323706745300_C9BC49E1-CC5E-4242-8A53-633AF35D2C07.log

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:ASCII text, with very long lines (859), with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):20971520
                                      Entropy (8bit):0.007111863737532669
                                      Encrypted:false
                                      SSDEEP:192:SsogXuxKTCL4hGjWhisrkVD54v4NT32wCBd/:Ss+8TCLAGjWhiUkVD54vaT32wCBd/
                                      MD5:F9DD40F5E0EBF2E949F0619A32B359BC
                                      SHA1:510B5E2BA7EB97D838A0E1DABB061DEEB94D6E67
                                      SHA-256:B4BEBF42557A9951792D0F6CE1EF128F4EDA81DDB21F9712624C90EB1B3BE3E0
                                      SHA-512:71CE50AE47FFB3E03BC918B47483A4EE62F0C3E4C798F43029D5E1E8F6DFACECAF76DDC61FD411BF3B22B9EE74759FC8285051A3932B679A52142D747AC3E6C1
                                      Malicious:false
                                      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/31/2024 20:42:03.729.OUTLOOK (0x1AD0).0x1B18.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-10-31T20:42:03.729Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"F544E368-69E7-406B-9541-B36FB856E67D","Data.PreviousSessionInitTime":"2024-10-31T20:41:36.647Z","Data.PreviousSessionUninitTime":"2024-10-31T20:41:40.131Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/31/2024 20:42:03.761.OUTLOOK (0x1AD0).0x18E4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22

                                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730407323707348600_C9BC49E1-CC5E-4242-8A53-633AF35D2C07.log

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):20971520
                                      Entropy (8bit):0.0
                                      Encrypted:false
                                      SSDEEP:3::
                                      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                      Malicious:false
                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\MSIc0782.LOG

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):246
                                      Entropy (8bit):3.505069684106714
                                      Encrypted:false
                                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fQRqrNJH:Qw946cPbiOxDlbYnuRKuvNJH
                                      MD5:67C379E0C35905D4CA675E9F3D0C2425
                                      SHA1:F9A1A0B1559015B8C2CE9093DCA08D7166DE1330
                                      SHA-256:98380FF1E4B9D7C0B14AC401AB70408DCB18D099E3B23E09E4A07FA12B0B6B96
                                      SHA-512:BCD4352AA571AA7D75B96FC8B02D5668F990EFBB2410151ABFDB3E0CF1D27A044A5415810675D36053CFAF7D8B88F055A00DE076F9EA3FEDF1A9E279106FCD6B
                                      Malicious:false
                                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.1./.1.0./.2.0.2.4. . .1.6.:.4.2.:.2.2. .=.=.=.....

                                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241031T1642030473-6864.etl

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):131072
                                      Entropy (8bit):4.706596165408622
                                      Encrypted:false
                                      SSDEEP:1536:w94OwE9EKwfOskwclIXDmzdh5Jg2NvXHKbPhz:m4OwEaKwfOskwclIXDoNvXHKbPhz
                                      MD5:41DB543CDFEDA1C1A526DAA26E85E624
                                      SHA1:DE9A3E541ABCDFB4D8728AAE97D6D4B244587AA8
                                      SHA-256:5AE8B1FC745026C9031C9AD698DC7D4D965A8EFD5981A7352854EFE608F245F5
                                      SHA-512:B69441CA036E92D23015479FCED12776C7A70EE6E4BBCF87667AD631635328450AE629070CED8B199AF878F508447890A766885CDA899E9848038158B9D8D2B7
                                      Malicious:false
                                      Preview:............................................................................`............Y.W.+..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y...........Y.W.+..........v.2._.O.U.T.L.O.O.K.:.1.a.d.0.:.0.8.8.3.e.3.8.4.d.6.c.4.4.9.e.a.8.3.9.2.9.1.d.6.0.5.a.5.b.1.0.3...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.3.1.T.1.6.4.2.0.3.0.4.7.3.-.6.8.6.4...e.t.l.......P.P...........W.+..........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 16-42-17-299.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393)
                                      Category:dropped
                                      Size (bytes):16525
                                      Entropy (8bit):5.353642815103214
                                      Encrypted:false
                                      SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
                                      MD5:91F06491552FC977E9E8AF47786EE7C1
                                      SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                                      SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                                      SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                                      Malicious:false
                                      Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):15114
                                      Entropy (8bit):5.3442003372484885
                                      Encrypted:false
                                      SSDEEP:384:lx9s22LsJXIItAyzxatuhYyOmJG8K9lMTU4vdl1ZoEcNfydVFSraTMT+bQmsr6aS:PAlvKP
                                      MD5:2371928D567398635922634B654B725F
                                      SHA1:E6C1717319C7BAF7A03DDF0E0A86054A98A1170B
                                      SHA-256:4E63E24C8E109C20348299F589BEC86E67672B6855553B73D003CE4414604548
                                      SHA-512:FD2F3CB020BF0EB2A62B197B9ED0DCF0462DAAFB098F9B6395C1B513B99387129D12B5CB9A76DF1A0BB2DF90BAFA97A0A3C6FDB6EE0E4CED4593B93C51F00D01
                                      Malicious:false
                                      Preview:SessionID=4e5b1168-8235-46f9-a7d7-2d07e3445c9c.1730407337311 Timestamp=2024-10-31T16:42:17:311-0400 ThreadID=3424 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=4e5b1168-8235-46f9-a7d7-2d07e3445c9c.1730407337311 Timestamp=2024-10-31T16:42:17:313-0400 ThreadID=3424 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=4e5b1168-8235-46f9-a7d7-2d07e3445c9c.1730407337311 Timestamp=2024-10-31T16:42:17:313-0400 ThreadID=3424 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=4e5b1168-8235-46f9-a7d7-2d07e3445c9c.1730407337311 Timestamp=2024-10-31T16:42:17:313-0400 ThreadID=3424 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=4e5b1168-8235-46f9-a7d7-2d07e3445c9c.1730407337311 Timestamp=2024-10-31T16:42:17:314-0400 ThreadID=3424 Component=ngl-lib_NglAppLib Description="SetConf

                                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):29752
                                      Entropy (8bit):5.417675012880368
                                      Encrypted:false
                                      SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbkcbSHIFXcb1:fhWlA/TVRoFw
                                      MD5:1EE3F72703AEC95888DCE7600AB58A4A
                                      SHA1:66B14A4AC708299016387376008FA6ACFFE3AC8A
                                      SHA-256:F351C5EBD1BCD98323ED1CF068246291083A9BB6015D0BC840555C95EA420D2A
                                      SHA-512:8A50E29F115D7E86DEA018763DC8CCE644C97BA0DAA82C9E2CCA1C5B9960A8873BE21FACC075A404A1B365716661EB08CBD6254C56E99CCCFC4721523F8FCC2D
                                      Malicious:false
                                      Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\188f6ff5-07ef-4c60-8977-51f9d9251f2b.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                      Category:dropped
                                      Size (bytes):758601
                                      Entropy (8bit):7.98639316555857
                                      Encrypted:false
                                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                      MD5:3A49135134665364308390AC398006F1
                                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                      Malicious:false
                                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\40c3f63d-c8fe-491d-853e-a09be8506aa8.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                      Category:dropped
                                      Size (bytes):1419751
                                      Entropy (8bit):7.976496077007677
                                      Encrypted:false
                                      SSDEEP:24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru
                                      MD5:E787F9888A1628BE8234F19E8EE26D68
                                      SHA1:44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
                                      SHA-256:3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
                                      SHA-512:EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
                                      Malicious:false
                                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\98edd20a-4a55-488a-bcc8-9cf5b131c462.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                      Category:dropped
                                      Size (bytes):386528
                                      Entropy (8bit):7.9736851559892425
                                      Encrypted:false
                                      SSDEEP:6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
                                      MD5:774036904FF86EB19FCE18B796528E1E
                                      SHA1:2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
                                      SHA-256:D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
                                      SHA-512:9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
                                      Malicious:false
                                      Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

                                      C:\Users\user\AppData\Local\Temp\acrocef_low\f4292247-fbda-40e7-ab93-b276e9ae2d73.tmp

                                      Download File
                                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                      Category:dropped
                                      Size (bytes):1407294
                                      Entropy (8bit):7.97605879016224
                                      Encrypted:false
                                      SSDEEP:24576:GqA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:5VB3mlind9i4ufFXpAXkrfUs03WLaGZw
                                      MD5:408F8BA5ED5014C1E10FA19D75C944A6
                                      SHA1:87595F69D692B4D785AAFAD71394426879C7980F
                                      SHA-256:FFFE47EBC7E157F63F4BE40AC0B2DCD73A5DCDF57B9D03FEA3EB99212A7EC16F
                                      SHA-512:01B286CA276C6B4302AC6ABA30466CE2048F6AC7FA5ACD7DCA375541C91339CEE94377B783A3A7710D10C315CA062CAE79DD2A073406D1C3C76AC4787DA5A793
                                      Malicious:false
                                      Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

                                      C:\Users\user\AppData\Local\Temp\msoF9EB.tmp

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:GIF image data, version 89a, 15 x 15
                                      Category:dropped
                                      Size (bytes):663
                                      Entropy (8bit):5.949125862393289
                                      Encrypted:false
                                      SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                      MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                      SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                      SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                      SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                      Malicious:false
                                      Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

                                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):30
                                      Entropy (8bit):1.2389205950315936
                                      Encrypted:false
                                      SSDEEP:3:imz1:im
                                      MD5:0894FB752041A134FB3F9B6F8DE86F61
                                      SHA1:D1D3D37006D083A045E3B688CCCB11B2211A3FC5
                                      SHA-256:DE4AA793380154F33B73A9D91E2EEC362AB418F8B6979B22D392D21988A19086
                                      SHA-512:7E18DE563D211071E65388A37DA238721ECD32AED7E78CC1D91E3E2CEC1ED12CFB55F4C2B6185EF4ADA094AD9E6310478E7B9A27A1FAF1D9A4DC41C3CDA18388
                                      Malicious:false
                                      Preview:....U.........................

                                      C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:Composite Document File V2 Document, Cannot read section info
                                      Category:dropped
                                      Size (bytes):16384
                                      Entropy (8bit):0.6706940961211854
                                      Encrypted:false
                                      SSDEEP:12:rl3baFERqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCwKp:rGmnq1Py961J
                                      MD5:A39182A48032352DD2AEC7314E0F893C
                                      SHA1:96602C159D29D5B0E416AEE750F6A4BF09855802
                                      SHA-256:DA1DBA8328682B03AE239BDA4BFF0EC6434F0162C9CDA914149EF538AAD71001
                                      SHA-512:15DEFB260226E3DA754208AAFE0CA58D0EB6432E161279AE2620B570B86EA77E609A354033E1F079E33970B8DD9B3FDAA34BA50CB09E1646ED99C892F259242E
                                      Malicious:false
                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:Microsoft Outlook email folder (>=2003)
                                      Category:dropped
                                      Size (bytes):2302976
                                      Entropy (8bit):3.68607717982854
                                      Encrypted:false
                                      SSDEEP:12288:vcuYb/ZRQVee7WZBOxQ3NrL5V8fjvQUZJNPD/QraYcMS+aiPfXcZIIP:EjZTjB2ZZoyCTH1S
                                      MD5:803856471C72C5E0FB7C22D66DF9ECF1
                                      SHA1:52C6B834EB13D546B3C4441A34FE32A42E01DEA8
                                      SHA-256:B78179EFBC0EFB73E459689B1909D7D53C0035740C4F4CCA4E55AEDDFC71270D
                                      SHA-512:BC0C95136A31012ED9C9AF859E3EEDA4D5906FAD8E0EBCDA8BF07B9166288691DD827D7C2DFE09FC98215C3974629F0EEDC0B0A56156BFF762BA2F94D831019C
                                      Malicious:false
                                      Preview:!BDN}.ioSM......\...............I........................@...........@...@...................................@...........................................................................$#......D......................H........~......E........Z..................................................................................................................................................................................................................................................................................4.........1...D.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):917504
                                      Entropy (8bit):7.285232619388771
                                      Encrypted:false
                                      SSDEEP:12288:w4SVXiVmI9Cg5AhEmBGcg3Z+QlDNq3OyOQFqgLWhNOFQH1gc2ogfZz:9BBsVXgEGNWwbRcz
                                      MD5:4C034909DBC6F599E1EE1A7AC64A21A4
                                      SHA1:DD3E551C54AE2040573D3C496B80CA3AF4339686
                                      SHA-256:51D98251CF4845ED0FDEFBBFE3BA04D41D62EC6632323F26B9552307DFEB9D8D
                                      SHA-512:0FF9AD12413209194252E19527BE6FB0F544C6E27046B506AD61D29AD4B20A746D18F519699C1CF25DD8C1D5926F10B9E620AF25B174385C99A9041B775A935D
                                      Malicious:false
                                      Preview:....C...............'.xW.+....................#.!BDN}.ioSM......\...............I........................@...........@...@...................................@...........................................................................$#......D......................H........~......E........Z..................................................................................................................................................................................................................................................................................4.........1...D.'.xW.+.......B............#................................!........................................................................................................................................................................................................................................................................................................................................................................

                                      Static File Info

                                      General

                                      File type:ASCII text, with very long lines (347), with CRLF line terminators
                                      Entropy (8bit):6.116704888116091
                                      TrID:
                                        File name:R_ stampa su plotter SESTE CARNIVAL.eml
                                        File size:985'089 bytes
                                        MD5:525c3c0f7e7a7bf75ebd440ca598a46b
                                        SHA1:e0c30f30fe1ff3e6670acec02ed77762041841c3
                                        SHA256:c35adccd8d5c7425063277a60e610d4e067050f45f74e81d130e26a79f861264
                                        SHA512:ede1b98ea153b90ce598686700531d844db497300272a8cc6dc8b61be5ec6613dd4958910e9685aa67bce93bac57794992f53a9131c264117c9da079fe0f9cec
                                        SSDEEP:24576:IFxOT/gTxOpI8oFxOT/gCyFxOT/gyFxOT/g2FxOT/gjdnu:p/Zpp/D/8/4/h
                                        TLSH:3A25BE329C516EDA17638186B0CF39E06C5C7BCB93AB54E9206915F3FCEA87043F5998
                                        File Content Preview:Authentication-Results: relay.mimecast.com;...dkim=none;...arc=pass ("microsoft.com:s=arcselector10001:i=1");...dmarc=none;...spf=pass (relay.mimecast.com: domain of davide@acubesrl.it designates 40.107.103.91 as permitted sender) smtp.mailfrom=davide@acu

                                        Static Mail

                                        General

                                        Subject:R: stampa su plotter SESTE CARNIVAL
                                        From:Davide Marinelli <davide@acubesrl.it>
                                        To:Serena Solvino <serena.solvino@apiresinfloors.com>
                                        Cc:Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com>, Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com>
                                        BCC:Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com>, Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com>
                                        Date:Wed, 30 Oct 2024 13:54:05 +0000
                                        Communications:
                                        • allego bolla [cid:528f4c70-9283-4b14-88e5-ef62e99d03d9] Non stampare questa e-mail. Questo documento formato esclusivamente per il destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere esclusivamente confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 GDPR- e quindi ne proibita lutilizzazione ulteriore non autorizzata. Se avete ricevuto per errore questo messaggio, Vi preghiamo cortesemente di contattare immediatamente il mittente e cancellare la e-mail. Grazie. Please dont print this e-mail. Confidentiality Notice This e-mail message including any attachments is for the sole use of the intended recipient and may contain confidential and privileged information pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 GDPR-. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ________________________________ Da: Serena Solvino <serena.solvino@apiresinfloors.com> Inviato: mercoled 30 ottobre 2024 14:48 A: Davide Marinelli <davide@acubesrl.it> Cc: Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com>; Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL Buongiorno signor Davide, finalmente riesco a inviarle nostro ordine. Per cortesia mi potrebbe inviare la bolla in risposta a questa mail, la mail precedente finita nei " link sospetti". Grazie e cordiali saluti. Serena Solvino Purchasing Manager, Marine Division m. t.+39 010 7720751 211 [cid:45t01nJAFEGKjXb3oMj17Aapifooteremail2_jpg] [cid:IaKU6yOelE6kfRArruUcUga-division-ofstonhard-bluesmallextra_png] [cid:slfMnRgzUVrPNhcuHwgwebicoonapi2_png]<https://www.apiresinfloors.com/en/> [cid:tJ9DU86ZlUeaPywfzFXtQwebiconlinkedinAPI2_png] <https://www.linkedin.com/company/api-spa/> [cid:dPxzBr03j0aRSOQyZ6j6HwFBiconAPI2_png] <https://www.facebook.com/APIresinfloors> [cid:8pyxVc1u40yLxnlyd01p6QIconINSTAAPI2_png] <https://www.instagram.com/apiresinfloors/> [cid:EsGJEAn5XUCdiisPaTO6pwBANNER-FLIBS11_jpg] ________________________________ Da: Serena Solvino <serena.solvino@apiresinfloors.com> Inviato: mercoled 30 ottobre 2024 10:04 A: davide@acubesrl.it <davide@acubesrl.it> Cc: Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com>; Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Oggetto: I: stampa su plotter SESTE CARNIVAL Buongiorno signor Davide, di seguito quanto richiesto: Pec: api@pec.api-spa.com SDI: 02LKXL8 pi tardi le invier ordine. Grazie e cordiali saluti. ________________________________ Da: Davide Marinelli <davide@acubesrl.it> Inviato: marted 29 ottobre 2024 16:00 A: Serena Solvino <serena.solvino@apiresinfloors.com>; Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Cc: Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL Caution: This email originated from an external source. Do not click links or open attachments unless you recognize the sender and know the content is safe. ok perfetto poi per inserimento in anagrafica mi serve anche SDI e PEC [cid:3f7d361a-b57c-4664-bfea-c3da5e2293c7] Non stampare questa e-mail. Questo documento formato esclusivamente per il destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere esclusivamente confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 GDPR- e quindi ne proibita lutilizzazione ulteriore non autorizzata. Se avete ricevuto per errore questo messaggio, Vi preghiamo cortesemente di contattare immediatamente il mittente e cancellare la e-mail. Grazie. Please dont print this e-mail. Confidentiality Notice This e-mail message including any attachments is for the sole use of the intended recipient and may contain confidential and privileged information pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 GDPR-. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ________________________________ Da: Serena Solvino <serena.solvino@apiresinfloors.com> Inviato: marted 29 ottobre 2024 15:46 A: Davide Marinelli <davide@acubesrl.it>; Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Cc: Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL L'indirizzo il seguente: Api spa Via Trieste 13 16018 Mignanego Genova p.i.00251170106 Grazie mille. Serena Solvino Purchasing Manager, Marine Division m. t.+39 010 7720751 211 [cid:JjHvaKgPFk6aoCx0VocBgapifooteremail2_jpg] [cid:fO6fn2ZhkaWAEHBItFHlwa-division-ofstonhard-bluesmallextra_png] [cid:7bGSvAeSsE2eJIDOitq5CQwebicoonapi2_png]<https://www.apiresinfloors.com/en/> [cid:mf4XG5IeUa7odmWVnQYwwebiconlinkedinAPI2_png] <https://www.linkedin.com/company/api-spa/> [cid:ZRZ1dgkXlk6igDkyugQrQFBiconAPI2_png] <https://www.facebook.com/APIresinfloors> [cid:ZdtT1uvXYkqW2GGkqPKfXwIconINSTAAPI2_png] <https://www.instagram.com/apiresinfloors/> [cid:UtleJ9dfUqSBjB2pZbhQBANNER-FLIBS11_jpg] ________________________________ Da: Davide Marinelli <davide@acubesrl.it> Inviato: marted 29 ottobre 2024 15:35 A: Serena Solvino <serena.solvino@apiresinfloors.com>; Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Cc: Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL Caution: This email originated from an external source. Do not click links or open attachments unless you recognize the sender and know the content is safe. pi che altro se mi pu mandare un indirizzo dove spedire la merce pronta [cid:040af0c5-9114-4bb8-98d0-9a0e5a7feeca] Non stampare questa e-mail. Questo documento formato esclusivamente per il destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere esclusivamente confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 GDPR- e quindi ne proibita lutilizzazione ulteriore non autorizzata. Se avete ricevuto per errore questo messaggio, Vi preghiamo cortesemente di contattare immediatamente il mittente e cancellare la e-mail. Grazie. Please dont print this e-mail. Confidentiality Notice This e-mail message including any attachments is for the sole use of the intended recipient and may contain confidential and privileged information pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 GDPR-. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ________________________________ Da: Serena Solvino <serena.solvino@apiresinfloors.com> Inviato: marted 29 ottobre 2024 15:34 A: Davide Marinelli <davide@acubesrl.it>; Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Cc: Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL Buon pomeriggio signor Davide, domani le invier ordine, mi scusi ma abbiamo una procedura per l'inserimento dei nuovi fornitori un po' lunga. Grazie e cordiali saluti. Serena Solvino Purchasing Manager, Marine Division m. t.+39 010 7720751 211 [cid:45t01nJAFEGKjXb3oMj17Aapifooteremail2_jpg] [cid:IaKU6yOelE6kfRArruUcUga-division-ofstonhard-bluesmallextra_png] [cid:slfMnRgzUVrPNhcuHwgwebicoonapi2_png]<https://www.apiresinfloors.com/en/> [cid:tJ9DU86ZlUeaPywfzFXtQwebiconlinkedinAPI2_png] <https://www.linkedin.com/company/api-spa/> [cid:dPxzBr03j0aRSOQyZ6j6HwFBiconAPI2_png] <https://www.facebook.com/APIresinfloors> [cid:8pyxVc1u40yLxnlyd01p6QIconINSTAAPI2_png] <https://www.instagram.com/apiresinfloors/> [cid:EsGJEAn5XUCdiisPaTO6pwBANNER-FLIBS11_jpg] ________________________________ Da: Davide Marinelli <davide@acubesrl.it> Inviato: luned 28 ottobre 2024 17:17 A: Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Cc: Serena Solvino <serena.solvino@apiresinfloors.com>; Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL Caution: This email originated from an external source. Do not click links or open attachments unless you recognize the sender and know the content is safe. Ciao ti avevo cercato per un'altra info inerente al file appena puoi chiamami ecco allegata l'anagrafica nostra, attendo la vostra per inserirvi Qui sotto la quotazione Stampa formato A0 - 84,1x118,9cm stampa su carta bianca da grammi 130 4 pezzi - euro 50,00 + iva Totale Stampa formato A0 - 118,9x168,2cm stampa su carta bianca da grammi 130 4 pezzi - euro 90,00 + iva Totale Contributo spedizione euro 15,00 + iva [cid:e660fe4e-5f2a-4ae0-9487-7a363d16a98a] Non stampare questa e-mail. Questo documento formato esclusivamente per il destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere esclusivamente confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 GDPR- e quindi ne proibita lutilizzazione ulteriore non autorizzata. Se avete ricevuto per errore questo messaggio, Vi preghiamo cortesemente di contattare immediatamente il mittente e cancellare la e-mail. Grazie. Please dont print this e-mail. Confidentiality Notice This e-mail message including any attachments is for the sole use of the intended recipient and may contain confidential and privileged information pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 GDPR-. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ________________________________ Da: Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Inviato: luned 28 ottobre 2024 16:53 A: Davide Marinelli <davide@acubesrl.it> Cc: Serena Solvino <serena.solvino@apiresinfloors.com>; Gabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL Ciao Davide Ti allego linformazione della ditta, ti chiedo gentilmente di mandarmi le vs informazioni che vi inseriamo anche noi a sistema e di mandarmi la offerta che devo farla vedere dalla mia collega che ti mander lordine API spa - c.f./p.i. vat IT00251170106 * HQ: Mignanego (GE), via Trieste, 13 - 16018 Italy @Serena Solvino<mailto:serena.solvino@apiresinfloors.com> appena possibile procedi con ordine Greazie! Juan Carlos Mauri Junior Product Manager, Marine Division m. t.+39 010 7720751 232 [cid:JjHvaKgPFk6aoCx0VocBgapifooteremail2_jpg] [cid:fO6fn2ZhkaWAEHBItFHlwa-division-ofstonhard-bluesmallextra_png] [cid:7bGSvAeSsE2eJIDOitq5CQwebicoonapi2_png]<https://www.apiresinfloors.com/en/> [cid:mf4XG5IeUa7odmWVnQYwwebiconlinkedinAPI2_png] <https://www.linkedin.com/company/api-spa/> [cid:ZRZ1dgkXlk6igDkyugQrQFBiconAPI2_png] <https://www.facebook.com/APIresinfloors> [cid:ZdtT1uvXYkqW2GGkqPKfXwIconINSTAAPI2_png] <https://www.instagram.com/apiresinfloors/> [cid:UtleJ9dfUqSBjB2pZbhQBANNER-FLIBS11_jpg] Da: Davide Marinelli <davide@acubesrl.it> Inviato: luned 28 ottobre 2024 16:21 A: Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Cc: Simone Brignoli <Simone.Brignoli@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL Caution: This email originated from an external source. Do not click links or open attachments unless you recognize the sender and know the content is safe. Ciao Juan Carlos ho provato a chiamarti riusciresti a telefonarmi al numero 3381941433 devo chiederti un paio di info [cid:image001.jpg@01DB2958.7124F570] Non stampare questa e-mail. Questo documento formato esclusivamente per il destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere esclusivamente confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 GDPR- e quindi ne proibita lutilizzazione ulteriore non autorizzata. Se avete ricevuto per errore questo messaggio, Vi preghiamo cortesemente di contattare immediatamente il mittente e cancellare la e-mail. Grazie. Please dont print this e-mail. Confidentiality Notice This e-mail message including any attachments is for the sole use of the intended recipient and may contain confidential and privileged information pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 GDPR-. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ________________________________ Da: Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Inviato: luned 28 ottobre 2024 10:21 A: Davide Marinelli <davide@acubesrl.it> Cc: Simone Brignoli <Simone.Brignoli@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL Buongiorno Davide! Grazie per lattenzione, ti chiedo di non tenere in conto la richiesta su altri materiali. Detto questo per allinearci ti chiedo il preventivo su carta 130 g. di quanto gi richiesto 2 copie per tipologia di file con cornice del fogli --- tot : 4 pz 2 copie solo sagoma dentro la cornice --- tot: 4 pz La sagoma si intende quella di color VERDE come nella foto sotto: che la linea verde sia visibile sul foglio o meno non rilevante limportante la scala 1:1 come da file [cid:image002.jpg@01DB2958.7124F570] Ti un file in formato DXF/autocad versione 2010, con le sagome vi allego anche i pdf per stampa. Se avete modo di spedire ti chiedo aggiungere anche una voce per eventuale trasporto a vs carico. Lunica cosa, ho una certa urgenza perch devo partire allestero e dovrei portarmeli dietro, possibile, averli entro gioved 31 se faccio fare lordine oggi? Attendo un vs gentile risposta. Grazie e buon lavoro! Saluti. Juan Carlos Mauri Junior Product Manager, Marine Division m. t.+39 010 7720751 232 [cid:image003.jpg@01DB2958.7124F570] [cid:image006.png@01DB2958.7124F570] [cid:image007.png@01DB2958.7124F570]<https://www.apiresinfloors.com/en/> [cid:image008.png@01DB2958.7124F570] <https://www.linkedin.com/company/api-spa/> [cid:image009.png@01DB2958.7124F570] <https://www.facebook.com/APIresinfloors> [cid:image010.png@01DB2958.7124F570] <https://www.instagram.com/apiresinfloors/> [cid:image011.jpg@01DB2958.7124F570] Da: Davide Marinelli <davide@acubesrl.it> Inviato: venerd 25 ottobre 2024 16:26 A: Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com> Oggetto: R: stampa su plotter SESTE CARNIVAL Caution: This email originated from an external source. Do not click links or open attachments unless you recognize the sender and know the content is safe. Buongiorno Sig. Mauri le rispondo in merito alla richiesta da lei richiesta Stampa formato A0 - 84,1x118,9cm stampa su carta bianca da grammi 130 - euro 15,00 cad + iva Stampa formato A0 - 118,9x168,2cm stampa su carta bianca da grammi 130 - euro 30,00 cad + iva Come altre tipologie di materiali possiamo usare il banner da 500grammi che un telato plastico che molto resistente Per le sagome invece pi complesso in quanto dovremmo andare a fare una lavorazione su una taglierina piana, lavorazione fattibile senza problemi. Devo per fare una quotazione ad hoc e per farla mi servirebbero i file Noi per stampare il lavoro necessitiamo del file in PDF Se vuole ci sentiamo cos le presento i nostri servizi Cordiali saluti [cid:image001.jpg@01DB2958.7124F570] Non stampare questa e-mail. Questo documento formato esclusivamente per il destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere esclusivamente confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 GDPR- e quindi ne proibita lutilizzazione ulteriore non autorizzata. Se avete ricevuto per errore questo messaggio, Vi preghiamo cortesemente di contattare immediatamente il mittente e cancellare la e-mail. Grazie. Please dont print this e-mail. Confidentiality Notice This e-mail message including any attachments is for the sole use of the intended recipient and may contain confidential and privileged information pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 GDPR-. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ________________________________ ________________________________ Da: Info Acube Srl <info@acubesrl.it<mailto:info@acubesrl.it>> Inviato: gioved, ottobre 24, 2024 5:31 PM A: Alessandro Danieli <a.danieli@acubesrl.it<mailto:a.danieli@acubesrl.it>> Oggetto: I: stampa su plotter SESTE CARNIVAL Da: Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com<mailto:Juan.Mauri@apiresinfloors.com>> Inviato: gioved 24 ottobre 2024 17:20 A: Info Acube Srl <info@acubesrl.it<mailto:info@acubesrl.it>> Oggetto: stampa su plotter SESTE CARNIVAL Buongiorno, con la presente sono a chiedere un preventivo per quanto riguarda la stampa in scala 1:1 di n. 2 file con su due sagome diverse: 1. Formato A0 scala 1:1 [cid:image012.png@01DB2958.7124F570] 1. Formato non standard scala 1:1 [cid:image013.jpg@01DB2958.7124F570] 1189*1682 poi volevo sapere che su che tipo di materiale potete stampare? Ho a disposizione i 2 vettoriali DWG/DXF In caso questa mail sia di vostro interesse, vi chiedo un prezzo per : tutto il foglio n. 2 copie per tipo su carta n. 2 copie per tipo su carta pi resistente (se c alternativa) n. 2 copie per tipo su materiali diversi se c la possibilit non spessi, devono potersi piegare. Solo sagoma presente dentro il foglio n. 2 copie per tipo su carta n. 2 copie per tipo su carta pi resistente (se c alternativa) n. 2 copie per tipo su materiali diversi se c la possibilit non spessi, devono potersi piegare. vi prego di segnalare eventuale data di consegna/ tempistiche Grazie per la vostra attenzione, rimango a disposizione per eventuali dubbi. Un saluto e Buon lavoro! Juan Carlos Mauri Junior Product Manager, Marine Division m. t.+39 010 7720751 232 [cid:image003.jpg@01DB2958.7124F570] [cid:image006.png@01DB2958.7124F570] [cid:image007.png@01DB2958.7124F570]<https://www.apiresinfloors.com/en/> [cid:image008.png@01DB2958.7124F570] <https://www.linkedin.com/company/api-spa/> [cid:image009.png@01DB2958.7124F570] <https://www.facebook.com/APIresinfloors> [cid:image010.png@01DB2958.7124F570] <https://www.instagram.com/apiresinfloors/> [cid:image011.jpg@01DB2958.7124F570]
                                        Attachments:
                                        • DDTA202403389.pdf

                                        Headers

                                        Key Value
                                        Authentication-Resultsrelay.mimecast.com; dkim=none; arc=pass ("microsoft.com:s=arcselector10001:i=1"); dmarc=none; spf=pass (relay.mimecast.com: domain of davide@acubesrl.it designates 40.107.103.91 as permitted sender) smtp.mailfrom=davide@acubesrl.it
                                        Receivedfrom AM5PR10MB1554.EURPRD10.PROD.OUTLOOK.COM ([fe80::2f73:bfc1:99ef:97f1]) by AM5PR10MB1554.EURPRD10.PROD.OUTLOOK.COM ([fe80::2f73:bfc1:99ef:97f1%5]) with mapi id 15.20.8114.015; Wed, 30 Oct 2024 13:54:05 +0000
                                        X-MC-UniqueCrcFtJOgMLudijjJlWHDbg-1
                                        ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mphBMaUEM7qktYYAzJf/wTBXaT4ggvD0zVAAX3HhAjwRNsnek2qBB3zyj2JpKdeQy21nsoOKoqBioDeiurUuSJX+qkYnfrlq7faQRyZ2hsCSSpS3ce2MOEjhgHxP3MBFSo3eRQmchgv2hkEsVdTKMERTKhHLKmIWFqUk9SiEBM9ve9Wb94owUCwc8E4TqLmWXIf61RlR+B1J99lPdUHUCJmDkYp/CM4Ss9YTTR0b6q0ejMWI0KZ6MjfCaHmtfWD6mGnYhptJyIf70prSMc0ndmnRfeMBgF0aF0UU1J0f/XabTOso9rz5xiVIxNIgFNMOaTJt+UbMFl5zkA27CtVf1A==
                                        ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hVIeRC6b3Gwm6jmBR4j8xuNCwq0BN9wjW2hNbEV2R9E=; b=BzanZ39Vm2V1i9VXnf/Pn72CAQBrQNG1doTEHiJFTB1T4/mTuCFMzQ1qgY5oIedRIgwa6bQu+vmhhGXE8pBygJWZ6JtnLoVoxZDFjlLGBIiOvQ5WzWh1fzrSJzN+U5hkHnIASDelLBxa5aDhR6SL2JoqITusk0pYv0+2nl2/y05I5wKgcEeDIoUAZrvFZmi59VMCeUtFd55pdLgBAkHeO3vYvYU8Ok8GqjAZoppYxLpOWSzpFIDmbRzEwef+axosycKVQ60Bv2S/kP5kvUXszqO6WTvNx3W5qRkH9C9uMCXmLZ9llR15isVu1eaE8MkTrcNbXgso3ORhAZL9E66lbA==
                                        ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=acubesrl.it; dmarc=pass action=none header.from=acubesrl.it; dkim=pass header.d=acubesrl.it; arc=none
                                        FromDavide Marinelli <davide@acubesrl.it>
                                        ToSerena Solvino <serena.solvino@apiresinfloors.com>
                                        CCGabriele De Francesco <Gabriele.DeFrancesco@apiresinfloors.com>, Juan Carlos Mauri <Juan.Mauri@apiresinfloors.com>
                                        SubjectR: stampa su plotter SESTE CARNIVAL
                                        Thread-Topicstampa su plotter SESTE CARNIVAL
                                        Thread-IndexAdsl52sWrE5TtFFlRAGblPtycts5MwAP42qAAACzbnAAAl3MYQAtXCARAIs11lAADdX6XgAAmIQQAAFXaqwALrb9PwAAEPlOAAA4IaIAAKuWYAAlyopfAAn0daIAADcH9g==
                                        DateWed, 30 Oct 2024 13:54:05 +0000
                                        Message-ID<AM5PR10MB155481BDF2B91F504E96D7B2CF542@AM5PR10MB1554.EURPRD10.PROD.OUTLOOK.COM>
                                        References<BY3PR18MB4545A9FC76F58710D81DD2C3F94E2@BY3PR18MB4545.namprd18.prod.outlook.com> <BY3PR18MB45458414CE1FF9ED4EB5AEDEF94E2@BY3PR18MB4545.namprd18.prod.outlook.com> <DB5PR10MB7666DE6EBC9E1ED977E37F79DA4E2@DB5PR10MB7666.EURPRD10.PROD.OUTLOOK.COM> <DB9PR10MB75783251D2A7D446CDB5052FF94E2@DB9PR10MB7578.EURPRD10.PROD.OUTLOOK.COM> <AS2PR10MB64484F830911948320B7C243CF4F2@AS2PR10MB6448.EURPRD10.PROD.OUTLOOK.COM> <BY3PR18MB45458624354C02DFE7A8A829F94A2@BY3PR18MB4545.namprd18.prod.outlook.com> <AM5PR10MB15543739C0AFA8421B40BFFCCF4A2@AM5PR10MB1554.EURPRD10.PROD.OUTLOOK.COM> <CO1PR18MB4556939072A7B782E18171CBF94A2@CO1PR18MB4556.namprd18.prod.outlook.com> <AM5PR10MB1554384079E60D5252F9D091CF4A2@AM5PR10MB1554.EURPRD10.PROD.OUTLOOK.COM> <PH0PR18MB3816843B1781AD1692DBC291EB4B2@PH0PR18MB3816.namprd18.prod.outlook.com> <AM5PR10MB1554D7D5E5CA52D0B61FC45CCF4B2@AM5PR10MB1554.EURPRD10.PROD.OUTLOOK.COM> <PH0PR18MB3816C1F87DA748A6637D11FEEB4B2@PH0PR18MB3816.namprd18.prod.outlook.com> <AM5PR10MB15548A34EEEBFA6B18D09586CF4B2@AM5PR10MB1554.EURPRD10.PROD.OUTLOOK.COM> <PH0PR18MB381637741FF33E78321091D7EB542@PH0PR18MB3816.namprd18.prod.outlook.com> <PH0PR18MB3816C6225CF38CCF244CC946EB542@PH0PR18MB3816.namprd18.prod.outlook.com>
                                        In-Reply-To<PH0PR18MB3816C6225CF38CCF244CC946EB542@PH0PR18MB3816.namprd18.prod.outlook.com>
                                        Accept-Languageit-IT, en-US
                                        X-MS-Has-Attachyes
                                        X-MS-TNEF-Correlator
                                        msip_labels
                                        x-ms-publictraffictypeEmail
                                        x-ms-traffictypediagnosticAM5PR10MB1554:EE_|DU0PR10MB6679:EE_
                                        x-ms-office365-filtering-correlation-id518acca0-bb2b-4378-d5ab-08dcf8ea518a
                                        x-ms-exchange-senderadcheck1
                                        x-ms-exchange-antispam-relay0
                                        x-microsoft-antispamBCL:0;ARA:13230040|376014|366016|1800799024|8096899003|38070700018
                                        x-microsoft-antispam-message-infoSv6p+10mXSOS8LqNt3Jm4jQjDLAvO2TFfTZrjtNBPlDyyEfHHzuxGa1EGf5p/Etix8BTXPVbHsp0Ok3jUMvKIF5tWRfq/rDJvmziZ14AVQzzE0POrq+gxQPHUlqqX5KQovRRLxtH0hfle0sH/EVd1r0xmTAsh4L0sNDr8uKa9SLiLCgbNEjh3pxwEWLfOimp7CXbvBZzgup2BHGFhzStAFCup6D81AydElzAw2FjL5r76TTQDFCFdNkkwDHt2TU38gN+udPrpyT8z/5h0YO2fD4c1JlCjMPWQBzk6SWJJ7K06wJdK/S49zQ9FDgGr2MbtrSbjTwdI63oU/RIsyezBXemW0J/4eFICfHHIfcdeoAmSm/9k0bDoP+s4fafSJ1MF53YoBw1hXbS8CrV54uYDEL/3GjqA5LMW9HhCPFoBY8ptaG/PA1ZBylEI75TnPpX/zCqsbLBN9d5wNZL7wkKF8ilyV7kVJt1MxjiDWAw63gyWTPTcGa8A9ftsXIHaFHEYydmhXkMRJpohH0C/e8kFSBPov8H9p9OJYtzEnAY8knzLVM4494aGlSXMVGFf9eelhEARJRw5N0U1Qg6SCYbwtTDnOAcPNXPy4VPaJWXdVQ+3VM3tN52+YDbqzfTcR4oGvJApm+O0n7qZbZ7UfWTeOon9gUexTTVJP45x4Q3iwNhml75G9g/mYzXGROFbzupfpjWudEDINIri30955eAJBFyu8zaz+h/pa6ANfZVjj+ckCYsaBQiNtqoo8kKmmQjQRSCMr2W3wQKQuarUMlWm8pF1gmbogYECsBK0ImbkDyWQnvXpsGD2J2OXgmq/K9f9GUZKY45cili0906nJWJMMEAkxlf1XiFMkZqy6x4n3HfQHERLiGXoOQlEKbIs58xpD8ZtYy5MPZu1p7C59hbT6pqOWvcXi6K9QaW8BF0h84tlTGno8nX+I9nFWa7J9NDlAmurAYIK5mVntn3BvvXegQvvIHySgL6M81dKG4eZAE7Xl7P21QNU6DFGCRHK+0aWpzcbZUnaRrm2UPXNtDDEkxONsGs2KqFNAWk+OTw4TDNbaT0XDDHzH1hlBpRURqONCn3xPVpUSdG64WtXopmY4ygw9LDMth7ZSb+f26ZNVoK8cAnJZIi19JMW0UrA5WUi7uoAI9tx2MzhHLi0oWo9N9iBpEz/PeZW40/L7twE6Acy8fpqoCHBW1IqA3gFQxQX+7STNS2dv1AmHzBimCmmJxk9HpUQuISIp+Ie+Xk3XE946qkHWUMwngF/AcUuvvX
                                        x-forefront-antispam-reportCIP:255.255.255.255;CTRY:;LANG:it;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM5PR10MB1554.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(8096899003)(38070700018);DIR:OUT;SFP:1102
                                        x-ms-exchange-antispam-messagedata-chunkcount1
                                        x-ms-exchange-antispam-messagedata-08qK/4niv20pVqSfjlBBUtPuDoUnxrlZ7uXSXWZq1jQBnBekVRjNhqImp/knODHV9Fgsro/DDQr02VULlv5wQIeHd3pXv21rVDJVdyGNh2fLnkiAGiFN8pCHthO6a5LsFKPzOgmIUwtQ9YP3qCAdz2UvAwbpuBq2eYIqbSxqrPOy6sCLhiUDwg6fl0RapgZ2yWvGWfsUtWPztP4CEVgHJKnzzCJtmVwtfuv4BU34oQA3BqQ5gD6njKs4VKbez+qt7aXjnyCvrZxNbSewI3BvSbmbSPQaAvg+xB0qAbn2LaaF36Lerisnyhp+D9iogoRsl5arI+hE692HZAX7QSo9ruPag5z/K4tkasWuVoxD03stcB6z0Lsh9FY5d/hLNq0e72IWMse7QEimwLSLZuskUB4yP2CfRKu9o54fB+A+9SlvdDTEKJcJyco3EfPKPrQASySg5diRi5VPouFK2bgngEccQflZP+NKG7fz4VAtt05MLF/DTh0E4GlMWi1/KsRHdGlzMg1TAenXHgDnPYNFixa+GcT8nNkIni2gXRfwCHeenIH7kESCZx738MZIijT4VWzZJ9EQIpTSfotQw4BwFvBrPrW0WA8Z3P1vmKYbaowa3iZuP62daKqoKwLLuO3FepZF4V/MQZaqpk9eTm5gdS4YjipcLYanQfYXqkGogC6Pmh7pcnQzcOSN/oyEVBLR/x5+66ca2RETjlBSPE4+3/D0qUyx6y4WKkv0W2x6jqy9BQIPMABWqx8UHjbZemRvgSbv9sRUORcaWsjOCQ3Cbub3wjqSg2R9CzuxGFHaVBbU8HRn3uGBgE2s/uS02hSwA6vNHVSfFMhUU9QLBs2umv8fINO71L/gOeTzIQhEbDNcbV9RBlHedorWnxWTrHmAt/ObQXpOqL0vOrKl10EGsU+v7I4k3lA7bSVG6xvWdWg8yHkmOduM3zOtqx/3mW7rrT6DlWmdXBA6vDhq3rjhtcV7eAq1ISR4GoeIZfwWAEOm5FERkn193TRQdsXPDIArYsshCQekwZKgXM0sxsUU+Q+1ZdqwPtht8RGEEr5F7PrQgT2egauTLzUt7+yobhqjAdr6X81Ly9kHgaNwIJq0pthWbTUR4FSEGFVONkwO5a2v5epqcCidAGmcR+W3kzNd+a4IgzFRg/foGPsFvHM6CHwiPZma2m7/FZgqylwts7WhLqpHu/StdWglFvXECLa4DaPe5wGDb1ox5KoZ30xJ/74p5o1n5uQV/QP74XLKtA1EDeMVQo6pr8C+ml2VbrkTkoTXbQM95ny/jC6e27E3S2R7xw7w0wyYik6Oj4jN/82o4bTLJMePwDDaS69wkwiyLDN01X8ztE3GP1BWkEggmh5OwOoU/noZSS0goRCsuy3AA/g1/lDwnMDp+QfmFAM5nzWN2acpQ5sVvjCeb+8vPP8ssF5nUD4h3pxlhCTDjJ4n/yFTwlOkVlxsG9XGL0XQyb1p/b6lWDEDFwhXHqtTmphxxWC3GC3/noI158SfgY25VNGBgM/+ngmFXg4S3FWusY1aK6Mof4y34Goov5PWe8hOg3/U5h7mj/cQxVv3QTKA=
                                        MIME-Version1.0
                                        X-OriginatorOrgacubesrl.it
                                        X-MS-Exchange-CrossTenant-AuthAsInternal
                                        X-MS-Exchange-CrossTenant-AuthSourceAM5PR10MB1554.EURPRD10.PROD.OUTLOOK.COM
                                        X-MS-Exchange-CrossTenant-Network-Message-Id518acca0-bb2b-4378-d5ab-08dcf8ea518a
                                        X-MS-Exchange-CrossTenant-originalarrivaltime30 Oct 2024 13:54:05.3586 (UTC)
                                        X-MS-Exchange-CrossTenant-fromentityheaderHosted
                                        X-MS-Exchange-CrossTenant-id0b78eb51-ab84-4136-b801-5d3ededd5a9d
                                        X-MS-Exchange-CrossTenant-mailboxtypeHOSTED
                                        X-MS-Exchange-CrossTenant-userprincipalnameoM10x4pn2H8CvyRTiNIe8ez2olhobyaFcRduq18fgplVhfRoptdYJ2NaF5SYxEd9Qqh3zdZ6DBXM/O2Gs3ihlg==
                                        X-MS-Exchange-Transport-CrossTenantHeadersStampedDU0PR10MB6679
                                        X-Mimecast-Spam-Score-4
                                        Content-Languageit-IT
                                        Content-Typemultipart/mixed; boundary="_034_AM5PR10MB155481BDF2B91F504E96D7B2CF542AM5PR10MB1554EURP_"

                                        File Icon

                                        Icon Hash:46070c0a8e0c67d6

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-10-31T21:42:05.430849+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.1649704TCP
                                        2024-10-31T21:42:43.370438+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.1649722TCP

                                        Network Port Distribution

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Oct 31, 2024 21:42:28.327917099 CET4989453192.168.2.161.1.1.1

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Oct 31, 2024 21:42:28.327917099 CET192.168.2.161.1.1.10x3b3Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Oct 31, 2024 21:42:28.337970972 CET1.1.1.1192.168.2.160x3b3No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                        Oct 31, 2024 21:42:41.994546890 CET1.1.1.1192.168.2.160x1cc2No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                        Oct 31, 2024 21:42:41.994546890 CET1.1.1.1192.168.2.160x1cc2No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:1
                                        Start time:16:42:03
                                        Start date:31/10/2024
                                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\R_ stampa su plotter SESTE CARNIVAL.eml"
                                        Imagebase:0xa30000
                                        File size:34'446'744 bytes
                                        MD5 hash:91A5292942864110ED734005B7E005C0
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:8
                                        Start time:16:42:06
                                        Start date:31/10/2024
                                        Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A0CAE0D2-9C40-403E-B425-E6C771B89183" "CF374F57-CCF7-4759-9CDB-0DA4C15B87F0" "6864" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                        Imagebase:0x7ff64e110000
                                        File size:710'048 bytes
                                        MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:10
                                        Start time:16:42:13
                                        Start date:31/10/2024
                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LUN35Q36\DDTA202403389.pdf"
                                        Imagebase:0x7ff6fcf20000
                                        File size:5'641'176 bytes
                                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:11
                                        Start time:16:42:14
                                        Start date:31/10/2024
                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                        Imagebase:0x7ff604a10000
                                        File size:3'581'912 bytes
                                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:12
                                        Start time:16:42:15
                                        Start date:31/10/2024
                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1572,i,9027920132659057289,6595490232884719662,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                        Imagebase:0x7ff604a10000
                                        File size:3'581'912 bytes
                                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        Disassembly

                                        No disassembly