Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msg

Overview

General Information

Sample name:Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msg
Analysis ID:1562261
MD5:e0c92bacfc67c2ac994c8edb5d848f46
SHA1:d88375d568a4af5e5e09b977b079a820468e84a6
SHA256:65254b1b272d484de501ed0a0e9d34bd5310ca967f373d93cdacb75e90f553e1
Infos:

Detection

HTMLPhisher
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish54
AI detected potential phishing Email
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML page contains string obfuscation
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 4184 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6868 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EE9F8E4B-B551-4C51-AEC7-6D94D9133390" "9D2EA293-5E3C-42BC-A718-BD473EC58843" "4184" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 7148 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6440 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6716 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,9781682381244597973,7521395088549441664,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • chrome.exe (PID: 7896 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%252C3602a3f1%252C7f94ba88&p1=google.pt/url?q=72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIWpQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&esrc=842HwFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/wwgt4tnetengt4temailredirectphpactionclick0180811085135j94i3dj1.q245d.sbs/schmidstorenweiterdev/Cardfactory/ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs= MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
        • chrome.exe (PID: 8092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=1888,i,13911730611528436003,1778829301658871777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
1.5.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    3.4.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      1.17.i.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        4.5.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          4.6.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
            Click to see the 1 entries

            Sigma Signatures

            Sigma detected: Office Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4184, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
            Sigma detected: Outlook Security Settings Updated - Registry
            Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4184, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            AI detected phishing page
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/viFleQYd#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=Joe Sandbox AI: Score: 9 Reasons: The brand 'Office.com' is well-known and typically associated with Microsoft., The URL 'fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com' does not match the legitimate domain 'office.com'., The URL contains multiple unrelated words and a domain 'earringsandthings.com' which is not associated with 'Office.com'., The presence of a long, unrelated subdomain suggests a potential phishing attempt., The domain 'earringsandthings.com' does not align with the brand 'Office.com', indicating a mismatch. DOM: 2.1.pages.csv
            Yara detected HtmlPhish54
            Source: Yara matchFile source: 1.5.id.script.csv, type: HTML
            Source: Yara matchFile source: 3.4.pages.csv, type: HTML
            Source: Yara matchFile source: 1.17.i.script.csv, type: HTML
            Source: Yara matchFile source: 4.5.pages.csv, type: HTML
            Source: Yara matchFile source: 4.6.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            AI detected potential phishing Email
            Source: EmailJoe Sandbox AI: Detected potential phishing email: Sender email domain (nifty.com) does not match the claimed organization (cardfactory.co.uk). Suspicious attachment naming pattern with random hexadecimal string. Suspicious password provision and scanner details suggesting social engineering
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: Number of links: 0
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/viFleQYd#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: Base64 decoded: ...
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/viFleQYd#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: Found new string: script .. // Function to use fetch to send request to logVisit.php. function logVisit() {. fetch("https://magamemecoin-drop.com/logVisit.php", {. method: "POST",. headers: {. "Content-Type": "application/x-www-form-urlencoded". },. body: "action=log-visit".. }). .then(response => {. // get response. if (!response.ok) {. throw new Error("Log visit failed", response.statusText);. }.. }). .catch(error => {. console.error("Error logging visit:", error); // Handle any errors and log them to the console. });. }.. // Function called by Turnstile upon successful verification. function onTurnstileVerified(token) {.. // Calling the function. logVisit();. .. // Redirect to a specified URL upon successful form submission and verification. var hash = window.location.hash;. if (hash !== "") {. h...
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: Title: Sign in to your account does not match URL
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: Iframe src: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/Me.htm?v=3
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/viFleQYd#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: No favicon
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/viFleQYd#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: No favicon
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: No favicon
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: No <meta name="author".. found
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: No <meta name="author".. found
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: No <meta name="author".. found
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: No <meta name="copyright".. found
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: No <meta name="copyright".. found
            Source: https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=HTTP Parser: No <meta name="copyright".. found
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam.pdf
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam (002).pdf
            Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49728 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.147.2:443 -> 192.168.2.17:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 2.16.158.74:443 -> 192.168.2.17:49750 version: TLS 1.2
            Source: chrome.exeMemory has grown: Private usage: 22MB later: 27MB
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 63.32.197.17
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
            Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.210
            Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.210
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
            Source: global trafficDNS traffic detected: DNS query: google.pt
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: www.google.pt
            Source: global trafficDNS traffic detected: DNS query: wwgt4tnetengt4temailredirectphpactionclick0180811085135j94i3dj1.q245d.sbs
            Source: global trafficDNS traffic detected: DNS query: fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com
            Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: magamemecoin-drop.com
            Source: global trafficDNS traffic detected: DNS query: worldballoonconventionqualatexcompanarmenian.earringsandthings.com
            Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
            Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.17:49728 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.147.2:443 -> 192.168.2.17:49746 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49747 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 2.16.158.74:443 -> 192.168.2.17:49750 version: TLS 1.2
            Source: classification engineClassification label: mal60.phis.winMSG@37/61@35/211
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T0619590158-4184.etl
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msg"
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EE9F8E4B-B551-4C51-AEC7-6D94D9133390" "9D2EA293-5E3C-42BC-A718-BD473EC58843" "4184" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EE9F8E4B-B551-4C51-AEC7-6D94D9133390" "9D2EA293-5E3C-42BC-A718-BD473EC58843" "4184" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam.pdf"
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1568,i,9781682381244597973,7521395088549441664,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 1891AAA936605C5465E3FC6BA1FCF486
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam.pdf"
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%252C3602a3f1%252C7f94ba88&p1=google.pt/url?q=72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIWpQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&esrc=842HwFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/wwgt4tnetengt4temailredirectphpactionclick0180811085135j94i3dj1.q245d.sbs/schmidstorenweiterdev/Cardfactory/ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=1888,i,13911730611528436003,1778829301658871777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://t1.a.editions-legislatives.fr/r/?id=hfe20c57a%252C3602a3f1%252C7f94ba88&p1=google.pt/url?q=72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIW72934GOtIWpQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&esrc=842HwFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/wwgt4tnetengt4temailredirectphpactionclick0180811085135j94i3dj1.q245d.sbs/schmidstorenweiterdev/Cardfactory/ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=1888,i,13911730611528436003,1778829301658871777,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam.pdf
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam (002).pdf
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Drive-by Compromise            		Windows Management Instrumentation1
            Browser Extensions            		1
            Process Injection            		1
            Masquerading            		OS Credential Dumping1
            Process Discovery            		Remote ServicesData from Local System2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Process Injection            		LSASS Memory1
            File and Directory Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAt1
            Registry Run Keys / Startup Folder            		1
            Registry Run Keys / Startup Folder            		1
            DLL Side-Loading            		Security Account Manager14
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            Extra Window Memory Injection            		1
            Extra Window Memory Injection            		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            No Antivirus matches

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            wwgt4tnetengt4temailredirectphpactionclick0180811085135j94i3dj1.q245d.sbs
            		172.67.206.110
            		truefalse
              		unknown
              bg.microsoft.map.fastly.net
              		199.232.214.172
              		truefalse
                		high
                a.nel.cloudflare.com
                		35.190.80.1
                		truefalse
                  		high
                  challenges.cloudflare.com
                  		104.18.95.41
                  		truefalse
                    		high
                    sni1gl.wpc.omegacdn.net
                    		152.199.21.175
                    		truefalse
                      		high
                      www.google.com
                      		172.217.21.36
                      		truefalse
                        		high
                        fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com
                        		101.99.75.104
                        		truetrue
                          		unknown
                          worldballoonconventionqualatexcompanarmenian.earringsandthings.com
                          		101.99.75.104
                          		truefalse
                            		unknown
                            s-part-0035.t-0009.t-msedge.net
                            		13.107.246.63
                            		truefalse
                              		high
                              google.pt
                              		172.217.19.195
                              		truefalse
                                		unknown
                                www.google.pt
                                		172.217.19.195
                                		truefalse
                                  		unknown
                                  magamemecoin-drop.com
                                  		104.21.14.72
                                  		truefalse
                                    		unknown
                                    x1.i.lencr.org
                                    		unknown
                                    		unknownfalse
                                      		high
                                      identity.nel.measure.office.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        aadcdn.msftauth.net
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          https://wwgt4tnetengt4temailredirectphpactionclick0180811085135j94i3dj1.q245d.sbs/schmidstorenweiterdev/Cardfactory/ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=false
                                            		unknown
                                            https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=false
                                              		unknown
                                              https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638681304895157147.MWFiNWYxYzAtZDIxNC00MDgyLWE4OWQtN2Q1M2VhZTBiZWRiM2IxODcyZTktY2NhZC00ZTUzLThjMGYtMmNmOTNmOGY0YWZh&ui_locales=en-US&mkt=en-US&client-request-id=23446996-b028-49f6-82f1-47c202d84da8&state=C8BIRVXK_jG-ZinLEMy3OgoZmzNaIdhGFH2kpDNS4HZ4Oog_srjIMxlEaPHIfAAq9Tmlv9FT0a_B_qI6ohEpjgliVfzzfp--vXv4uViD-_ytG-_7cpuijV8O_L2skaV-7M2-aupfPy6_eMrIpHmhEXtvER0tGAlyV-AfOh5ZWoEQ2TKUtVKuRYiZgQoeKVOqTLZHRt3VPEkyI1flk1OJAOIMHVRV7AfHw3_uGwtRN7xguy2t7Uu_wkzPnbIOwkcHO77FMTKAe6c7XuUFjQYstg&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=true#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=false
                                                		unknown
                                                https://fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.com/viFleQYd#ZGF0YXRlYW1AY2FyZGZhY3RvcnkuY28udWs=true
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public IPs

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  172.217.19.227
                                                  		unknownUnited States
                                                  		15169GOOGLEUSfalse
                                                  101.99.75.104
                                                  		fastzonecapecodbaseballmuseumkaihsecotour.earringsandthings.comMalaysia
                                                  		45839SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMYtrue
                                                  13.107.246.63
                                                  		s-part-0035.t-0009.t-msedge.netUnited States
                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                  52.202.204.11
                                                  		unknownUnited States
                                                  		14618AMAZON-AESUSfalse
                                                  172.217.17.67
                                                  		unknownUnited States
                                                  		15169GOOGLEUSfalse
                                                  2.20.60.204
                                                  		unknownEuropean Union
                                                  		20940AKAMAI-ASN1EUfalse
                                                  172.217.19.195
                                                  		google.ptUnited States
                                                  		15169GOOGLEUSfalse
                                                  52.109.89.19
                                                  		unknownUnited States
                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                  199.232.214.172
                                                  		bg.microsoft.map.fastly.netUnited States
                                                  		54113FASTLYUSfalse
                                                  172.217.21.36
                                                  		www.google.comUnited States
                                                  		15169GOOGLEUSfalse
                                                  35.190.80.1
                                                  		a.nel.cloudflare.comUnited States
                                                  		15169GOOGLEUSfalse
                                                  142.250.181.42
                                                  		unknownUnited States
                                                  		15169GOOGLEUSfalse
                                                  172.64.41.3
                                                  		unknownUnited States
                                                  		13335CLOUDFLARENETUSfalse
                                                  104.21.14.72
                                                  		magamemecoin-drop.comUnited States
                                                  		13335CLOUDFLARENETUSfalse
                                                  52.113.194.132
                                                  		unknownUnited States
                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                  172.217.19.238
                                                  		unknownUnited States
                                                  		15169GOOGLEUSfalse
                                                  1.1.1.1
                                                  		unknownAustralia
                                                  		13335CLOUDFLARENETUSfalse
                                                  52.109.68.130
                                                  		unknownUnited States
                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                  104.18.95.41
                                                  		challenges.cloudflare.comUnited States
                                                  		13335CLOUDFLARENETUSfalse
                                                  2.16.149.9
                                                  		unknownEuropean Union
                                                  		1273CWVodafoneGroupPLCEUfalse
                                                  13.70.79.200
                                                  		unknownUnited States
                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                  23.47.168.24
                                                  		unknownUnited States
                                                  		16625AKAMAI-ASUSfalse
                                                  63.32.197.17
                                                  		unknownUnited States
                                                  		16509AMAZON-02USfalse
                                                  64.233.165.84
                                                  		unknownUnited States
                                                  		15169GOOGLEUSfalse
                                                  239.255.255.250
                                                  		unknownReserved
                                                  		unknownunknownfalse
                                                  172.67.206.110
                                                  		wwgt4tnetengt4temailredirectphpactionclick0180811085135j94i3dj1.q245d.sbsUnited States
                                                  		13335CLOUDFLARENETUSfalse
                                                  152.199.21.175
                                                  		sni1gl.wpc.omegacdn.netUnited States
                                                  		15133EDGECASTUSfalse
                                                  23.195.39.65
                                                  		unknownUnited States
                                                  		20940AKAMAI-ASN1EUfalse

                                                  Private

                                                  IP
                                                  192.168.2.17

                                                  General Information

                                                  Joe Sandbox version:41.0.0 Charoite
                                                  Analysis ID:1562261
                                                  Start date and time:2024-11-25 12:18:59 +01:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                  Number of analysed new started processes analysed:25
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • EGA enabled
                                                  Analysis Mode:stream
                                                  Analysis stop reason:Timeout
                                                  Sample name:Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msg
                                                  Detection:MAL
                                                  Classification:mal60.phis.winMSG@37/61@35/211
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .msg

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): dllhost.exe
                                                  • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.89.19
                                                  • Excluded domains from analysis (whitelisted): roaming.officeapps.live.com, ecs.office.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, s-0005.s-msedge.net, weu-azsc-000.roaming.officeapps.live.com, ecs.office.trafficmanager.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  • Report size getting too big, too many NtSetValueKey calls found.
                                                  • VT rate limit hit for: Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msg

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):294
                                                  Entropy (8bit):5.1391393994634145
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:26571D99EAC5A3D6058AB8B66912E3B3
                                                  SHA1:9256EADC994F66CA02424B8E8166CD418F7EBCE8
                                                  SHA-256:C4D5DB4F0B04760B9CFFD17500E34869ECEE51432815FDC30EA1E6A3D5E1FCB4
                                                  SHA-512:73EE01033FE6942A8F7D20E260C444D1A1E23FEB80B9B40F381E0C657A9ACD0DCF4FD12835B7338E9DE7A57CC1736BAE22664DE673C84D9AD08282F4CA0EC542
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:2024/11/25-06:20:19.510 1a1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/25-06:20:19.513 1a1c Recovering log #3.2024/11/25-06:20:19.513 1a1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):338
                                                  Entropy (8bit):5.182420236714466
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:F384200911C807B6A04B80186C495BDC
                                                  SHA1:22E9A013814676FED98BDA19531714B6672465CE
                                                  SHA-256:1BCDA65F56B401C415FE5D72C82D30384CCDE1B340787142FD6E982C0B0E9848
                                                  SHA-512:4DA395A113A122531D72B18988E7F6C37071FEAEB78BB50F2E8FBF0A0C5D34214E47E5265CAF51F014BA1D3E66886496C4DBA3EA7B13F0C451346437E84E0670
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:2024/11/25-06:20:19.424 15fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/25-06:20:19.427 15fc Recovering log #3.2024/11/25-06:20:19.428 15fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5a84fada-85ef-4678-b526-3ac2aaa31bd9.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):476
                                                  Entropy (8bit):4.972685033255279
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:667C98C4D90261D060B71EF430986695
                                                  SHA1:0E84EFFE840FEE76793CFDB80514522FAD3E0DAC
                                                  SHA-256:294D9F60AE60CF3398C9B0AE1E3330728A4346687F6608D30F74103A801273B6
                                                  SHA-512:6CBCF330DA484B0F54CF378B493305C08AEC9F539A85E59AF4E25E1F32013379AD354BB0F63E8DED4B44F7B35463D686D5E9DB610EC75016FCF09F30D6D6F28C
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377093628853632","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":630787},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):0
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                                                  SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                                                  SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                                                  SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6ff2ff.TMP (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):0
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                                                  SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                                                  SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                                                  SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d3d964e0-b8cd-46dc-adf6-e6020e1c7216.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):384
                                                  Entropy (8bit):4.932552339462053
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:1B8F511BE0FCD6FB7524F55C9FB06E61
                                                  SHA1:01BFA769F459561D9748A7E1AD5862DF8216BA4E
                                                  SHA-256:41F52BA78E708F3EEBFB6720F9E13F5DDBE656BCA1E370DF90AA53223ABC6361
                                                  SHA-512:FCF398D9D4274A7FFE41DE433DF3137BC1D62D1933733BAD71ED0DC69F77209427585F8D84088242070835FF2697FBEA752437A7A8C0945CB5A924652DCDC8F5
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):6268
                                                  Entropy (8bit):5.2447386911095
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:E4A5426287CC78F831B96A7631AA59B8
                                                  SHA1:361F060EEBC47465529D3123F1AF31134E62C667
                                                  SHA-256:966D14FD52263535AA1386AD9598EE24A0E3B7EF3E920FDD1CA4AF52B829318B
                                                  SHA-512:8E97516542510CB07ADA4CBCB9D787B306D357505560BB57C48265812AE86F7676B2EEAECD33A97A4B9C9CE10D57F08F0ED5B72AB356E2D22496845B8AA00C6B
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:ASCII text
                                                  Category:dropped
                                                  Size (bytes):326
                                                  Entropy (8bit):5.170358728040974
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:F4CA0029A3BAA239FAAEE61A9B5BBB5A
                                                  SHA1:9D38B03CFA7D18B02E63AE5A39024BAE2FA4D559
                                                  SHA-256:6AD4BDB3431FCAADCA4998EA871F019B827003EF02D810E5F304C3527F6EA48F
                                                  SHA-512:2299D11C09B7F2D7C3FC6728F6537D0638A42BFF5646A244A1B092306BD579E8F864D9FD2E1E38DCD36B7613628E3C3661C04643313077DE8405CDEB8788241D
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:2024/11/25-06:20:19.542 15fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/25-06:20:19.543 15fc Recovering log #3.2024/11/25-06:20:19.545 15fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                                  Category:dropped
                                                  Size (bytes):86016
                                                  Entropy (8bit):4.444791343141643
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:FEB33FC713E62E56971F1C907B37B26F
                                                  SHA1:A16A95C4BFF0362EF1209DF7C6E03D3ED4EEF3C0
                                                  SHA-256:32E5C1EBA8AB61C02BF0123B0C7773071E82DA3B54D92B377493D6D1A26B0557
                                                  SHA-512:17C8686C0075007A2F5579B0B5C69672F6BC1EB0CEA4B6046726838DBFD8D2772851DA83DC41D4898D78D496D90EA16C8C2DF7D7AAEA6318F91EC6FF8A4D229A
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:SQLite Rollback Journal
                                                  Category:dropped
                                                  Size (bytes):8720
                                                  Entropy (8bit):3.7666223782275705
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:7B3BF9BD636EFC0C6BCB51E22B84EB0D
                                                  SHA1:ECD4243A183F732EDDE89F0B19A4E0047C7E67C6
                                                  SHA-256:610AFB9888729BB396D195D4B2EA6EA3B0843D6B3ACA4EE0785761D3845D02BA
                                                  SHA-512:7A1ABAEE27A3067A8F1CF9895E756D56AFD57B215BAE187DD2B4BD9665C37DCE0C6E6C03CF2E9239360265E51703E20FE11EB985D098566E3C6AFE9EE9FCFC7D
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:.... .c.....m..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:Certificate, Version=3
                                                  Category:dropped
                                                  Size (bytes):1391
                                                  Entropy (8bit):7.705940075877404
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                  SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                  SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                  SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                  Category:dropped
                                                  Size (bytes):71954
                                                  Entropy (8bit):7.996617769952133
                                                  Encrypted:true
                                                  SSDEEP:
                                                  MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                  SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                  SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                  SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):192
                                                  Entropy (8bit):2.7673182398396405
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:AE8E9B6F366267B5A19898FB5228FD89
                                                  SHA1:B3B6ACC6A2005D6E64358A1FCF519E4776EF4484
                                                  SHA-256:F86644F8DE42B9DAA0BBF04A791C3A9BF0DD7F1E139AFEF26E6A94EF133E065D
                                                  SHA-512:199A3133FB02F841FDE3D7F725FC315E6EBD9E45DAAA01A564DCB9C3F3FE9A2E6228A1E0E1DFF163E6DD87AC84A0E8DD69A5FA697427D0AEA187161DB7C8D61C
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:p...... .........@..,?..(....................................................... ..........W....!...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):328
                                                  Entropy (8bit):3.242104774174968
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:72F44C8151F62B963455AB14CF9244FD
                                                  SHA1:6BB6263B678B1F7F9BB21D0486D115344E5D4181
                                                  SHA-256:C60876C819A99E268F70EA98D9AAEA9C8B37544D566F40F88C6071390384A02F
                                                  SHA-512:8ED49C0EDC28B2F6DC92C935B1FED652B192F1E33EDEC8E21143C1E1C73E433B4C782F7874C0A7D3B83D9BD80815AAF19D60FC114E1845679854E751E4F1F4A8
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:p...... ........|e..,?..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):0
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6268

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):1233
                                                  Entropy (8bit):5.233980037532449
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):0
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                  SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                  SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                  SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):0
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6268

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:PostScript document text
                                                  Category:dropped
                                                  Size (bytes):10880
                                                  Entropy (8bit):5.214360287289079
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:B60EE534029885BD6DECA42D1263BDC0
                                                  SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                  SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                  SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):4
                                                  Entropy (8bit):0.8112781244591328
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:....

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:JSON data
                                                  Category:dropped
                                                  Size (bytes):2145
                                                  Entropy (8bit):5.066620667317905
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:F0A8E12AC510E73D6BEF395D94846198
                                                  SHA1:9EA0421D6BA724AC4AF45166763053478A770D2E
                                                  SHA-256:62C34697E9980F11BEA6209622454FD3F4FBD82AB09CF93E7225AB32AD5151EA
                                                  SHA-512:63F5FEB42F769D62459AC3E5EB039F801FBB966C29E35817BED740AC84C68040818A0BFC0EE0566BCE9CD864530BB04906B807EB38B72132C059715FAF01E74C
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1732533619000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"d0ada70ae07a10b13ce1a51227edb82a","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696586972000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a7d5f1623758b44a6bb1af710a205b8e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696586967000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b0f98dc45482391504041ce5d4455f67","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696586967000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9eb8200575456615765dda2e131b71fc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585522000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"2041266456e181a98e8e0a84e20ab5ca","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696585522000},{"id":"DC_Reader_Edit_LHP_Banner"

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                                                  Category:dropped
                                                  Size (bytes):12288
                                                  Entropy (8bit):1.355715664119167
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:7C0734649E225D6916B60A6B3D6B03FD
                                                  SHA1:675C2A8BAA98D8526AE3E4AC157B13D15C6FBDF7
                                                  SHA-256:E5D7B49E892C7C6FB8EADD966545705AE8C3EA9E70C2087228FD85C1757C7B0B
                                                  SHA-512:D18915099F2FB3A0C96F49E4040C23E41DF8C2FCEFA5824F914869E462E772AEFE39FB384B6513D197DC1DBFC46EF56B513AE5A31C3F8AC38F4CB68A7229432C
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:SQLite Rollback Journal
                                                  Category:dropped
                                                  Size (bytes):8720
                                                  Entropy (8bit):1.8295513392659422
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:DD329B3FA5D8421942DC85D997165B0A
                                                  SHA1:6EEB13795AD1668476DD99F82B4410D238C69364
                                                  SHA-256:DBC0AA1D9CD9F45FCDEBC011271965CE0773361268F96DA8E7235A83BDDA9C43
                                                  SHA-512:41E0D7739CB002789E378FA93972B9A2CCF4ED39594C4F90C107876AB62BD7B7CC9717E6BD34B0CCC4E86E6774DF85CD56AC89BFFD26F19C8427BA1A1CBAFD7D
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:.... .c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):66726
                                                  Entropy (8bit):5.392739213842091
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:BFF251DA9AC134731D7C3F9F2406EDA0
                                                  SHA1:55793BFCC490A7A531F11D6E379131333431EFE5
                                                  SHA-256:4ADDAEB21C50AE54D84CE65C2117578E64BA0F594079B845A89C62F06E78F8FC
                                                  SHA-512:CD74C87C13A242555297082B4985CEA677D1A52FC3AFA6A568249C9E69FF0D817E91836937A097E92F3E84D6F9EDC3227AD8446BAAE1CEA710F0CC580F0255FB
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                  C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):231348
                                                  Entropy (8bit):4.387567176000907
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:6670A200E4AC68C234A56820185BB919
                                                  SHA1:1767FD75CA332CDA2444B09C1E781E96A25DEF52
                                                  SHA-256:37002B6D26C9213441EF368D06E7E7F872120623138BA06B2FE0B15B3423BD4D
                                                  SHA-512:CEB00E3F816646D9FB015E86B6883D1F6686DAB0E4175A57463AB3D9E35DC4C0E5ED8DD51D3D61D6EB747B6DB05A00260FD1BC30C7D93F8494F0B7301162A847
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:TH02...... .`..+?......SM01X...,.......+?..........IPM.Activity...........h...............h............H..h........6ZV....h........X...H..h\tor ...AppD...h.j..0..........h.^.............h........_`.k...hBX..@...I.+w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. h..Z.....0.....#h....8.........$hX.......8....."h`J......`M....'h..............1h.^..<.........0h....4.....k../h....h......kH..h....p.........-h .......\.....+h.^.......................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):0.045667179300956734
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:F7A569F81D20C6D4A0DCBD80042F80DF
                                                  SHA1:25CF4CDC2FF8F5875965B447056A29FEF82A27B5
                                                  SHA-256:E2C633C328CF028E72FFD90875447A6DFA87F556721B810C4942A15AD74C841B
                                                  SHA-512:B036171F1043AF3DD3E21356CDFA6E75801D8A561BE1A03CB15778823AEF631E982FD8BA6E09D8C7D4A2EEB0018E7EA7E6531021F57B088997913B9A9BD01D07
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:..-.....................G...2..#G...Y0..G....o...-.....................G...2..#G...Y0..G....o.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                  Category:dropped
                                                  Size (bytes):49472
                                                  Entropy (8bit):0.4832793800505578
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:0B258A060DA2B5BCC4F35339E6AE358D
                                                  SHA1:CEDB1551E2A27CCA0896A3BAD00FE4C70ED80DE4
                                                  SHA-256:838072E7BC1006E0A28A1096524752BFD3C8DA7DA97E11DE3A2D0A1CF87EE656
                                                  SHA-512:9421872A26CDA75C8D484CE9E36CA644156854A7FAC015D2659842AECAA5D1E4C5000E43FBC5BA454DF12EB8D2C8570B3C37009A7B76A24F2CD90AC24A7DF64B
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:7....-..........G...Y0....Z2..X........G...Y0...=../..SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam (002).pdf

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:PDF document, version 1.7, 1 pages
                                                  Category:dropped
                                                  Size (bytes):40418
                                                  Entropy (8bit):7.517568136179179
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:D00F702D3AB9E10CD38BA847A1585F99
                                                  SHA1:767739C2425C4E78534E31E576F63B46EC13B5F1
                                                  SHA-256:13C02828802DDD0DAAB89829C85043408E1F87DB0E88714AB85727DEA29658E2
                                                  SHA-512:1829A414ADD28338F364C144024BA1E11175C3100A7DC371FFA90473E59DFC55340FA2431FACE015B728FD5B92B3E3760FA144F1A9455D2C3CBDCA4D71014F99
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:%PDF-1.7.%.....1 0 obj.<< /Extensions << /ADBE << /BaseVersion /1.7 /ExtensionLevel 8 >> >> /Pages 3 0 R /Type /Catalog >>.endobj.2 0 obj.<< /CreationDate <0c432ebffb6d5a90a31707858220883407bc366037ccf7a115760d5f357231a50f85fa61f1c14190edb92724a9447520> /Creator <1c15fee68f1e6b39f7a40617f2241288453e594dc714d9c4a16765ec279ae3aceec4175670f4591bfa7145bfe603ae50362d08d73d123616e9297827a14402cf> /Producer <08e48f29374260e5627aabec2d4a29d4aecb52e047db4797df85550758cd3025d237ac0c750be8923d247e5fe22ddf38> /Title <6cbfb7280dced098b7aab20321183900da0851443504451842946aac0e1e204a> >>.endobj.3 0 obj.<< /Count 1 /Kids [ 4 0 R ] /ProcSet [ /PDF /Text /ImageB /ImageC ] /Type /Pages >>.endobj.4 0 obj.<< /Annots 5 0 R /Contents 6 0 R /MediaBox [ 0 0 612 792 ] /Parent 3 0 R /Resources 7 0 R /Type /Page >>.endobj.5 0 obj.[ 8 0 R 9 0 R 10 0 R 11 0 R 12 0 R 13 0 R ].endobj.6 0 obj.<< /Filter /FlateDecode /Length 2256 >>.stream.....e=..ZD.........M$.!....O.....q....":N./}EK..m.=?R=.~..#f.e..+..........aFp

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam (002).pdf:Zone.Identifier (copy)

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:PDF document, version 1.7, 1 pages
                                                  Category:dropped
                                                  Size (bytes):0
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:D00F702D3AB9E10CD38BA847A1585F99
                                                  SHA1:767739C2425C4E78534E31E576F63B46EC13B5F1
                                                  SHA-256:13C02828802DDD0DAAB89829C85043408E1F87DB0E88714AB85727DEA29658E2
                                                  SHA-512:1829A414ADD28338F364C144024BA1E11175C3100A7DC371FFA90473E59DFC55340FA2431FACE015B728FD5B92B3E3760FA144F1A9455D2C3CBDCA4D71014F99
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:%PDF-1.7.%.....1 0 obj.<< /Extensions << /ADBE << /BaseVersion /1.7 /ExtensionLevel 8 >> >> /Pages 3 0 R /Type /Catalog >>.endobj.2 0 obj.<< /CreationDate <0c432ebffb6d5a90a31707858220883407bc366037ccf7a115760d5f357231a50f85fa61f1c14190edb92724a9447520> /Creator <1c15fee68f1e6b39f7a40617f2241288453e594dc714d9c4a16765ec279ae3aceec4175670f4591bfa7145bfe603ae50362d08d73d123616e9297827a14402cf> /Producer <08e48f29374260e5627aabec2d4a29d4aecb52e047db4797df85550758cd3025d237ac0c750be8923d247e5fe22ddf38> /Title <6cbfb7280dced098b7aab20321183900da0851443504451842946aac0e1e204a> >>.endobj.3 0 obj.<< /Count 1 /Kids [ 4 0 R ] /ProcSet [ /PDF /Text /ImageB /ImageC ] /Type /Pages >>.endobj.4 0 obj.<< /Annots 5 0 R /Contents 6 0 R /MediaBox [ 0 0 612 792 ] /Parent 3 0 R /Resources 7 0 R /Type /Page >>.endobj.5 0 obj.[ 8 0 R 9 0 R 10 0 R 11 0 R 12 0 R 13 0 R ].endobj.6 0 obj.<< /Filter /FlateDecode /Length 2256 >>.stream.....e=..ZD.........M$.!....O.....q....":N./}EK..m.=?R=.~..#f.e..+..........aFp

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\AA3LANRS\Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam.pdf:Zone.Identifier

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):26
                                                  Entropy (8bit):3.95006375643621
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                  SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                  SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                  SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:[ZoneTransfer]..ZoneId=3..

                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732533599370806700_943D8002-868D-4E88-B255-D180E66B4B7D.log

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:ASCII text, with very long lines (28772), with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):20971520
                                                  Entropy (8bit):0.16042922082136776
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:37F35C1720F318F03D81D46ABA4BF2F9
                                                  SHA1:A843C468FBB1A8F54538EA121883511C1DF19DE5
                                                  SHA-256:2B4EA4AC5C5CE8D6E01DB005DBF1FED6B3C704B766682E4E5070040A84482F35
                                                  SHA-512:70DBCFD6C97B9E27D358F75943AAF45337640B44EB0DA82D18AD7F138A7B97B87766CC560C1635AA49CC183BA57195E2814D3C09B14EBD4009399C611E1B8206
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/25/2024 11:19:59.397.OUTLOOK (0x1058).0x132C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2024-11-25T11:19:59.397Z","Contract":"Office.System.Activity","Activity.CV":"AoA9lI2GiE6yVdGA5mtLfQ.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...11/25/2024 11:19:59.429.OUTLOOK (0x1058).0x132C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2024-11-25T11:19:59.429Z","Contract":"Office.System.Activity","Activity.CV":"AoA9lI2GiE6yVdGA5mtLfQ.4.12","Activity.Duration":11889,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732533599371512500_943D8002-868D-4E88-B255-D180E66B4B7D.log

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):20971520
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                  SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                  SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                  SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\MSIed5a8.LOG

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):246
                                                  Entropy (8bit):3.516674370985874
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:00C77584AC9B494B5938C84578B02773
                                                  SHA1:3AD26AA04F2F95A488A41B267900C555E8F0A73A
                                                  SHA-256:864A2481BDE87BF13BE47163BD92C93F6B3B3F21E678611E7D7508E26B6AF34E
                                                  SHA-512:BDF1CCC1569D7EC75DEF77C283E78980DAAC666EE8282194A7362F9ECCACD8558DADFF8109CF82035857F5AA1B7D7AE20C1B34919305214CEFE21441EB6B8207
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.1./.2.0.2.4. . .0.6.:.2.0.:.2.3. .=.=.=.....

                                                  C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T0619590158-4184.etl

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:modified
                                                  Size (bytes):94208
                                                  Entropy (8bit):4.471759427570803
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:61A1A6841484477E60C56D0B3B833415
                                                  SHA1:889B8A98A07DFB4B312B48F09F203C3B30BCD345
                                                  SHA-256:4BF292495FF86DE139BF6D8C6B763A73C4DBB2EBA4BC72A94AE2A5946C80E74E
                                                  SHA-512:76578A6C162449D581A67DA95A10969CA536A174C9113FD547A3E05BD898A7D85DC2BF0FF17D8AF6CEA48C2DCBC20348A7FD0D54635022461DC00917D88CB230
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:............................................................................d...,...X.......+?..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................5g.Y..............+?..........v.2._.O.U.T.L.O.O.K.:.1.0.5.8.:.3.8.d.0.d.a.6.b.6.6.6.7.4.2.f.d.b.8.b.c.a.a.4.3.9.3.6.c.d.a.6.c...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.2.5.T.0.6.1.9.5.9.0.1.5.8.-.4.1.8.4...e.t.l...........P.P.,...X.......+?..................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-25 06-20-18-689.log

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:ASCII text, with very long lines (393)
                                                  Category:dropped
                                                  Size (bytes):16525
                                                  Entropy (8bit):5.359827924713262
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                                                  SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                                                  SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                                                  SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):35721
                                                  Entropy (8bit):5.421542657081389
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:FCC9EC85368C057560EF08B44711D942
                                                  SHA1:5A37192F8ED1D5FE5BEFA037CD0795F61038DA24
                                                  SHA-256:6A729EF8DF851C277C8A7434EB5EFC12A20EEDC37CDDE8A7D214137AFA9C317A
                                                  SHA-512:6441EF4FA96A330EFE02944C958113455E0AB17A6C2AE93045784463E6BA7506329E649EA9CEAFE7B53C1356458925D1DAABA791DCC8E9DA8EF64242F1724B81
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\3224ae93-46b1-44f6-be6a-dd187b07a2e1.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                  Category:dropped
                                                  Size (bytes):1419751
                                                  Entropy (8bit):7.976496077007677
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:0A347312E361322436D1AF1D5145D2AB
                                                  SHA1:1D6C06A274705F8A295F62AD90CF8CA27555C226
                                                  SHA-256:094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
                                                  SHA-512:9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\4efabbd6-493e-4895-8b1d-c4ec41e94e09.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                  Category:dropped
                                                  Size (bytes):758601
                                                  Entropy (8bit):7.98639316555857
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:3A49135134665364308390AC398006F1
                                                  SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                  SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                  SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\a732cb8a-903d-42c4-a3e2-247d1481e73b.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                  Category:dropped
                                                  Size (bytes):386528
                                                  Entropy (8bit):7.9736851559892425
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                  C:\Users\user\AppData\Local\Temp\acrocef_low\c465d5e1-bfb9-471d-942e-22a257a81ae2.tmp

                                                  Download File
                                                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                  Category:dropped
                                                  Size (bytes):1407294
                                                  Entropy (8bit):7.97605879016224
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:716C2C392DCD15C95BBD760EEBABFCD0
                                                  SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
                                                  SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
                                                  SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                  C:\Users\user\AppData\Local\Temp\~DF8F781D161AACCE93.TMP

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):163840
                                                  Entropy (8bit):0.4759817735817301
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:D2734B4FF37FD15C50526CDFFFB1A51A
                                                  SHA1:EED87CA98FC56E254A068E67CAEFD1EF71CC6C07
                                                  SHA-256:E03A0DF9DEE832E01A2538D462CB9E2965D1D65C93D2814B38C92EEFDE71080D
                                                  SHA-512:F8A30803FEF3B5975933BC7B0B1A25710D2DC028C7ADD54A137D0D9E1ED43698C1B10DE49F22201FF3FD03A17ADA53C125E2361C91F23A173D58A768A133E3C7
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:modified
                                                  Size (bytes):30
                                                  Entropy (8bit):1.2389205950315936
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:051BDA147C979B0DC2B06BBB73156471
                                                  SHA1:49FFFC10C69EBE362D00E607B4AC692973548986
                                                  SHA-256:A0B114D2B52ACC32CC67AD6EC8D03606B22346738CAB4F05C8BB6F2E9E8204FF
                                                  SHA-512:B2A3AA398BFFD52FC1EA0C848C284B7DA2B864DA2798DD8D18BDAE54B7A7B08E32857B782B63B9900B4DCD9ABD2B929C2C6B1DDEB669B5687C3E6F251341E3A6
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:..............................

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:20:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                  Category:dropped
                                                  Size (bytes):2677
                                                  Entropy (8bit):3.995871119123107
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:95B344E16DA26AB31BF5A22B4307E2EC
                                                  SHA1:BDBC1CCB1319086DF68391895347B3E2D512D02C
                                                  SHA-256:25A7B7754BA55AF1947F716A15AF6CE18BCAE4BE49D891E91DD19FF7245D4003
                                                  SHA-512:85B6303549088FD1369FE15F0CDDFAF74577EB652AEF1E30B898D88421B3F80FB600884CC977354A620E49450F850EC2F90E2AAB8EA6624803FA0D736C123641
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:L..................F.@.. ...$+.,........,?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyYuZ....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY.Z....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.Z...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.Z...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............"?6.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:20:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                  Category:dropped
                                                  Size (bytes):2679
                                                  Entropy (8bit):4.01207238017841
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:0AF09176BD25BFB74EB9AA002BB29A80
                                                  SHA1:BAD9B136221C7AAE7EB0AD35C9E12156FC8B0530
                                                  SHA-256:EB33216474EE6998F036FDDCDE4D126B74F581BA1EFEA0DA0EC0CC1C0068D7DB
                                                  SHA-512:118A6190A13E1B7C473B30B37ECA4BA28D8494385E77AE036F8A843C6D0FD3D960D461007C9E4C787045B94B752B06D25C4D7CF8C4A9C3818F39E07810D6FFCB
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:L..................F.@.. ...$+.,........,?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyYuZ....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY.Z....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.Z...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.Z...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............"?6.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                  Category:dropped
                                                  Size (bytes):2693
                                                  Entropy (8bit):4.02097958221649
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:606900C15614AB4177993B84A41E160B
                                                  SHA1:0FD8BA03368093AE36F6AB26EED17967A4DBC6B5
                                                  SHA-256:BC2196D530FC7EED7055890EC4FA94ECD3B45D56D592DA49CF35360CB00DF6BC
                                                  SHA-512:D1C39524F84891CF57E5BDFBA155A0C9199A0CEE8730B01770E8D11F9A579AC1C7B294A251C1C2D32F93B10D05F1B51FFEFF3431D01581BC30C82F89B54C9893
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyYuZ....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY.Z....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.Z...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............"?6.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:20:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                  Category:dropped
                                                  Size (bytes):2681
                                                  Entropy (8bit):4.010470856982571
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:77D48A49509B48975728AFD5A0C8E22C
                                                  SHA1:C085252E3E0E3D5C6FCC4B89A37C7DAEB0B665CE
                                                  SHA-256:5ED1D36B40CDC869815D9B9916FB25665D054F800D8B1B48C79017AC17BB1E39
                                                  SHA-512:CED539F1C73470C47D8CA1C23EAFC2267EA3A26A0D2B3FD2AE4FB9D0EFF9B45468DE49D821430958D05087ADCD811FD2C7775ECC474EA807416766EBE3C65603
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:L..................F.@.. ...$+.,.......,?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyYuZ....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY.Z....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.Z...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.Z...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............"?6.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:20:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                  Category:dropped
                                                  Size (bytes):2681
                                                  Entropy (8bit):4.001038334808991
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:B36030CFC8FBEE02921E8CBB98D0FC3C
                                                  SHA1:6223B41FF5D237DE50C4ECA6D2427A0A4156167B
                                                  SHA-256:DE3228F2544AC41DB991696C6CA81D2790232301A49FE1EF9C3626B61273BC73
                                                  SHA-512:EF86F6F6A0244AB011A12D232A771195FCC98594601FDD91A59D314A88C95A1DA8B7F0DD68644ED96D3C3797D9C6057A21AD45B5576378CA6C1AE1BABE9E0DAC
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:L..................F.@.. ...$+.,........,?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyYuZ....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY.Z....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.Z...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.Z...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............"?6.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 10:20:46 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                  Category:dropped
                                                  Size (bytes):2683
                                                  Entropy (8bit):4.008250387510154
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:2EDA358B0CC6CE2FB99007C32D19ACAD
                                                  SHA1:0292CF5CD2C2F818C0254DD6DAA152DF1AA7E9A2
                                                  SHA-256:DD61577138D0A7702CA1F1D3B59DFAD6B2368B14EBA9BC9812886F0F08BE7C04
                                                  SHA-512:3FECBE5A876BE94437A277992A73D9E0A6B1F2E9D308313BE33C2D0192AD657A4690C48138A90BFBE7A8DEB013E8D1A7BE3B2B90B20385E6B4BB91D4BF68BB28
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:L..................F.@.. ...$+.,........,?......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IyYuZ....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VyY.Z....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VyY.Z...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VyY.Z...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............"?6.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                  C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:Microsoft Outlook email folder (>=2003)
                                                  Category:dropped
                                                  Size (bytes):271360
                                                  Entropy (8bit):1.31509559445185
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:1413E4593362C7E8F712D93D66300019
                                                  SHA1:13F57922DCD927165C70AB7202B8C2EB425D738A
                                                  SHA-256:6A977A5786D7418B626C0D9FABFB0CEECA9D0254C315996665263353F60558C6
                                                  SHA-512:277A0D2AD6D4C3A1B0EDC760204DDE93A2B25A31E6E70F91CD0612975AC2D347EBAE87DF0AD7EAAE90CD7826767D9A79C43225EF68ADE2D52E37C0009D9AC282
                                                  Malicious:true
                                                  Reputation:unknown
                                                  Preview:!BDN..d.SM......\....~..........F.......U................@...........@...@...................................@...........................................................................$.......D......@Q..............B...............E.....................................................................................................................................................................................................................................................................................................[.I=......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):1.2111081238555816
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:126223966A426539D467853BD99DE8EB
                                                  SHA1:7AA2F2BC4E5524B7F64F59623D30A1235FB9017A
                                                  SHA-256:B141787E88781C88961A0CFB5FC6586DA7B3B7B85E86E01EC46399F2CC880E0C
                                                  SHA-512:08AB75155823AB10069CCAF5053ADDCA0AC39678880BA7ED9309B0569C4D6AF0463EBD6C3021C72A709561E46755518B7B349559840C7C32C9BC9ADB0AE7E73B
                                                  Malicious:true
                                                  Reputation:unknown
                                                  Preview:.. .0..._.......X.....w.+?.......D............#...........?...............................................................?...........................................................................................................................................................................................................................................................................................................................................................................................................................................i..D.......=.W0...`.......X.....w.+?.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                  Chrome Cache Entry: 176

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                                  Category:downloaded
                                                  Size (bytes):1435
                                                  Entropy (8bit):7.8613342322590265
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:9F368BC4580FED907775F31C6B26D6CF
                                                  SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                                  SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                                  SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                                                  Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                                  Chrome Cache Entry: 177

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:ASCII text, with very long lines (45797)
                                                  Category:downloaded
                                                  Size (bytes):406986
                                                  Entropy (8bit):5.31836569617146
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:E40761677762EAB0692F86B259C7D744
                                                  SHA1:34A9B50CEC6E1163CEEFCD4D394DB6524C89A854
                                                  SHA-256:DA4A8DF0C326292B5BEE9C732B3C962FD67AAF2F99D850F1BF65068D573C5619
                                                  SHA-512:04FA1D6074AD24E3ABAB53D1DE116A6B39B4BE3DFABC082427F1C5A169E50527561F160CC133C2AC4AEDC4E7AC404572F60E531A4618111EA74D138B2B0DD034
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
                                                  Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[8],Array(533).concat([f

                                                  Chrome Cache Entry: 180

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:GIF image data, version 89a, 352 x 3
                                                  Category:downloaded
                                                  Size (bytes):3620
                                                  Entropy (8bit):6.867828878374734
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:B540A8E518037192E32C4FE58BF2DBAB
                                                  SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                                  SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                                  SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                                                  Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                                  Chrome Cache Entry: 181

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                                  Category:downloaded
                                                  Size (bytes):673
                                                  Entropy (8bit):7.6596900876595075
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:0E176276362B94279A4492511BFCBD98
                                                  SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                                  SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                                  SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
                                                  Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                                  Chrome Cache Entry: 182

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:ASCII text, with very long lines (47694)
                                                  Category:downloaded
                                                  Size (bytes):47695
                                                  Entropy (8bit):5.401533135534308
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:481EDB6F4045F16980C920CCD9705105
                                                  SHA1:D8CB40ABC935DC65D25D83D8358F52AC88742F73
                                                  SHA-256:5F7C821EEA52471A9BBB0397DF6B77EE279505BE05BB52AEF00932989522D3C2
                                                  SHA-512:497484EF0BAB7D2F4ED38E8063D1BAED9C8B49775CCF490CFF0C2B9CE73265D8E5292DA9FCEEB22B4CED508B9930A6ADBB145E2E2DC458FAF67EBB706D3021D3
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://challenges.cloudflare.com/turnstile/v0/g/e4025c85ea63/api.js
                                                  Preview:"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                                  Chrome Cache Entry: 183

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:PNG image data, 37 x 28, 8-bit/color RGB, non-interlaced
                                                  Category:downloaded
                                                  Size (bytes):61
                                                  Entropy (8bit):4.035372245524404
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:C95F8D2D5453CF86E6B94DCECFEF0911
                                                  SHA1:14197A65ED7AC5DD4215FC054184B8DDA13D3DC5
                                                  SHA-256:FAABB2949B6CFF690159204E07EEF0F05578BC8482534B5CB607746211DE7B64
                                                  SHA-512:B38A3CB8A799F9F28E7A51740AFE06089FDA3B70DDAB10DDCDCD7973F71D15BAB0DC45361D3E0D396E28DD2BE888EA991DF10EF5F43BE0A12BD1E65F0E67D265
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8e8140e4da61c32b/1732533672961/vwIJxFVa6Y1jBBR
                                                  Preview:.PNG........IHDR...%.........i..1....IDAT.....$.....IEND.B`.

                                                  Chrome Cache Entry: 184

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
                                                  Category:dropped
                                                  Size (bytes):35168
                                                  Entropy (8bit):7.99275807202193
                                                  Encrypted:true
                                                  SSDEEP:
                                                  MD5:D3B6AE9986DF244AB03412CC700335D0
                                                  SHA1:BAAA1F9899178938F3881F09B18265E47DA806E3
                                                  SHA-256:CA50059111D30C2E212C90805792EB543548AEF0D4941E886A778E3DCE0B9066
                                                  SHA-512:755C57FBC9BECE435A477F76C5E8198CA8942C23BE667ACAB83A00E5CD4F54075B10AA07C7FDC10C38FC3D5C0C406C9132FEB5B67BA5BCCC57EF796054A84E7C
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:...........kC.H.0......e....0.pX..Iv3..\f..0YY.m..e$.K..o...j..g.3.lpW.......[..Y.?k.Y.......8~.a..../_.;]{.............v...0..q.Dk.w...h-....Z<..l.fA..k3.7..dm....b..-...(,.$...4...f...e...AV..z.mA....O.9........k..h-.......<Z[.GQ.v3....Oq..y:..(..k.$_...._..h-...q..S.ck.=.T......Sq@.:.A.c.(....SDq..Ac.t..m.$Lc....Z...K...O<....f9..p...0Z..3.<...$YK.x.F......v....nm..s$...&..dQ4.......n-.-.......E.XD..-5~...f.....t...-_.....fsg...8kZ..|.{{....p+Lg.t9I..P./ap......o9Wx.._{....k..,...............................7.|..t...Ax.7..b..v..v.m-...~v...:....r..._........,...A........:..z.>.y..u.....N...^..S.......z~@..;...n...K........x..A]....F.8X&Em..P.s.....a.g.|.d......._..C`.xQ...\..'...QP....?.R.{?....|.>........E4.GRz...z.k.z.}....h..>.{[E.:.....Pu. ..e6_.o.p*.w...>...:...o.k~...~..&E._..}}.}%[. ..#......z.5M.b.....z..k.H.4...l..D.o...z..M.+../..`....?y.J4.=....u.....Z.....E.d.....{0H^...8.....9..h......d..6j......../..z..V<.`.F.xm.y..yt.J....

                                                  Chrome Cache Entry: 185

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449972
                                                  Category:dropped
                                                  Size (bytes):122341
                                                  Entropy (8bit):7.997734268074267
                                                  Encrypted:true
                                                  SSDEEP:
                                                  MD5:0015292EAF58B4680B4A303F7C153A35
                                                  SHA1:39C6356FC5DD37C3695D7ABDFA921EAC92BD830E
                                                  SHA-256:C7733C6D69B9FE91B93B3C1FD3838898810C0F23017A1BF3011ECC0DB0722620
                                                  SHA-512:DAE8CED5C0FE1D5485C59F9ACCB20375142B87060CD93040D314E38DDE1F82BBA2E66C0721096DF3F251EE1D5D77919530A9F109F38E022CF74A1802E88C6DC9
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:...........{w.8.8.....fn..(...J.....v.g.wS..Y..ud.+.y....?.$%.SU.{.=..yT,.|. .. ......si...S.]...K.......%|.G.bx}..|.=.(.....K..g%.;.c...F%/p.h.Fv......<./M.pVJ.Xi...2'.K..'Ph...T..".tiG.k...R.....M..J;...~?$. L<......|..bVZ...J....P:..(..IR...'h$^@z...dG....4.....Z.!..5.fx.1.C.<.*..@._...b....4......t".....C).K..B.>...LK..YL.`zV.t.]8I57.EO.E./.....Y1...^......id..r..L.=.... ..y..._K.l.....%.'.|.|.[...YU.A..g....q.\....Zk.fTx.C..c....<,.U'.}p...c....s?..hx..g...q\.....zP:.g....U...).?..K..X..>..........d.8.2.,..RP..+..O6 _....nkwz...;=.j.c.....U.....0..xVx....1..*.~.&.sV}...s.(.3 ...s_.u...k.zw..Nu.......Tt.a......n).|W...@.ev..Y..S....]..s..V.j..M.r.\Y..Z.n[.z...S4...oR.n..J.E...w....b|H.-L.....c.".\.V....B..D...=..V..vjY..D.B......rb...~U2b\.....:.0.M~k;....Z_..!......5......m....k.N..&.+...Ri...T\.8`{.3.B...DL}4].:.u........`?....W`Z".S.S..<= ....Z...n."..*}..K.{8)..._..A%..L...I)UX...)y..P.V.....G.....z{K?.,............@Z..2.(..%'<B..

                                                  Chrome Cache Entry: 188

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755
                                                  Category:dropped
                                                  Size (bytes):5529
                                                  Entropy (8bit):7.95514518328613
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:6DEB44A9FE273266EFABC3214B998BA0
                                                  SHA1:C8BE755694C25E416C81F5057670E3B14B2FE08F
                                                  SHA-256:4A1AA3B8B23FB3C150A62BB681DAE96E6CAB20BFAFB89D74FED2E0BC85826BAF
                                                  SHA-512:EBA11F91C3751574F82FBF82F81338761142ABC13B14534133A2986BEF2F2505125B648E1E991F79C1ACC731A9008F98C3F7937649533E7C4E59C2548D4E7452
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:...........[}w.F...?.b.(..c.i....8zI..k..f...$F.1.. ........$!..=.13w..s./>.w........u{g.=...u.....>h./{.F..xhS..7.6....9p...(.D..a..Q.\hS.L|7.FI4.....$....._.X4.At..@.x...s.seZ.....!V..x..'..F.?..z.[..Ppm.z<..'.p.]..$..(..>...6.3..o.47..6..t...AfX..F.($8...= ...'..GDb<.iM..s.D....N..F.<.e.......M....t ...Sk.'wDb.h...M2K...... ..6N.X.o..s...S.....r.`......1..4.c...J....V....ED.7.........p......&i....p....F.C/...W...-.....|..E...W.v5.....M]?...*s.........~....!........R.....~.A... v....C.S1.X|.lZ.LL...._.f....h.f.ep.2a>..,G..,...d..G&....dn.....j$..uB.z...Y..x2.......rI. ...?...w<.y.b.vF..h...b..l......\....cq.S.u......'&...E..s.d..-).I.M]..0.;.....;~6K'....$.G....;.8..<_.;.O.]...;.}..[.cWDJ6z..l..H..'8~..6vj5........Q...I..X.Ww..vB.....{v..$...].......d..kAO#.G...0(.....Y..G.6k.%z.S..6....Qw...`H....)1.5.......M...}C..z...2...d.;5..(.!.....}.Y.!..0..n.a.`..'D..@../.N.|w.OcH.];Z...k.....1g.4.f..t.'...........8i..<!...6M...p...

                                                  Chrome Cache Entry: 190

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:ASCII text, with very long lines (46591)
                                                  Category:downloaded
                                                  Size (bytes):142367
                                                  Entropy (8bit):5.430597817875451
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:CCAA31FD031C4C856EB7B986FD9F447B
                                                  SHA1:0A809EABCDB95FA04DE5F8409B3BC994ED65CBD1
                                                  SHA-256:3D40B4129B8B4C284908636AE46D72EA053F286FB5FE45DB78351B5B2CFC1EB9
                                                  SHA-512:4B5B2271DB5F640FEBF13A7C0BDBD630C73530000F1593046D090585D1752E239D894614E23E801BE4C6A379406B6EF521423FA27C3865C3CD4ABB0A64823780
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js
                                                  Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)

                                                  Chrome Cache Entry: 191

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:GIF image data, version 89a, 352 x 3
                                                  Category:downloaded
                                                  Size (bytes):2672
                                                  Entropy (8bit):6.640973516071413
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:166DE53471265253AB3A456DEFE6DA23
                                                  SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                                  SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                                  SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                                                  Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                                  Chrome Cache Entry: 195

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:ASCII text, with no line terminators
                                                  Category:downloaded
                                                  Size (bytes):28
                                                  Entropy (8bit):4.307354922057605
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:9F9FA94F28FE0DE82BC8FD039A7BDB24
                                                  SHA1:6FE91F82974BD5B101782941064BCB2AFDEB17D8
                                                  SHA-256:9A37FDC0DBA8B23EB7D3AA9473D59A45B3547CF060D68B4D52253EE0DA1AF92E
                                                  SHA-512:34946EF12CE635F3445ED7B945CF2C272EF7DD9482DA6B1A49C9D09A6C9E111B19B130A3EEBE5AC0CCD394C523B54DD7EB9BF052168979A9E37E7DB174433F64
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwn8GvbaHt4O_xIFDdFbUVISBQ1Xevf9?alt=proto
                                                  Preview:ChIKBw3RW1FSGgAKBw1Xevf9GgA=

                                                  Chrome Cache Entry: 196

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                                  Category:dropped
                                                  Size (bytes):621
                                                  Entropy (8bit):7.673946009263606
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:4761405717E938D7E7400BB15715DB1E
                                                  SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                                  SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                                  SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                                  Chrome Cache Entry: 198

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113378
                                                  Category:downloaded
                                                  Size (bytes):20400
                                                  Entropy (8bit):7.980289584022803
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:F0DE9A98DBDFA8C02742CE6D92FB2524
                                                  SHA1:CDEC682AEB9E39EDCCC2374DAB26F04DB754A8B5
                                                  SHA-256:FAF4294F27A542B0F9EA2A7CB2711529AB027CD84A5F5BADFAE752100855E6BE
                                                  SHA-512:856FC9AB199997E69A9487372BC0083564F7115B3E0678CF1D542B9864E9A88D5FFB85697FD93538DC9439071E3BCD4B8BCCBFC610E1A45DE104D6362D8ADCD9
                                                  Malicious:false
                                                  Reputation:unknown
                                                  URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
                                                  Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.

                                                  Chrome Cache Entry: 199

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57510
                                                  Category:dropped
                                                  Size (bytes):16345
                                                  Entropy (8bit):7.98960525258912
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:187B9EBA41FDF66B2C8F7EB645D2BC17
                                                  SHA1:B1C034F7F5F754F271D094FB417B9A820C1F712C
                                                  SHA-256:CA0FBF8421A0CF4CCDA7310B2AE74CBD92214901EC2D0F273EA3B07F12CF96EA
                                                  SHA-512:0D7FB682D24E97C9E3FC04AA87CCB8EC508CA0CF197DA0617EFFD981BC8B5E3600824FDD08F1F31F59D276B5BF53229D00805D984E01D512FD968610C5FE9609
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:...........}Ms#.......\.@..'F.........3RH2....~......Q.x7...}..'.}..?e#...QU]....Vo..................?........w!......=.G...P.../......8z....q._5....g..}g..31......l*...],.b..;..`...Y....3..5.uGAi..NP.6<.w.(..`...y..d.N.x..^u.....^...?..N........Fq.....z..wgN./..Ep/f..c/.D4~X.W~).s/.E8...T...8,:..Q.p>.....7.....4....Z,&c.)n.[.pcQp...4...&...i.............CkL=.....g..m&vG..p... ....:N`y...ea.,....[......^.../D#(y.....l4.n..,.=_.p2P.....A,..RP..E.T......8 .v....Iw.X..?.r......nk....?Wj..a.|..........JAs.j......?.)..t.z.-..m.]..3y...3@...'.)...Aa..1.kQ.....l+.....-q..n.p..{^...$..{/...=a..A...4.VH}..SBwju......S..hN.P..-..O,..S7.J,.....p.iLU.6W.....eO.7 ..C...{.E.Z...1...5s.!uY...@^. ,D".N.E......5.NE..\...VQa.A7..X.B..{.q..Ra..S....x(x7.Cp.#.#..:.......D..`,!IGr.. ...z.?.._0O.......;..0.z.h....5.../...q..5.|..B.OY..k...].Sw.>.".@..!.9.V|...=.dv.3!sr.....#...X8s.w.|7..O/....!.."...3.."D..)...[........!^....3(..{...F2'..q.....x........

                                                  Chrome Cache Entry: 204

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                  Category:dropped
                                                  Size (bytes):17174
                                                  Entropy (8bit):2.9129715116732746
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:12E3DAC858061D088023B2BD48E2FA96
                                                  SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                  SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                  SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                                  Chrome Cache Entry: 207

                                                  Download File
                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                  Category:dropped
                                                  Size (bytes):61
                                                  Entropy (8bit):3.990210155325004
                                                  Encrypted:false
                                                  SSDEEP:
                                                  MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                  SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                  SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                  SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                  Malicious:false
                                                  Reputation:unknown
                                                  Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                                  Static File Info

                                                  General

                                                  File type:CDFV2 Microsoft Outlook Message
                                                  Entropy (8bit):5.022699643310464
                                                  TrID:
                                                  • Outlook Message (71009/1) 58.92%
                                                  • Outlook Form Template (41509/1) 34.44%
                                                  • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                  File name:Vendor Agreement Ready for Your Signature November 22 2024 at 084923 PM.msg
                                                  File size:164'864 bytes
                                                  MD5:e0c92bacfc67c2ac994c8edb5d848f46
                                                  SHA1:d88375d568a4af5e5e09b977b079a820468e84a6
                                                  SHA256:65254b1b272d484de501ed0a0e9d34bd5310ca967f373d93cdacb75e90f553e1
                                                  SHA512:e72532c97b0cf3a48844e4fb8d4f0399dde09ffedb56115211531f03a82010295006a961f2ee0f8e5d3ca126d56f7ad56878a786d95bb0122490242851b75a27
                                                  SSDEEP:3072:rMOFQyFH//t31QOFIx3qLln0UhhJr2uf9i:rMuFf/tKx3qLln0UXZ2i
                                                  TLSH:59F3881439EA1119F3B3DF318BE690AB8536FDD2AE15965F2095330E0671941EC63B3B
                                                  File Content Preview:........................>..................................."...................y..............................................................................................................................................................................

                                                  Static Mail

                                                  General

                                                  Subject:Vendor Agreement Ready for Your Signature November 22, 2024 at 08:49:23 PM
                                                  From:"Noreply-e drive from Ryan Phillips" <chie19810122@nifty.com>
                                                  To:datateam@cardfactory.co.uk
                                                  Cc:
                                                  BCC:
                                                  Date:Fri, 22 Nov 2024 21:49:24 +0100
                                                  Communications:
                                                  • CAUTION: This email originated from outside of the organisation. Do not click links or open attachments if they are not expected. If in doubt check with the sender or use the report message button. Warning! Email Attachments can't be scanned. Do not download it unless you recognise the sender and know that the email is safe. Reply to: datateam <datateam@cardfactory.co.uk> PDF PASSWORD: 90844 Device Name: Not Set Device Model: MX-M565N Location: Not Set File Format: PDF (Medium) Resolution: 200dpi x 200dpi Attached file is scanned image in PDF format. Use Acrobat(R)Reader(R) or Adobe(R)Reader(R) of Adobe Systems Incorporated to view the document. Adobe(R)Reader(R) can be downloaded from the following URL: Adobe, the Adobe logo, Acrobat, the Adobe PDF logo, and Reader are registered trademarks or trademarks of Adobe Systems Incorporated in the United States and other countries. https://eu-west-1.protection.sophos.com?d=adobe.com&u=aHR0cDovL3d3dy5hZG9iZS5jb20v&p=m&i=NjZjZjYxZWMwMWU2ZWQ0YmY5MWZjNTkw&t=N29YcjdOMFgvY3V3a0R0a3E3aHhZNTlsQ2UyTHhLd3Rndzc3eC9LZXVjST0=&h=b68443a4c7d043b38370bbf8acdfe1e5&s=AVNPUEhUT0NFTkNSWVBUSVZhUMBLYYYlZGthl5sPZZu99PL3ZQXZnOFhHqSSOs6Zbg
                                                  Attachments:
                                                  • Card Factory-Cardfactory-agreement__6a04042a1da7620658a5e18dfd587863-datateam.pdf

                                                  Headers

                                                  Key Value
                                                  Receivedfrom [127.0.0.1] by mta-snd-e04.mail.nifty.com with ESMTP
                                                  2049:44 +0000
                                                  (260310a6:20b:659::6) with Microsoft SMTP Server (version=TLS1_2,
                                                  2024 2049:30 +0000
                                                  Transport; Fri, 22 Nov 2024 2049:30 +0000
                                                  Authentication-Resultsspf=softfail (sender IP is 198.154.180.200)
                                                  Received-SPFPass (protection.outlook.com: domain of nifty.com designates
                                                  via Frontend Transport; Fri, 22 Nov 2024 2049:28 +0000
                                                  for <gaganpreet.gandhi@cardfactory.co.uk>; Fri, 22 Nov 2024 2049:39 +0000 (UTC)
                                                  X-Sophos-Product-TypeMailflow
                                                  X-Sophos-Email-IDb68443a4c7d043b38370bbf8acdfe1e5
                                                  4Xw6fP228Qz5vM7; Fri, 22 Nov 2024 2049:33 +0000 (UTC)
                                                  by AS2PR03MB9929.eurprd03.prod.outlook.com (260310a6:20b:646::22) with
                                                  Authentication-Results-Originalspf=pass (sender IP is 106.153.226.36)
                                                  for <datateam@cardfactory.co.uk>; Sat, 23 Nov 2024 0549:26 +0900
                                                  Disposition-Notification-Tojamiepiraneo11@outlook.com
                                                  From"Noreply-e drive from Ryan Phillips" <chie19810122@nifty.com>
                                                  Todatateam@cardfactory.co.uk
                                                  Reply-Toericvena@outlook.com
                                                  SubjectVendor Agreement Ready for Your Signature November 22, 2024 at
                                                  0849:23 PM
                                                  Message-ID<2bf01b89-bcae-9eea-88f7-22e0355ff252@nifty.com>
                                                  DateFri, 22 Nov 2024 20:49:24 +0000
                                                  MIME-Version1.0
                                                  Content-Typemultipart/mixed; boundary="--_NmP-e6ec188f1e903f48-Part_1"
                                                  DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com;
                                                  h=FromTo:Reply-To:Subject:Date;
                                                  X-EOPAttributedMessage1
                                                  X-EOPTenantAttributedMessage7956b84e-0c99-46b5-81c6-28689cfa7221:1
                                                  X-MS-TrafficTypeDiagnosticAMS0EPF0000019A:EE_|AS2PR03MB9929:EE_|DU6PEPF0000B61B:EE_|PAXPR03MB7965:EE_|PAVPR03MB10180:EE_
                                                  X-MS-Office365-Filtering-Correlation-Id09f724af-9d1d-48ce-7c09-08dd0b372f30
                                                  X-Microsoft-Antispam-UntrustedBCL:0;
                                                  ARA13230040|7093399012|12012899012|5062899012|3072899012|2092899012|43540500003;
                                                  X-Microsoft-Antispam-Message-Info-Original=?us-ascii?Q?+3hvJosO261h9WYEXbKuDVgpObQNIMAGGsZMnIZKcIm3GcM7oB0vf2WEeIgh?=
                                                  X-Forefront-Antispam-Report-UntrustedCIP:106.153.226.36; CTRY:JP; LANG:en;
                                                  SCL1; SRV:; IPV:NLI; SFV:NSPM; H:mta-snd-e04.mail.nifty.com;
                                                  PTRmta-snd-e04.mail.nifty.com; CAT:NONE;
                                                  SFS(13230040)(7093399012)(12012899012)(5062899012)(3072899012)(2092899012)(43540500003);
                                                  DIRINB;
                                                  X-Auto-Response-SuppressDR, OOF, AutoReply
                                                  X-MS-Exchange-Transport-CrossTenantHeadersStampedPAXPR03MB7965
                                                  Content-Transfer-Encoding8bit
                                                  X-Sophos-Email-Scan-Details27140d1e1540510e7e771140550e7d75
                                                  X-Sophos-Email[eu-west-1] Antispam-Engine: 6.0.0,
                                                  AntispamData2024.11.22.203016
                                                  X-Sophos-SenderHistoryip=106.153.226.36, fs=159073, fso=47843955,
                                                  X-Sophos-DomainHistoryd=nifty.com, fs=81249070, fso=81249070, da=86510008,
                                                  X-LASED-From-ReplyTo-DiffFrom:<cardfactory.co.uk>:11,
                                                  From<printcraft.co.uk>:11, Reply-To:<printcraft.co.uk>:12
                                                  X-LASED-SpamProbability0.141851
                                                  X-LASED-HitsAUTH_RES_PASS 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000,
                                                  X-LASED-ImpersonationFalse
                                                  X-LASED-SpamNonSpam
                                                  X-Sophos-MH-Mail-Info-KeyNFh3NmZXNTZCQ3puVFZjLTE3Mi4xOS4yLjIyNw==
                                                  Return-Pathchie19810122@nifty.com
                                                  X-MS-Exchange-Organization-ExpirationStartTime22 Nov 2024 20:49:39.9291
                                                  X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                  X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                  X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                  X-MS-Exchange-Organization-Network-Message-Id09f724af-9d1d-48ce-7c09-08dd0b372f30
                                                  X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                                  X-MS-Exchange-Transport-CrossTenantHeadersStrippedDU6PEPF0000B61B.eurprd02.prod.outlook.com
                                                  X-MS-PublicTrafficTypeEmail
                                                  X-MS-Exchange-Organization-AuthSourceDU6PEPF0000B61B.eurprd02.prod.outlook.com
                                                  X-MS-Exchange-Organization-AuthAsAnonymous
                                                  X-MS-Office365-Filtering-Correlation-Id-Prvs958f1673-d992-4c73-9e33-08dd0b3728e8
                                                  X-MS-Exchange-Organization-SCL-1
                                                  X-Microsoft-AntispamBCL:0;ARA:13230040|5062899012|12012899012|35042699022|7093399012|3072899012|2092899012|43540500003;
                                                  X-Forefront-Antispam-ReportCIP:198.154.180.200;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKN;H:mfid-euw1.prod.hydra.sophos.com;PTR:mfid-euw1.prod.hydra.sophos.com;CAT:NONE;SFS:(13230040)(5062899012)(12012899012)(35042699022)(7093399012)(3072899012)(2092899012)(43540500003);DIR:INB;
                                                  X-MS-Exchange-CrossTenant-OriginalArrivalTime22 Nov 2024 20:49:39.8823
                                                  X-MS-Exchange-CrossTenant-Network-Message-Id09f724af-9d1d-48ce-7c09-08dd0b372f30
                                                  X-MS-Exchange-CrossTenant-Id7956b84e-0c99-46b5-81c6-28689cfa7221
                                                  X-MS-Exchange-CrossTenant-AuthSourceDU6PEPF0000B61B.eurprd02.prod.outlook.com
                                                  X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                  X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                                  X-MS-Exchange-Transport-EndToEndLatency00:00:04.8060968
                                                  X-MS-Exchange-Processed-By-BccFoldering15.20.8158.023
                                                  X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                                  X-Microsoft-Antispam-Message-Info=?us-ascii?Q?xEwOQy4nqpUwad+yFWYwhG8+/ceBBZ1yPoCoO0jss1ZGA+TiITNbSgciA/jq?=
                                                  dateFri, 22 Nov 2024 21:49:24 +0100

                                                  File Icon

                                                  Icon Hash:c4e1928eacb280a2