Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FW_ Jill Donnell Asset Verification .msg

Overview

General Information

Sample name:FW_ Jill Donnell Asset Verification .msg
Analysis ID:1592279
MD5:7ab6e4a3da1c32cbc9f78154f77be20f
SHA1:634d14fb8a86a76256dcfc831ed420b05996dc91
SHA256:dc0a8159adb057260c625301c4427434a72f166aaa48e79ab346a01d1b7625ec
Infos:

Detection

Score:22
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

AI detected suspicious elements in Email content
Creates a window with clipboard capturing capabilities
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6532 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ Jill Donnell Asset Verification .msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6776 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BB96ABE0-C59A-4798-B989-28CEB489BDC8" "31519C6D-C695-4BDF-BBF9-01E2DDD602A4" "6532" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 1276 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\X63V4W6E\Jill Donnell Asset Verification.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 5912 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 5700 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1568,i,5233134908703663084,13292943580800203465,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6532, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\X63V4W6E\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6532, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected suspicious elements in Email content
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email contains sensitive personal information (SSN) being shared in plain text, which is a red flag. The email chain includes multiple redirects through different parties, which is a common phishing tactic. The presence of multiple tracking links (clicktime.cloud) and numerous image attachments is suspicious
Source: EmailClassification: Credential Stealer
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASS
Source: classification engineClassification label: sus22.winMSG@21/51@1/114
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250115T1841310229-6532.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ Jill Donnell Asset Verification .msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BB96ABE0-C59A-4798-B989-28CEB489BDC8" "31519C6D-C695-4BDF-BBF9-01E2DDD602A4" "6532" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\X63V4W6E\Jill Donnell Asset Verification.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1568,i,5233134908703663084,13292943580800203465,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding B0B1A566203721984960EA4249648213
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BB96ABE0-C59A-4798-B989-28CEB489BDC8" "31519C6D-C695-4BDF-BBF9-01E2DDD602A4" "6532" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\X63V4W6E\Jill Donnell Asset Verification.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1568,i,5233134908703663084,13292943580800203465,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote Services1
Clipboard Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager14
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.57.19
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      52.113.194.132
      		unknownUnited States
      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      184.28.88.176
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      52.109.89.119
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      52.111.231.24
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      2.22.50.144
      		unknownEuropean Union
      		20940AKAMAI-ASN1EUfalse
      23.209.209.135
      		unknownUnited States
      		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
      23.217.172.185
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      20.189.173.18
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      52.109.89.19
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      34.237.241.83
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      184.28.90.27
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      2.22.242.130
      		unknownEuropean Union
      		20940AKAMAI-ASN1EUfalse
      172.64.41.3
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse

      General Information

      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1592279
      Start date and time:2025-01-16 00:40:50 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:13
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      Analysis Mode:stream
      Analysis stop reason:Timeout
      Sample name:FW_ Jill Donnell Asset Verification .msg
      Detection:SUS
      Classification:sus22.winMSG@21/51@1/114
      Cookbook Comments:
      • Found application associated with file extension: .msg

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
      • Excluded IPs from analysis (whitelisted): 52.113.194.132, 184.28.90.27, 52.109.89.19, 2.22.242.130, 2.22.242.97, 52.111.231.24, 52.111.231.26, 52.111.231.25, 52.111.231.23, 20.189.173.18, 52.109.89.119
      • Excluded domains from analysis (whitelisted): omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, weu-azsc-000.roaming.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, onedscolprdwus15.westus.cloudapp.azure.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, prod.roaming1.live.com.akadns.net, weu-azsc-000.odc.officeapps.live.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, nleditor.osi.office.net, prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, s-0005.
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtSetValueKey calls found.

      Created / dropped Files

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):290
      Entropy (8bit):5.198309442193405
      Encrypted:false
      SSDEEP:
      MD5:DAA1010C035BB14242BEEEF7E7D6FC97
      SHA1:CA76C4D3B67FC8734D3733D3D2C9C4A8CBFC6210
      SHA-256:A9CF8D39E6B4998FB15164CFD53120F04CEA7AF6761B97FD2E3547DEC51FF527
      SHA-512:F4B201BA3A99F917D39C8AE155951F8FFAE112C4A2A2F8C0C00C4737EC89A8AE2F145418713F5143B26E2F67D6496F8771C0B4CF7A00E6BD1CC39ED1F904F126
      Malicious:false
      Reputation:unknown
      Preview:2025/01/15-18:41:49.952 1924 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/15-18:41:49.955 1924 Recovering log #3.2025/01/15-18:41:49.955 1924 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):331
      Entropy (8bit):5.1576496126582905
      Encrypted:false
      SSDEEP:
      MD5:D3ECF39854C1595409159677CC521830
      SHA1:51477CB6E7C13B60C0ECF36A94AEC79F0F45F002
      SHA-256:D9E69FB8F8DAEC2F3534C0DE0653A6B145E930432B1EA6139CB567771DE77F3E
      SHA-512:3D893C418C4EE6B2351D62C8659BF4000D70E9AFDC0248A4B76025E504F8A95F9D08D0EBAEFE18AE823C343BF027223636E0FB74D33F6D9222524CFC6891BC3A
      Malicious:false
      Reputation:unknown
      Preview:2025/01/15-18:41:49.845 ea4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/15-18:41:49.850 ea4 Recovering log #3.2025/01/15-18:41:49.851 ea4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\84dc4f62-8686-4a00-aa25-72341a2ba7d3.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:modified
      Size (bytes):403
      Entropy (8bit):4.953858338552356
      Encrypted:false
      SSDEEP:
      MD5:4C313FE514B5F4E7E89329630909F8DC
      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:4C313FE514B5F4E7E89329630909F8DC
      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5791f8.TMP (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:4C313FE514B5F4E7E89329630909F8DC
      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e38ff524-e532-434d-b867-1fb4292422a8.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:modified
      Size (bytes):403
      Entropy (8bit):4.981202135099884
      Encrypted:false
      SSDEEP:
      MD5:0E7796BD8B293C62AF74D9C398D2E9BE
      SHA1:7785505C9F55062D26AE4CBA7298064044E0A9B1
      SHA-256:5018D226CDA126F76E0FB1F586BC2A2EC1B7C4AA40084B56AE6C6EE7F7C113AC
      SHA-512:DE15F0AAF67D8ED4988B6C0DEB096BB0B94D4328435F0A5E76372B4CE7ADDE05444AF866157C2EA247C394F36B17414AE7887ED350E1C74FF6A9F961C75644AF
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381544521774207","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":125127},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):4509
      Entropy (8bit):5.23473991325458
      Encrypted:false
      SSDEEP:
      MD5:7EFA6ADF3A4794ECB32D5D9D99636B10
      SHA1:E410AF9BE9B97AA0DB76645E310024D086026EA9
      SHA-256:519F829562922886B3CB11912C83F75FD5CD8D77E9CA667BDDAD3C12B9D29665
      SHA-512:9C05EB6C99978D0D27FCE2FAC2B519481D70EB671EEDD07EEDD2D3593E14CCEC2604E43B100817DB5BA5482AFE00F4B7B5F94CFF2F649F36A24BF1BC3A93C189
      Malicious:false
      Reputation:unknown
      Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):319
      Entropy (8bit):5.184888266415812
      Encrypted:false
      SSDEEP:
      MD5:2213954D756EBC715D376AB68DBE5FDA
      SHA1:05FCD5CBA6E42A4085B9519F90439361BD7997A0
      SHA-256:B227E3BD9CC8444360BFA7B999E4C45BD504BEF05676A12A5035FBFEB7F44269
      SHA-512:7EEFD4132E234B67F9EE2A0E6EAC8B1AF87EB5F25B90361D38DC2DBDD4C1A813C2F2B370894600B5217B928F6B2279F17159C2924F78BBE5CD227D3A455C38FB
      Malicious:false
      Reputation:unknown
      Preview:2025/01/15-18:41:49.988 ea4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/15-18:41:49.989 ea4 Recovering log #3.2025/01/15-18:41:49.991 ea4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250115234153Z-162.bmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
      Category:dropped
      Size (bytes):71190
      Entropy (8bit):1.4287065561511896
      Encrypted:false
      SSDEEP:
      MD5:00C55916BF2E070F38181F10A4DDFE36
      SHA1:79A52184980C4449DBE909AE3A775BFFED0C8E19
      SHA-256:45F3EBA2A06F0CC55DB3F1CC84CEF0599AEFEA07FAD9BC725C0EECE7B756F82F
      SHA-512:0B2AE109F36994F87092D11DF08E75FC7D0D91ECC8DC186442F4EE4CFF1D145733E9AD2D28995A1DBD78D61C1C5CC955DF7B3CD552C25B7CC944812F226FAA6A
      Malicious:false
      Reputation:unknown
      Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
      Category:dropped
      Size (bytes):57344
      Entropy (8bit):3.291927920232006
      Encrypted:false
      SSDEEP:
      MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
      SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
      SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
      SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):16928
      Entropy (8bit):1.2144024403231553
      Encrypted:false
      SSDEEP:
      MD5:37101F00573000E0D8B53E90E8121C0F
      SHA1:A4764FB1364A37714798ABA7E57B5E131EFF7CE7
      SHA-256:8AC7891A614664D10963EB0F1E4FC9A1D212734BB867E55C20477ED1238A1BAC
      SHA-512:5543BCBBC3068CF2FE567A7EF4AAD6CB54C9289575198270440564258E0E1935242AC28048437461E1782B7B50EB6A3262513A3FC6684E50F5F7CC4107079C7E
      Malicious:false
      Reputation:unknown
      Preview:.... .c........r........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Certificate, Version=3
      Category:dropped
      Size (bytes):1391
      Entropy (8bit):7.705940075877404
      Encrypted:false
      SSDEEP:
      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
      Malicious:false
      Reputation:unknown
      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
      Category:dropped
      Size (bytes):71954
      Entropy (8bit):7.996617769952133
      Encrypted:true
      SSDEEP:
      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
      Malicious:false
      Reputation:unknown
      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):192
      Entropy (8bit):2.756901573172974
      Encrypted:false
      SSDEEP:
      MD5:7D5DC4D866A1C30F43D4A57F77F916FD
      SHA1:F4A301DE0BEE44CF256376DEC9910E4B9B28FC2A
      SHA-256:6B45501AEAC4461AFAD0B1AF69EE873EC9E77090DF3E1EDB91DF41D4CF169AB6
      SHA-512:F3A83EEF74A24A5826800454F1DD85496F483B536CFC1C99EF7A42191E1147EDA7FF40E10220C7881C41BFDBDFEA02D021DF8F1194D5F58F96AEF58844377C0E
      Malicious:false
      Reputation:unknown
      Preview:p...... ........7Qb..g..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:modified
      Size (bytes):328
      Entropy (8bit):3.1440865988908953
      Encrypted:false
      SSDEEP:
      MD5:CF7A8AA915DD1F29BA6239F1A99562E3
      SHA1:9C4ACB8AA18D618C5D956BA640DE080CE3A39236
      SHA-256:C7E3B9CD79F02078CB16009769834FDBF4F7D1253DF0FDFA705471FAA14F8AF4
      SHA-512:CF5CDE06707C6C1AC2D76467FE5CD9C66CEDF7B721A5DA814204EEFE58B6B551A0DA7AA4042A52EE9A20495EECD0F7F6ACA0CD168F3467CC4E49D44854D7A4E4
      Malicious:false
      Reputation:unknown
      Preview:p...... ........P..%.g..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:8BA9D8BEBA42C23A5DB405994B54903F
      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6344

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):1233
      Entropy (8bit):5.233980037532449
      Encrypted:false
      SSDEEP:
      MD5:8BA9D8BEBA42C23A5DB405994B54903F
      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:8BA9D8BEBA42C23A5DB405994B54903F
      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:B60EE534029885BD6DECA42D1263BDC0
      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6344

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):10880
      Entropy (8bit):5.214360287289079
      Encrypted:false
      SSDEEP:
      MD5:B60EE534029885BD6DECA42D1263BDC0
      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):227002
      Entropy (8bit):3.392780893644728
      Encrypted:false
      SSDEEP:
      MD5:265E3E1166312A864FB63291EA661C6A
      SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
      SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
      SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
      Malicious:false
      Reputation:unknown
      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):295
      Entropy (8bit):5.372277951397011
      Encrypted:false
      SSDEEP:
      MD5:881A63EFFF4C2DDD3F25B65B19901A9E
      SHA1:C3E3B05405AF6B98D5AECA857E1D20A8A48F91B0
      SHA-256:081FF3802A6413D7CAE3549B60E608271E5FCD963C61C185B4A249593F84BF35
      SHA-512:E6897E2EBBB25806C50D998148C2BB5E89E35E47769FD0FEFE11D2E19E3E52DB885ED1445E1F13601A8B1F61E4D095111C6FD2EED06D8D037A21A9322D6F55DE
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.319753946565774
      Encrypted:false
      SSDEEP:
      MD5:249C3967C9F9C2A9085196E6D112FE02
      SHA1:41DDA6B72A9202F4375141E1E29350F8197D890A
      SHA-256:747AD8D240DAFEC4415E6CF0EFE9347C9335A5AE7E4C580382C208E31C70BA1E
      SHA-512:E419C37F86241E48DFC13C2B347EAF4F369808EF3926CD2D995633160327F9E986CFFBB8B62717347DEC29842B17A87557268B8EE2E93C8792FC23E2EEE007A4
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.2976040401428435
      Encrypted:false
      SSDEEP:
      MD5:2A41C484B8816E4EFCC608817713E6B1
      SHA1:7F7235EF8668CD2B4BDA4E501BF71FF89A537C72
      SHA-256:65639E0481CFCD2FD09FD95CA005D57F1309AE37401A41A29C1972EAD5DD3867
      SHA-512:E4A12CAA85981337686B2C8EDC1399C7929BCAA23653F9B3C78878E4168E20BCBAB1931C8CE131B7F3735AE7D6B7B65DBE40EE6F99BD8F9FA477A7794B61E0B3
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):285
      Entropy (8bit):5.360970931895193
      Encrypted:false
      SSDEEP:
      MD5:8100EB4E907E1F124A15F8428834ED0A
      SHA1:33586F4C60D37BBFAD6E292370F4F339159EA2DF
      SHA-256:CC298E8052DBE2D122BB1774A8423A26245B5666D493904A9380AA8195446ABA
      SHA-512:6179A6D65650C8CFE5EA4E30B397803D59D5882488FF67F7A2DCA14A42D794465490EB1E34D76CCB6903B079B3AF51D7B76FD510437391AE9AB31A907EE21952
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1123
      Entropy (8bit):5.692427620407943
      Encrypted:false
      SSDEEP:
      MD5:65213725F423BB459B95E50EA2F717EA
      SHA1:317676784F4EC403751319853134B3EC615579E6
      SHA-256:89925EE7212809A9B1165A5D2C03047BD4C264B13C86E0CE34CB939185EF5735
      SHA-512:C23EC3EADE5A23AB7448C633CD0F279A6FEFB4370FB9908C010B2EAB6DACF4DD3927F8C2C7B64E3FA859443884A47ECF76105C4ECCB81E15176E98955C01CBB0
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.309642001920619
      Encrypted:false
      SSDEEP:
      MD5:60054CFA2295F78814F09C11A617474A
      SHA1:2851D35AD1E6DB1CA6DF525716A06F3BAE66F9B6
      SHA-256:7D209F174BC10ED08DF19980830EA3EF8AC6197CCF7866821658BF99440C85EC
      SHA-512:B281FC264BA2894F42BF62089F6F582E2549D5A52A02EDA32232227164F676E41CD8A28F28B92873315F1EF2D2B7CF369BD6C1F277EF1DA6402C74D042133D90
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):292
      Entropy (8bit):5.312485991795256
      Encrypted:false
      SSDEEP:
      MD5:367FA910CAB6184FF0FACEC9F1875DDE
      SHA1:6D97F834E464C765D8D892A038E6C915A2641C0B
      SHA-256:53E93E4F8262C232D53E4BEFAA9D9C2BBB08E18A63EAD7BF95A20795879E34CA
      SHA-512:F46D365F48B6FB966283712A438102457F7227EFF63BE9A1B38A2335789B4146835E6EF6F20B1E6A040ED74E10BAE83A9E629C2CE14551D7AB06DFF102DD8C44
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.320404703289311
      Encrypted:false
      SSDEEP:
      MD5:CF29F39FF2AF2D2366B8EE5D6463942D
      SHA1:634D0F65618D61FA29426E82BC13C4B9AACBC13D
      SHA-256:4D1487B10BAB0E0DFC82A82AEF595F1C5AAFB8F1CE5AE3DB4C6783C3292CE145
      SHA-512:EDFCD1EC138CDBAAA99FDFC7B2551803CC8BAABCA0141D805E15E9F98B522701E2FA7DE6B47077ABC70A7CBE1A34B30687BA78590774A5D087A63BE8D5BF1AD7
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):295
      Entropy (8bit):5.335698081906712
      Encrypted:false
      SSDEEP:
      MD5:452625BEBBDCC0E768ECD602BEDF2F8B
      SHA1:06869B6FE4F9B27E1951EEB0003B6037FA35E42E
      SHA-256:1FB3EF3E28128DCC14CF08E4D8B2C4CE9A4A5D37EAB2B17C53F3B793382ABB4F
      SHA-512:B4E62FD603BB21C22B8810D03CACADBCDA436ECADCB49499794ADD64A78E21C98386F68487F732228CF2EDFDE38A8ECDCA253745B684700A3894360875EFD308
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.316680948437939
      Encrypted:false
      SSDEEP:
      MD5:10A1EAF7E123E2E87D62EC6A925FE0BC
      SHA1:D851756696E5987EAE638B4BE7466DBC597A07A4
      SHA-256:E46C194DB0A4F563718966A0FCD8063D8D9425522C63B7DEDD2E013618C6E966
      SHA-512:DDE0740A55485157901758AED4901B688ABA301A6FB2688B03AEB9C703AD8BFB7FFA7BEB1216DFD9968DADCA16080E20EEBAF12FE27FE7444933B9B3105C2A99
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):284
      Entropy (8bit):5.303024999930495
      Encrypted:false
      SSDEEP:
      MD5:01CD3AFCA266CB126100B16AE470642C
      SHA1:EFACEFF9B518562ECED23E617BC5199E191C2D8D
      SHA-256:D644509AAF6B986B030F2F4D33FC9034D8B0B52103EFC0570DD8784DEFCD157F
      SHA-512:028FAC3F4528F603BCA26296D6699A8AAA1E78CF7FABFE433F1C590DF74A07367B1F5F63B9DC3B6790819B7EEC403A51816B41D41525A1EA3CE884237CFCEC60
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):291
      Entropy (8bit):5.300113400418072
      Encrypted:false
      SSDEEP:
      MD5:2A199260DB7A4F2DA7EE3D1031B1E144
      SHA1:3654B52147BB17228B3C93DA0872B7D94FF731A0
      SHA-256:75AF3ED7ABEBAD88F68B711C1FF500A56B3FDE0B8251AC265C80050ED1FC7235
      SHA-512:890E50E6FA7409A126D485A05EE5E69364F79B221F3AC1E45962E4641DA17147769CFB1ECD297761EE514FD475EA8D6009A89CB21831A0F2EA7B9298F5911145
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):287
      Entropy (8bit):5.3037256099685
      Encrypted:false
      SSDEEP:
      MD5:34A9B52FFD6542F20F6F320C045DBFDD
      SHA1:4DD5667D408F08053F6891232A36C475F4504823
      SHA-256:B06921C1E526D8CCD3C816B659D77FE8DC50223712093C04A1D8F6AC0413187F
      SHA-512:6A0A033F6DCF86962D0C025DD718FFE4732B2DDA53CB37412DD634CEC993264B54E6B5EDC00ABF89DCD33319BF9EA4627FA7725F7DA68466D9EEF40387CEDF62
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1090
      Entropy (8bit):5.666854847616901
      Encrypted:false
      SSDEEP:
      MD5:BD241A0035FDD408E66A7538E96472A4
      SHA1:A919B0F9AA7453C567BD7388EA042D2839A2C4EA
      SHA-256:F39E7BEDD65631AFF4EF73B6428D8E9F0EF5710A658935489EC33F3D2DEC0498
      SHA-512:FB0E97C5A0CF11B2C8DFA116A0E8248C11BCFEA7BC18007D04A1448BED03DCD8D3B4398A7ACDF0F93CD32FD4DE3B25A05A5A6AED08185E7E2BA434D5AD74F1C5
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):286
      Entropy (8bit):5.2801400597660235
      Encrypted:false
      SSDEEP:
      MD5:05B91C3881DC2149EB1EB76C15BC10E5
      SHA1:E8CDFC8016C6F9FEAC0A335FD17CC7770ECFF741
      SHA-256:79B6543B1A7C480C11EFE532E2CFF3BDC641524D4A429CE1A1801339F74792D0
      SHA-512:3690BB34BDD34B98F11E32941A1E9855995BDB99DC3D202C428D205277DDE40E1E0E0FCFA54F3000EB88DBD77AC83AF534046CFB114F7C3F7D27F4F2DA15E774
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):282
      Entropy (8bit):5.2817718441074355
      Encrypted:false
      SSDEEP:
      MD5:058777DD17994BFEA9C9121501E7B76F
      SHA1:47EAE55D158656ADE0CD88E0611C2995076FF628
      SHA-256:E786A9FBDB41572909646AE68EDBFB32A86DDE5A84B85F199191F4268AE2387B
      SHA-512:F9D60666362530EFCFE06938300BE213E5C4D510615472E4C0756CA4104ACE5BA2A0C5DC6B800FA8CADD6DBA53248EA9A94B18C73661513EE16282558A37B688
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"0476f3ed-c3a9-4bf2-8cf1-0555c7ba5220","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737159220557,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):4
      Entropy (8bit):0.8112781244591328
      Encrypted:false
      SSDEEP:
      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
      Malicious:false
      Reputation:unknown
      Preview:....

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):2814
      Entropy (8bit):5.148269139165423
      Encrypted:false
      SSDEEP:
      MD5:A1FDE61929B8D30BB33EC199EBA677EC
      SHA1:41A2A82F676EBE52BE968E551499BDFA110F7E2A
      SHA-256:330DE7A32C2CEDA6B505F3CD642CCC12EE7F8542BC9AE733EBB22150224DCCEE
      SHA-512:13593D91D06E484FD34865D1D109984BDC412FB6C92D9D1DBCF27000BDC9675ADE1733281DA5E227924FB27AEDDADD3D91399312871047EC56AE005B5A1FE495
      Malicious:false
      Reputation:unknown
      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"96df863d2c5f8386100d3b516f359cb4","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1736984514000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"2892535430f5877ea24f19e4523a4827","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1736984514000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"59e8dbe9252a29fb80521348d262422b","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1736984514000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f1cd99b97f5532b606d451f252984941","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1736984514000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"e36aa9f653f839d2ef479c63cd17859d","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1736984514000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"418cdce3865ef780d651252abbdde554","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
      Category:dropped
      Size (bytes):12288
      Entropy (8bit):0.9879042271037622
      Encrypted:false
      SSDEEP:
      MD5:6705D58512DC01376DE9D2E9B8517DA4
      SHA1:00B4FA94EC037B04FE37B2D62158CC20B5230E03
      SHA-256:86390F47F4424267A8DC4947EC75E357901ACD8F670A752C1A0FFDB30FEE4387
      SHA-512:47A12E8EAF725C3971C1592DE567D9D425A312FB2856A6EEABBEED1DF3DAEFD3AA1805C74E143E4C56607E92F73E9758B53EE59248D588F7A35B056C61655832
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):8720
      Entropy (8bit):1.341724156531347
      Encrypted:false
      SSDEEP:
      MD5:50265DDB3FE3C6CC84C5491D24543E02
      SHA1:78AA98C59244E1D1D3BFE495C44117F86AD90C72
      SHA-256:9EAB27DE82A7B3CB2C34C811E7E70DF698C13A2CDC50A35001EFC1E92D9B5CDA
      SHA-512:E30D86DDD06162CBC7F4BDC51B2C51ED546C92716F411215C840FEC5783A477393C50DB526AF03B96E3565120331BC39953773FC39DF86403A6477CAFC142D70
      Malicious:false
      Reputation:unknown
      Preview:.... .c.....QoUN......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):66726
      Entropy (8bit):5.392739213842091
      Encrypted:false
      SSDEEP:
      MD5:5E6012BEAE81271FF19BC5C5862EE8B2
      SHA1:2467C88B39111AA0718589938080F655574E51C7
      SHA-256:4A2559B053F6B756555F1C8CCEA6237732F8B05AA122DC2592E19A5D0FA0AE8E
      SHA-512:F3511DFB344C2604FEDF3CF76DB01F7DDFA784DFDBA07FFD3BA03AA498775DF09D641B17ECBE7A2A3673CF45204D2E61430137B78CE4E2FBA6A64CCC5764FF91
      Malicious:false
      Reputation:unknown
      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

      C:\Users\user\AppData\Local\Temp\MSI69279.LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
      Category:dropped
      Size (bytes):246
      Entropy (8bit):3.5217358039039093
      Encrypted:false
      SSDEEP:
      MD5:568AD5C11A221416FE3655683A29B68F
      SHA1:13E2FF390C9AC261BA8B4DCA6B3036D09C7A14D1
      SHA-256:DFDFADDB1FA85F64542F5194DEB7AD5120D2DE4F1D0CC83913F80B6F6FC8D615
      SHA-512:5AD8229164FAE3D151BD393E71048CFB4004C28466D6834C26BB3A402E50F8E9D95681D9D8F52A5EC8862B22C323D14A4350FA9AF749157289E244A460779A2D
      Malicious:false
      Reputation:unknown
      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.5./.0.1./.2.0.2.5. . .1.8.:.4.1.:.5.6. .=.=.=.....

      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250115T1841310229-6532.etl

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:modified
      Size (bytes):90112
      Entropy (8bit):4.42543615523257
      Encrypted:false
      SSDEEP:
      MD5:2CDED8A9DC0CCEE4AF09145B465DEB53
      SHA1:328B3B0A56F596F76F23DE9B1BFCEAC1349DC31D
      SHA-256:E0DAF061A61EE3AEE9EF32A972BDB9CA32442A52975B121CD1345998ECE9BD6A
      SHA-512:B6EC7FFE9CDE8CAF0EEB6C3440F3E228C60DDD507662D1BFCED922CABA8925C891BA153E210F965E2BC53990FD469A672CE6AF77BFD0E954DE168B6355959A03
      Malicious:false
      Reputation:unknown
      Preview:............................................................................`................g..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................V...Y...............g..........v.2._.O.U.T.L.O.O.K.:.1.9.8.4.:.b.c.5.0.0.c.4.4.8.e.a.8.4.f.d.e.8.8.9.3.f.8.9.6.0.8.f.c.2.4.4.c...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.1.1.5.T.1.8.4.1.3.1.0.2.2.9.-.6.5.3.2...e.t.l.......P.P..............g..........................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-15 18-41-51-391.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with very long lines (393)
      Category:dropped
      Size (bytes):16525
      Entropy (8bit):5.353642815103214
      Encrypted:false
      SSDEEP:
      MD5:91F06491552FC977E9E8AF47786EE7C1
      SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
      SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
      SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
      Malicious:false
      Reputation:unknown
      Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with very long lines (393), with CRLF line terminators
      Category:dropped
      Size (bytes):16603
      Entropy (8bit):5.3454442747272894
      Encrypted:false
      SSDEEP:
      MD5:637FAFAC67AC4EF3C697A54EF5096DCE
      SHA1:C1FC070F002F41C7D062AA9782FCA7A7C31FA5DB
      SHA-256:BC2A51F0E2FB3E17A3FA61528946BB56F1525E5BECBC2FED8DCFCEDC6DC773E8
      SHA-512:522CDBFF8C8BC032AB9269E273DD168FBF28371D214EBA84D89AB8F86541101CB4C4424C421BA4D0024F89E98ED97FE38065756DEA5BBF75517FE38D4C16D1A6
      Malicious:false
      Reputation:unknown
      Preview:SessionID=fa3c257a-25e0-452d-908f-21b6e7cc266c.1736984511414 Timestamp=2025-01-15T18:41:51:414-0500 ThreadID=4960 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=fa3c257a-25e0-452d-908f-21b6e7cc266c.1736984511414 Timestamp=2025-01-15T18:41:51:418-0500 ThreadID=4960 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=fa3c257a-25e0-452d-908f-21b6e7cc266c.1736984511414 Timestamp=2025-01-15T18:41:51:418-0500 ThreadID=4960 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=fa3c257a-25e0-452d-908f-21b6e7cc266c.1736984511414 Timestamp=2025-01-15T18:41:51:418-0500 ThreadID=4960 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=fa3c257a-25e0-452d-908f-21b6e7cc266c.1736984511414 Timestamp=2025-01-15T18:41:51:419-0500 ThreadID=4960 Component=ngl-lib_NglAppLib Description="SetConf

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):29845
      Entropy (8bit):5.419826130838899
      Encrypted:false
      SSDEEP:
      MD5:F3896020917064360000D48C6351D39C
      SHA1:6A4CB7A8AF6AFF7C4EC52A0DD40121864EDA16AE
      SHA-256:A93756FEC9C3F0EF3C5407C24FDDADA4AD05564F4BF6C3182724D4304BC74C3B
      SHA-512:3B9AF46000C6F0421A9CE9143827201C2ADCBE60ABE05E6AFF98ECE7B9C77F41AE777EFFF1DB20AD55A471BAE6D27EEA883D29534620E74129D210852BC9D776
      Malicious:false
      Reputation:unknown
      Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

      C:\Users\user\AppData\Local\Temp\acrocef_low\1c64eef6-e576-4ae0-a55d-e12b82b8d2da.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
      Category:dropped
      Size (bytes):386528
      Entropy (8bit):7.9736851559892425
      Encrypted:false
      SSDEEP:
      MD5:774036904FF86EB19FCE18B796528E1E
      SHA1:2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
      SHA-256:D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
      SHA-512:9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
      Malicious:false
      Reputation:unknown
      Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

      C:\Users\user\AppData\Local\Temp\acrocef_low\51d95f8c-b3fd-488d-a7a1-2652dc09a038.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
      Category:dropped
      Size (bytes):1407294
      Entropy (8bit):7.97605879016224
      Encrypted:false
      SSDEEP:
      MD5:016655F38E6C7762B1FCFB735B0852F1
      SHA1:4C01C5653234E32B987A2D206A746AC0198407ED
      SHA-256:4774550CC0A0CC20E941F718395A4C6783B0588F37BA376291A4191E0BF32B09
      SHA-512:787163B4D94DBFA314988BA1D3C19F4E78116A5567F471AB873E5E8F4283A184CC318E07DACACEB877A994971E1C780CB2D804FFFBFD4C04E263FD305C9942F2
      Malicious:false
      Reputation:unknown
      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

      C:\Users\user\AppData\Local\Temp\acrocef_low\7877b863-ffa9-4bd6-b3b3-e600dcab7538.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
      Category:dropped
      Size (bytes):1419751
      Entropy (8bit):7.976496077007677
      Encrypted:false
      SSDEEP:
      MD5:F6CACB4A8F3328CA8C06812420C0337E
      SHA1:184589C5954FE73E4DF5569A0D0E2F85189917DF
      SHA-256:91E9A938AF33129F4DD910E38980BEAC9C64982E76458D75B92CB03B0FBCDFD6
      SHA-512:78D790967B665A9EC54C92ECB89336A67D8ED7B385B25AC465A28F31BF88D7DFC1A2FAE4791BEE33E48CE5EF783C1C9169D1C905E9CFCA090FF54C71335FA0A0
      Malicious:false
      Reputation:unknown
      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

      C:\Users\user\AppData\Local\Temp\acrocef_low\eaf5cea6-ad4b-4bd4-a8a3-e487472c3a29.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
      Category:dropped
      Size (bytes):758601
      Entropy (8bit):7.98639316555857
      Encrypted:false
      SSDEEP:
      MD5:59EE5E2FB56A099CAA8EDFD7AF821ED6
      SHA1:F5DC4F876768D57B69EC894ADE0A66E813BFED92
      SHA-256:E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75
      SHA-512:77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE
      Malicious:false
      Reputation:unknown
      Preview:...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=*.R........4..(WCMQ..u]]R...R......5.*..N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]|..7;.5....^..7(.E..@..s...2..}..j....*...t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...z*Bs|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5|:bj[.._R{gi...^

      C:\Users\user\AppData\Local\Temp\~DF4ADE40CB462DFFCF.TMP

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):155648
      Entropy (8bit):0.4445724389116663
      Encrypted:false
      SSDEEP:
      MD5:94DB1E3D2129155C771CF91139C85C96
      SHA1:EF003168F96219FA1532C227FD328CBFC6CF0FB7
      SHA-256:C0D7C8618194A5B7EBB9D06007E22825DF38966BD7FF2D1C95F18B7A1AB15842
      SHA-512:442073548CCB8FB03F7EC8DE31F876B478B34BD598EB942332DF7C9C34B6CBC51FB6E6B4473F72394DBAE881A2D4B7A194F078D6074D42254149ED1AAC2FB264
      Malicious:false
      Reputation:unknown
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Microsoft Outlook email folder (>=2003)
      Category:dropped
      Size (bytes):271360
      Entropy (8bit):1.471201479155078
      Encrypted:false
      SSDEEP:
      MD5:CCAB5EE62E042411C130E3CEAC5A0DE2
      SHA1:EA9EF77178AAF117A77F4ABFDD964267E44C4C35
      SHA-256:EE26D78DF639163054EF372D8C4F485859743B232EAFFA2F4B4A00F37B96C561
      SHA-512:BEBC7DFBA23458CB672D991A49778FA9F8DA1E6122D77E49CE6058B0B476FA6D8456C74F3C53CF1657C99B42E941B8BAA4709A5F5ADDA9F8007B233ED62205BD
      Malicious:true
      Reputation:unknown
      Preview:!BDN(...SM......\...A...................]................@...........@...@...................................@...........................................................................$.......D.......B..........................................................................................................................................................................................................................................................................................................................@.......t.x.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):131072
      Entropy (8bit):0.8567168887660291
      Encrypted:false
      SSDEEP:
      MD5:B4254FEF3EBA384E47FF2B089F5953F7
      SHA1:AFFF3BE7BC0FBCA8D84EFA68D8A689607635C293
      SHA-256:2B378A01BF177DB189A997F98551B3ACFDA0EE600CAA28B6BF0C183F056311A1
      SHA-512:CF7B933F203428BE9B08CF978E62050FE7F1896AB08EBF1718C26870DD2D94AC5C86F716D6E562CDBAB9AF604DA3F150630CE98AA88B7185D98CC1CADFC69871
      Malicious:true
      Reputation:unknown
      Preview:....C...I............D...g....................#.!BDN(...SM......\...A...................]................@...........@...@...................................@...........................................................................$.......D.......B..........................................................................................................................................................................................................................................................................................................................@.......t.x......D...g.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

      Static File Info

      General

      File type:CDFV2 Microsoft Outlook Message
      Entropy (8bit):6.74786089623547
      TrID:
      • Outlook Message (71009/1) 58.92%
      • Outlook Form Template (41509/1) 34.44%
      • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
      File name:FW_ Jill Donnell Asset Verification .msg
      File size:282'624 bytes
      MD5:7ab6e4a3da1c32cbc9f78154f77be20f
      SHA1:634d14fb8a86a76256dcfc831ed420b05996dc91
      SHA256:dc0a8159adb057260c625301c4427434a72f166aaa48e79ab346a01d1b7625ec
      SHA512:e63a64b30ef5e4bf2664c17e9d068ec8918b544ebd343dd53ce5b5061a58ae4d90e5dec4ad58dc5951af9033ebdf446b004c19ab9af45c3e9c843767160c370d
      SSDEEP:3072:zEmyG8EPuPtb/dv1TVMHmBVU2HtlaiOXdMDigO/8Zunm/akWaS7kQddit/BrgOR:c1NTVMHHXdMlk8ZjQddK/Brg
      TLSH:0C546D2535E54A1AF27BCF7289E38097D526FC82ED10D78F31D5730E1571681A8A2B2F
      File Content Preview:........................>.......................................................}..............................................................................................................................................................................

      Static Mail

      General

      Subject:FW: Jill Donnell Asset Verification
      From:Stephanie Follett <SFollett@FirstFedWeb.com>
      To:Luis Maciel <LMaciel@firstfedweb.com>
      Cc:
      BCC:
      Date:Thu, 16 Jan 2025 00:39:54 +0100
      Communications:
      • Hi! Can you scan this document to ensure its safe? Came through customer service email and forwarded to us Stephanie Follett Operations Support Supervisor Home Office 118 NE Third St. McMinnville, OR 97128 Main (503) 472-6171 Direct (503) 435-3250 Fax (503) 435-0715 www.FirstFedWeb.com <http://www.firstfedweb.com/> <https://www.facebook.com/firstfederal/> <https://www.instagram.com/first_federal/> <https://www.linkedin.com/company/first-federal-savings-&-loan-of-mcminnville/?viewAsMember=true> <https://www.youtube.com/channel/UCgGrkBPKOtKE-dMx-23qnwA>
      • From: Customer Service <CustomerService@FirstFedWeb.com> Sent: Wednesday, January 15, 2025 3:23 PM To: Operations Support <operationssupport@firstfedweb.com> Subject: FW: Jill Donnell Asset Verification
      • From: Teresa Velazquez <Teresa@hayc.org <mailto:Teresa@hayc.org> > Sent: Wednesday, January 15, 2025 3:14 PM To: Customer Service <CustomerService@FirstFedWeb.com <mailto:CustomerService@FirstFedWeb.com> > Subject: Jill Donnell Asset Verification [EXTERNAL EMAIL: Take caution with links and attachments. ] Your cooperation is certainly appreciated. Jill Donnell Social Security # is 543-02-2827. Thank you Teresa Velazquez Housing Authority of Yamhill County Direct: 503-437-5476 | Main Office: 503-883-4300 teresa@hayc.org <mailto:teresa@hayc.org> | https://clicktime.cloud.postoffice.net/clicktime.php?U=www.hayc.org&E=customerservice%40firstfedweb.com&X=XID726daoXoA4572Xd2&T=FF1001&HV=U,E,X,T&H=7cb5bb64952ba1ab6ec9ba51b40ad15c508cf7ec <https://clicktime.cloud.postoffice.net/clicktime.php?U=http://www.hayc.org/&E=customerservice%40firstfedweb.com&X=XID726daoXoA4572Xd2&T=FF1001&HV=U,E,X,T&H=b679d1f8e838a9a4772ded2d55650eaec0d77784>
      Attachments:
      • Jill Donnell Asset Verification.pdf
      • image001.jpg
      • image002.png
      • image003.png
      • image004.png
      • image005.png
      • image006.png
      • image007.png
      • image008.jpg
      • image009.png

      Headers

      Key Value
      Receivedfrom DM6PR22MB1788.namprd22.prod.outlook.com
      2339:55 +0000
      Authentication-Resultsdkim=none (message not signed)
      by SJ2PR22MB4399.namprd22.prod.outlook.com (260310b6:a03:546::15) with
      2025 2339:55 +0000
      ([fe80:cfcf:1625:39e3:ea1d%5]) with mapi id 15.20.8356.010; Wed, 15 Jan 2025
      Content-Typeapplication/ms-tnef; name="winmail.dat"
      Content-Transfer-Encodingbinary
      FromStephanie Follett <SFollett@FirstFedWeb.com>
      ToLuis Maciel <LMaciel@firstfedweb.com>
      SubjectFW: Jill Donnell Asset Verification
      Thread-TopicJill Donnell Asset Verification
      Thread-IndexAdtnot6BaQIbRTv4ReC6BSmzXds13AAAXUegAACWh+A=
      DateWed, 15 Jan 2025 23:39:54 +0000
      Message-ID<DM6PR22MB17887A1B8D5EBDEBE551FD35C7192@DM6PR22MB1788.namprd22.prod.outlook.com>
      References<PH7PR15MB536529A652571FAF1272F9C2A9192@PH7PR15MB5365.namprd15.prod.outlook.com>
      In-Reply-To<SJ0PR22MB383004C7C7A128B4AB868079A2192@SJ0PR22MB3830.namprd22.prod.outlook.com>
      Accept-Languageen-US
      Content-Languageen-US
      X-MS-Has-Attachyes
      X-MS-Exchange-Organization-SCL1
      X-MS-TNEF-Correlator<DM6PR22MB17887A1B8D5EBDEBE551FD35C7192@DM6PR22MB1788.namprd22.prod.outlook.com>
      MIME-Version1.0
      X-MS-Exchange-Organization-MessageDirectionalityOriginating
      X-MS-Exchange-Organization-AuthSourceDM6PR22MB1788.namprd22.prod.outlook.com
      X-MS-Exchange-Organization-AuthAsInternal
      X-MS-Exchange-Organization-AuthMechanism04
      X-MS-Exchange-Organization-Network-Message-Id18c9d560-e63a-4a3b-6671-08dd35bdea25
      X-MS-PublicTrafficTypeEmail
      X-MS-TrafficTypeDiagnosticDM6PR22MB1788:EE_|SJ2PR22MB4399:EE_|LV8PR22MB5166:EE_
      Return-PathSFollett@FirstFedWeb.com
      X-MS-Exchange-Organization-ExpirationStartTime15 Jan 2025 23:39:55.7414
      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
      X-MS-Office365-Filtering-Correlation-Id18c9d560-e63a-4a3b-6671-08dd35bdea25
      X-MS-Exchange-Organization-BypassClutter$true
      X-Microsoft-AntispamBCL:0;ARA:13230040|366016|8096899003|41050700001;
      X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR22MB1788.namprd22.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(8096899003)(41050700001);DIR:INT;
      X-MS-Exchange-CrossTenant-OriginalArrivalTime15 Jan 2025 23:39:54.9704
      X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
      X-MS-Exchange-CrossTenant-Id3778f0b2-789a-4d43-b25e-d4fe25a4c3c0
      X-MS-Exchange-CrossTenant-AuthSourceDM6PR22MB1788.namprd22.prod.outlook.com
      X-MS-Exchange-CrossTenant-AuthAsInternal
      X-MS-Exchange-CrossTenant-Network-Message-Id18c9d560-e63a-4a3b-6671-08dd35bdea25
      X-MS-Exchange-CrossTenant-MailboxTypeHOSTED
      X-MS-Exchange-CrossTenant-UserPrincipalName50hPiIj/mjhhITKr/7ZfQojTfYrechDhG7AxwMEZdSQ1vXLxfXL3ApeyTd50CQgXinTcZPiiXAAXV9PL9ZARX7vXQice12EvfFxLDBBN9/w=
      X-MS-Exchange-Transport-CrossTenantHeadersStampedSJ2PR22MB4399
      X-MS-Exchange-Transport-EndToEndLatency00:00:02.8173460
      X-MS-Exchange-Processed-By-BccFoldering15.20.8356.008
      X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003);
      X-Microsoft-Antispam-Message-Info+pOTcT5HmdHBYr3bncdDfZro26lHqKF/4pNVtcFY0q5INL5vfMUMEQkbK4yOrhfbTsP/LjsznfUGvzkNRNZ3ZOwVi3olrX48L7QzWoGLNX7EfocjnHWxlE2NWsXAvQcLEMxvRueF8fGhE5a11ioJaT/Ul3Zm+TfN+M07W89BfiKAc4X08v+NVo4jkVXIdP2zJUiYE2AuLA7tiVsrx9h4WsGxUXj6CMbIJxTZBkn7ayJ2nYlW0EZf0UZ7ZsISc99JDfvVOjoNu/lGyCieTAOgWvh8QtpwwNIomC1Lytx3+oTmwcKJXicbiSEAeqIWaLFishmbPR5jlG6pg/7X4R1YY95ZuRMDJpPSounedrqelAjkMLppbg/Bn8MtK4ZggpUaLwnSJNl4xkS/vDHrcuQquYcITBe9DiAp8YYd4RGMTupYRHjVBeVVII7WrzcKLTa25pkyuD0OxXoFcatheTiFmkFQmuasGoLrXaW4rPAlE+HCtuo+D9D82+2TG6IbYdaBT8SacC+/aTu6LkdcHFqzk9oiNAiD72aQDe4SisOH5BZrIfNaykKSmhmPyryPKa7aGXWasbLYeXRZVCMTaUy/V4mpHZUJABye9LMunVWjDKdjuSG0nSEZIJ4EO+A9hFZmXOLbbTteGEVZFpI2/JTY6asGWtDpsVdQtpMBCidYjfgevHlUetzTybU++N2HglYGiBPrQMQLC7iTyHZFlpEu0kCZk5a45evTkAtyp1jD0dBA8/zE4ZnbkOPxAv6HY2Jd
      dateThu, 16 Jan 2025 00:39:54 +0100

      File Icon

      Icon Hash:c4e1928eacb280a2