Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
payment copy1.msg

Overview

General Information

Sample name:payment copy1.msg
Analysis ID:1416965
MD5:306d43c45f56e82c50e88c8f143eff94
SHA1:c1a3c2600dce514e693cf15926648a0a74d26103
SHA256:a97bd6db02f1a4f0ff8ac78f03e6c014baf6c2c0804e2c9b725691b3d1779834
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Checks for available system drives (often done to infect USB drives)
Creates files inside the system directory
Deletes files inside the Windows folder
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Tries to load missing DLLs

Classification

Analysis Advice

Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 4360 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\payment copy1.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 2372 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B5FC4A70-8B3B-49C0-A4ED-0EADF65A9607" "181E969C-7A51-4646-90AA-5AF9567181DC" "4360" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 1444 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W8J1AZEM\Proof of payment1.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 1300 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 3316 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1572,i,15098473719561117329,763112082443903669,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4360, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W8J1AZEM\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4360, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownTCP traffic detected without corresponding DNS query: 23.62.172.142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI887.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8E5.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI906.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI926.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI946.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI966.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9A6.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9F5.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA63.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA84.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAA4.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAD4.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIAE4.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB05.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI887.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: classification engineClassification label: clean3.winMSG@22/52@0/19
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240328T1114560643-4360.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\payment copy1.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B5FC4A70-8B3B-49C0-A4ED-0EADF65A9607" "181E969C-7A51-4646-90AA-5AF9567181DC" "4360" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B5FC4A70-8B3B-49C0-A4ED-0EADF65A9607" "181E969C-7A51-4646-90AA-5AF9567181DC" "4360" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W8J1AZEM\Proof of payment1.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1572,i,15098473719561117329,763112082443903669,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W8J1AZEM\Proof of payment1.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1572,i,15098473719561117329,763112082443903669,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		Windows Management Instrumentation1
DLL Side-Loading		1
Process Injection		11
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion		NTDS14
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
52.113.194.132
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
51.11.192.50
unknownUnited Kingdom
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.111.227.28
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.56.8.145
unknownUnited States
16625AKAMAI-ASUSfalse
3.233.129.217
unknownUnited States
14618AMAZON-AESUSfalse
23.62.172.142
unknownUnited States
3257GTT-BACKBONEGTTDEfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1416965
Start date and time:2024-03-28 11:14:20 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:23
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:payment copy1.msg
Detection:CLEAN
Classification:clean3.winMSG@22/52@0/19
Cookbook Comments:
  • Found application associated with file extension: .msg

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 52.113.194.132, 51.11.192.50
  • Excluded domains from analysis (whitelisted): ecs.office.com, onedscolprdfrc04.francecentral.cloudapp.azure.com, slscr.update.microsoft.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, mobile.events.data.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetValueKey calls found.

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):291
Entropy (8bit):5.221259811364196
Encrypted:false
SSDEEP:
MD5:B5FF743C45B6686823937B397FA7F5F4
SHA1:0C3742B2C4B9F2834279D0B6E5EDF1DDFEB3F726
SHA-256:D76FE8BCA5347D07A66C7BF5AD297A042C169C7B5788A13D65E2555138968327
SHA-512:7A8A015664F8CEC6E48677EA960DBF087B2E82E5483C552F32788ECDD2B1637FBDB108D39082B3040D19A4A15D62C94EF7DBE74413471556AB596B1C388DB00D
Malicious:false
Reputation:unknown
Preview:2024/03/28-11:16:16.384 f84 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/28-11:16:16.385 f84 Recovering log #3.2024/03/28-11:16:16.385 f84 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):338
Entropy (8bit):5.145937043357883
Encrypted:false
SSDEEP:
MD5:0933BD475DC779B9CF06FDF52BC251A8
SHA1:D0C13B3F36CBE4723633D1429993828AD29AF690
SHA-256:EF1E8510E3A278FCCAAA5263A5C43C448084945DE9547E39003E2FB10996122C
SHA-512:7FC15EDA94A34CC8EEF28A9D6A2E5A54AAA039ED9258A1F892AC92785711C5544BC9A25951CF57D7F6D0C520D00F30BED89DCA7EC4790D758C6171EAA15191DE
Malicious:false
Reputation:unknown
Preview:2024/03/28-11:16:16.242 11a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/28-11:16:16.245 11a8 Recovering log #3.2024/03/28-11:16:16.246 11a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):6391
Entropy (8bit):5.249849976452304
Encrypted:false
SSDEEP:
MD5:0C0FF9D37586D2C475E754C8649160F7
SHA1:D525468969DCD8B677AFBBC15C337DBAC66CA570
SHA-256:0EA2CE3BA12BA4B66BA895468A339DC6280F379FC6FAB5B090416B82C2C8B36D
SHA-512:6D72AF43BC7262D1B5F2A7A0162FEAA289372C5A5B66FD27FA05B0553C0BAA90CEAFB062FA145C81BB32380FB3C406C0D5F360F154EF177B33BAE6E855454C26
Malicious:false
Reputation:unknown
Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):326
Entropy (8bit):5.137127399801408
Encrypted:false
SSDEEP:
MD5:9083093FC6A4201BF5A848C186740ADF
SHA1:7A5E6F5A4AF7B05A65391C9BD05A33BB72B12934
SHA-256:1C7FBB9A01B55B9D55C1F0238960D6901F0D14940482FE9ECFD9CDB74A21DF17
SHA-512:2C55BCFC7750B2254737A4701A9C045DFD1C676D4867C8E9FEA3539A9E9796056EF152B61F0671CD0D5FB585587D4B3E55FAE60EBD5ADF894539FB0E80890B93
Malicious:false
Reputation:unknown
Preview:2024/03/28-11:16:16.440 11a8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/28-11:16:16.442 11a8 Recovering log #3.2024/03/28-11:16:16.444 11a8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240328101619Z-180.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:dropped
Size (bytes):71190
Entropy (8bit):2.6537361959239814
Encrypted:false
SSDEEP:
MD5:CB0705B8324245C29ED09369E5EC9C4F
SHA1:3470985267FC42D6DDA427832AA427DEBEB4ACB5
SHA-256:EAD7E2CEAB10A2744CA72F806A38B8C9D9723FB27A792246A32821C6748ACF38
SHA-512:74678060D33EBBAFBE3F4CFBC77BC89654F92A2E2C2CCD8ABA1504B40291891F399E7CF30A749AB23987A938423AAA2AE218B721052A56A29D6ED4B2647A6896
Malicious:false
Reputation:unknown
Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:dropped
Size (bytes):86016
Entropy (8bit):4.444890668612129
Encrypted:false
SSDEEP:
MD5:05439F1EA5433167C1824D89E3242F33
SHA1:9EBD9E2059CE3004B796FF7A604B8733465FA0EB
SHA-256:580909450A22038B0E52DB4A69F7EAB2DCEAD973762F6A3F9D0890C303F47AFE
SHA-512:6AF548E26E28019F2B70C5549900F5DB5E34317C3D897F3E36BF9FDDB7029B37C3A153C74F94EB238C4C3F808CC012A69AFCFDD2CA5B801C88AF49F1F5460F39
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):3.7679129268336506
Encrypted:false
SSDEEP:
MD5:9110A96BBD6D82709E0AD95120196369
SHA1:3419F7DEE08DA8A15B89331369C56F5F982BB801
SHA-256:9209F5E929A6E28F362EC1FEAA7EDC5B6B48419FD5783DB2EB554DDD108B486D
SHA-512:E77271C8A71FB4A8FC5C9A31BA7B38DCBBCC9F0292245BC522CCBA1958DDE7C08F8B7198C0631C87AA4CD1D82624FEBA4EF265D2E79D54535A17EC49A510909E
Malicious:false
Reputation:unknown
Preview:.... .c......e.~...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8BA9D8BEBA42C23A5DB405994B54903F
SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:false
Reputation:unknown
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2828

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):1233
Entropy (8bit):5.233980037532449
Encrypted:false
SSDEEP:
MD5:8BA9D8BEBA42C23A5DB405994B54903F
SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:false
Reputation:unknown
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8BA9D8BEBA42C23A5DB405994B54903F
SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:false
Reputation:unknown
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:B60EE534029885BD6DECA42D1263BDC0
SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:false
Reputation:unknown
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.2828

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):10880
Entropy (8bit):5.214360287289079
Encrypted:false
SSDEEP:
MD5:B60EE534029885BD6DECA42D1263BDC0
SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:false
Reputation:unknown
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.35217356241872
Encrypted:false
SSDEEP:
MD5:44944E242DA82AC2F6C8CE24EE8C4B5E
SHA1:0A29203A97339329C501F52F20A26972DAB046A2
SHA-256:BFFE4348C736773E7AD673780A08A8FDDE941EC27D633B55A41F228C9DE10635
SHA-512:083D55A07B85F1B56CDED4AA0D30FE46243281B80C3D090170911262DF7258A4B05B64BFD09512980D8502D5A48D5EFD501DE142333B001655BBA0FB870CDBBD
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.2993504249443495
Encrypted:false
SSDEEP:
MD5:762EEC27EF45285EBADEE154C8316AA0
SHA1:BA3500C0D717DDA4D5B1EF2585E13F0CD6ED2085
SHA-256:A607448AD4FC45A0C4BE4ACD8C4B8C383A7561D0F8D657CE8D550A49943EC76A
SHA-512:3A5EEE1D6B5AE1BE31C90A3BE00EE2CD7BD679B5F44EB58B2965BDBD490A20EBEA28D60C13FE2EDCC81EC6AC5A967F1BA5D5A039D771AEFEC26433D90ECA23BB
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.277200518521419
Encrypted:false
SSDEEP:
MD5:EB5A78FF250E89FD5C2E1648BFC6606C
SHA1:1E43FE30DFE722BD29F979D0C14C6782B50DFEBF
SHA-256:F1DA6D22D1B6F722CB1879414C31E20A6056FE30B14BD27164448C87D58D3780
SHA-512:C3BFBC66E8CEC7225024A8ADBDCB7717D1AE5A4BF69A7D0CF89BA62DE0BB1EC8CD68F93DEC552855857421144B97B397DE254F66D4066170534720E8459A5FA1
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.337877420782277
Encrypted:false
SSDEEP:
MD5:5722744F00EC24D0954F9864F8FF3440
SHA1:C7E07423194DA2A0C8F23813BA23975A85631AFA
SHA-256:E41F7D4E7EBC81BF3E7104674C1AD6571769BE3ED9C3A3722C6110FA3BD4E137
SHA-512:F55A2C6A5673025693F84B12E1D3691B59B62E6F25793856224B1608711D97A7F0A89275C8A8134796C1F8553AE215137BB1F32E3A08D9BC338F054957F4E888
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.3036733747399545
Encrypted:false
SSDEEP:
MD5:3DB4B08E137A33DB16C84D9CCC433030
SHA1:13E7BB2BD077CFA11E43E423E2EECDB315A7DD4A
SHA-256:291B43DEEFD770FBF7F7A5860265F61E2C27B5FA6D44F9D0AFF28CB77F7A6BA4
SHA-512:D43A7D457291830197FC92B24E0FA9D3581CFB121F75069D0D80670407614D667AA5E8AA3C36BE56F5C436D3933E49E38CAE89774C6B653E92D02653480140AE
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.289120220783608
Encrypted:false
SSDEEP:
MD5:57A9D6E2A8749D7CFCA59064138ED4C7
SHA1:9500C7A42BB6554290F2F3B4DFCB2CF42D5FA2EE
SHA-256:39C276A9DB6644874204F701A1E7C65213B75A1817E15B5DAC4DCC00B59BE7B9
SHA-512:2191DA38E7C51FD08F1F13D3EFC6A991810B3230F19C6703014DAFE35C7C45CCED790E95B36350E0EB0D2E57729DE5CF8DBA862EA3B495D5DDC92BE573984B9B
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.290496198150498
Encrypted:false
SSDEEP:
MD5:DD210595E206A1864F364EFEC4F5F257
SHA1:67A084E43EA50B31CF2CEBC4082A9E02173DD3FA
SHA-256:4CF535C01275ECF24830EA9C8D7F300F2EA7671E34FDC9ECDA7C319027C10693
SHA-512:655BC8DCDE5B86833997C9F1D7BBC14E2766A24DEE36C3436F0F094A4C3995652E9025A12F3D4A47E94D00449C5EB097613C0F5911CBCDBF8D53E0A541C14C61
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.300508560447747
Encrypted:false
SSDEEP:
MD5:B9DEBAF4669F8EE75738A560DCFF5E35
SHA1:9A79C43D4C51A0132AC5ED6C91BD1CCE7426E2E7
SHA-256:48BC5D40FF58C0A87709EB210DDBC4CE50AD3CC90A5C060A135808EFECC9EBB2
SHA-512:FAEDF9A4E12F715A10D58988DEBF2CF42015FD99D457573C6A8F67910E3ABCBBE4EA67B012CD47BBF59A79CFC6DAF5D8144ADF1DC6123B660C3E56EE6E89B93A
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.31620660637718
Encrypted:false
SSDEEP:
MD5:857E91E7028F9BD7DFD7671E8FCA1784
SHA1:03EB381123F46EC6A261501626F56D4AF59167D1
SHA-256:15352BE8853AAA068FBCD101B38EA75CA29A7739C035DA68A7F811B821968740
SHA-512:FF4F62EE8D5803E0CCD2DE8EFFC34B27ADA29CDD5C4B52F28443666F1DC047C7BAC8212340C92F347B4ED1181193F71175887CD7B1310845B460E3EB658C617D
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.296784805596374
Encrypted:false
SSDEEP:
MD5:312CB948DE3C39AB5275D31FA80DB3B1
SHA1:45BA4921653EE475BC55CC823EC18A036CEAAAEB
SHA-256:BE10F24565E18B19FFE5D426CC00FFBCECEC0659CFDED2DA13367F70DB845437
SHA-512:FE42A1F6DA9B7CE0AF485B5210A26AF214A36D13D03E228AEB3EABAFF07720B93EA4FA1BAEE412643A984BB8BB8474E135EB5EFA6D7E9E38C96C4F8B188CB033
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.7747044796359175
Encrypted:false
SSDEEP:
MD5:9C5ADB1E077B9FDA48CB5104E2E2C96F
SHA1:4025DED3F351A3430376B39FCDE0B3D82614F633
SHA-256:04FDA196D77344C4EAA930FF6D2F28B6092B005F44A9E179362A9ADE44088568
SHA-512:48B89101A3FCE0D0696B1771B2319FD6DA4B30AF27DADDF03A85E2F9A1187E68D3A63F5E6BDB6D0159AD77295D3010BA354B7D34FCED0E89C5CEBA2AD1AD5C15
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.280354000826276
Encrypted:false
SSDEEP:
MD5:02D62DBE5FFB44C7A79393CDC5C2E7B3
SHA1:54EEC6E2FEEC7DC572FBA1DD31F6581AA800FA76
SHA-256:E68495553163335111E4E44436E7BC0043FE584999FB5FD6D33CACB48F4E7E1C
SHA-512:4A56448EC0A6C0F08BE212BD1C78A54644C0CCD72496718F98CFEDC9E97B5A2861D7E3341C0948D59534C0836C0145CF3E1D98285CF6F6CAB2A4E23B0EB34EA4
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.28198271701768
Encrypted:false
SSDEEP:
MD5:CFD9F9C514DFB39DBDED005ABDE97194
SHA1:15120E4D9FD9114A4C7650C675B54BA271FC0810
SHA-256:C001AE3D40CFFD9783A78F9EC9D04E72F675EE48DFBA13C747B64DECCDE69EF6
SHA-512:3C92CB6B5FD33FCC607421A9065BC59D84505E06B6FC6198FC25573B3F218818C9F0E7C9470E7A0FBE16D08D5860B0FBE111EAF00E21CA07DF3D39E0EAE39090
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.3033261162803
Encrypted:false
SSDEEP:
MD5:D85E3198C9C3225D4F1EAE093DEC1663
SHA1:394F6466A98A03EA0E99A6B58401632EDD53FAD9
SHA-256:8E5D9E70B81808082B40F85679DDFA5603F5B9A2BCB1CAE565EB2AFDECEB05C0
SHA-512:93237EDBEC4C061CF65E458BE838AD3DF99FF72DC401583406E61598649976AB2147F6BC76E604269705AA13104AC71335AA72B778A5EE4F7EB4B2C0E6716243
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):286
Entropy (8bit):5.258321142713977
Encrypted:false
SSDEEP:
MD5:E7E71DA7B5569092883FEAC586F33ABD
SHA1:7C454929B77EE009A1F979A427587F63E06B3C17
SHA-256:E6083CF47B70934F5350A7440DD9317C1FF78D24F5D674B51701342B38F12C25
SHA-512:160270F2A7D460C497F14B2D50815F19DC8F981E12C0E5B3BD00E7596C6C8062DAE12C291B05A6452C7224A69D6F2A50F3F3708D54E087F7549E92F308AA6DD8
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.365256493908195
Encrypted:false
SSDEEP:
MD5:F6F2D3CEFCBA6946DE58580A18C3D770
SHA1:87D01800668B9AA81870FD193BFD50F962F3F550
SHA-256:C17A2E814DCF626D08DE2C972B40A11DC20842E7EB3C522013CD0F8F24A9FC5F
SHA-512:8C8BBBFEEB285439DF0AE1D60FE0E1749E2034AA2BC96369B445E772CFE2ABAF1BC22CDA7861036E8522556065795D26D23BB5D67F0BEE0BEF39D3F87E5831CF
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"05c54bfc-dce2-48a5-baf8-528b04915767","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1711793811001,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1711620981032}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Reputation:unknown
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2813
Entropy (8bit):5.117795620962445
Encrypted:false
SSDEEP:
MD5:D04B66BA5CB51035B38C9E52507A823A
SHA1:53C46203C98C4236D2EF720600393C43E83F9D09
SHA-256:7106698E88E4E89E62AB290E86FD37F37E6E4EB5FFD1870C0DD28C6909F09288
SHA-512:222F4355DCD13BAC0D646E680309DC346E9790D84E962DA0841CC2360C6D537742E20B8E3CE3CD1DA2DD57DADAC1DC69EBAFFE4DBA880423CF8BB0387625D3EC
Malicious:false
Reputation:unknown
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"020b72dfa3b30e48b932fa84b2ce78b1","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1711620981000},{"id":"Edit_InApp_Aug2020","info":{"dg":"961a3ba8011791ee11652a3f3ceb4b2b","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1711620980000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"fd568cdd746957b4069a738a7e28f85b","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1711620980000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e01076f9aaace11eb931e191a0ca5ed7","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1711620980000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"aa29a90a2005cdad62464c9ab724bb82","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1711620980000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"a1adbc9e953fcb1eeb4ee339ce00f1ec","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1711620980000},{

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
Category:dropped
Size (bytes):12288
Entropy (8bit):1.3567835044543257
Encrypted:false
SSDEEP:
MD5:DDA90ABD7A12F54979081C045C1D8140
SHA1:CD7DAD1134EF114114EA7681494918E12750B1B6
SHA-256:59D0C529B52ACCAECB50FBA23B3505DEAFEAD82E281AEF43D9DBB49075400383
SHA-512:6606614E6A158F74BBB2CAB13748E9B1ECA217C806B90835560F03D1858551DAA5D4ABD17939649E4D2410124A43B2005DF63654E95AF498FBE583AAFA0286CB
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.8316213608837069
Encrypted:false
SSDEEP:
MD5:4D843FC8F9155A4BFC1DA16A8F19AE58
SHA1:1EB5AD161BEC8064D84F392DA910523B449D406C
SHA-256:FC0043C2C96F5CF0DEE06937EC31FE7B1B1CDF4A09CEF079FD6BEF01D5454CEF
SHA-512:27547D6F6629D723DFB49B056A91B663E7B9BB23310C07DB9422EBF9D940EB1605BE6A5892D7210B6829B582DCB2A09BD718774BB6BBA1D47EF62C557BABF436
Malicious:false
Reputation:unknown
Preview:.... .c.....>........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):66726
Entropy (8bit):5.392739213842091
Encrypted:false
SSDEEP:
MD5:89263432F17285883382331937B5C832
SHA1:E7AFB98BA1DEF23E50BB174DB7D53D7B1D95A875
SHA-256:B6E8D5337702BD18336F3454431A60D485EE5B96AA1EBC41583F4008AF7AC0A3
SHA-512:67325423D9B5AFF543A56C1C008ED4665DA68F8B9110903935CC567FB2F445CD8EAFBC6D882BBBB01AF8DE3376B657D60B71A12340E5A83D12BFF3EC47C4434D
Malicious:false
Reputation:unknown
Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):231348
Entropy (8bit):4.37388171864284
Encrypted:false
SSDEEP:
MD5:023AFBA09E21DCD8DEAEDD669DC0F21D
SHA1:C10F92BB5143317AC75D105384A71D4DD31291F6
SHA-256:E7EBFD1B8575D22A8FD8689BDFB8DDFF197E46429CF330FAB0C82DCA4C65DA92
SHA-512:4033DF74FB41AB614F55AE7F53D5EE9E52548883336CFCF506E5C41D0A7036BF034B84378EC14D20E7916E8F67470B459EF78E7F3197DFA37F470DD795F5381C
Malicious:false
Reputation:unknown
Preview:TH02...... .p.t.........SM01X...,....Sf.............IPM.Activity...........h...............h............H..h$.s.....mFy....h........`v..H..h\tor ...AppD...h ...0.....s....hm@.x...........h........_`fj...h.A.x@...I.+w...h....H...8.kj...0....T...............d.........2h...............k\.F.....M.S...!h.............. hC........s...#h....8.........$h`v......8....."h@nc......lc...'h..............1hm@.x<.........0h....4....kj../h....h.....kjH..h....p...$.s...-h ........s...+h._.x......s................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.04599539242052959
Encrypted:false
SSDEEP:
MD5:870D06C926EDFED682251396A048E237
SHA1:13148B3C268F996F9D44914AC5F4869017D1A4EE
SHA-256:8AB3EDDE7B9075E983F8D3E4DDBBE672E0D094C46D78155DABAF0B0133412C73
SHA-512:079E8F5829B0A0D3FF04F9B545C898A34463E80E0ABFE948B60DEE4AC6B57DA2F4EE367A3041A0A7F84CF8AC30ECB64F8BCE6D6BA0926E70828B4B3EF0CEA8CB
Malicious:false
Reputation:unknown
Preview:..-.........................a.E".DX5.9./F.%$.....-.........................a.E".DX5.9./F.%$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Write-Ahead Log, version 3007000
Category:modified
Size (bytes):49472
Entropy (8bit):0.48374519358674806
Encrypted:false
SSDEEP:
MD5:F419BB7CD4689DF501B8E0F93D8DBB45
SHA1:E0FF9415FB542B32A186ED2CE85FED344C045FA2
SHA-256:2F010BDC77A29FC904252710E173F6EDB3E3F33BE51559788635ED74DB5C73AC
SHA-512:297B0AE908DC5992E612F688B16328D478943BE43667721EDAF3629A71F8396668DC01F59743C3112DF99C3CF9166D074E67E57D712EA57D5B20456E3361A219
Malicious:false
Reputation:unknown
Preview:7....-...........DX5.9..?G.I.YW.........DX5.9...L..G..SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W8J1AZEM\Proof of payment1 (002).pdf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:PDF document, version 1.4, 1 pages
Category:dropped
Size (bytes):684738
Entropy (8bit):7.9996303139448734
Encrypted:true
SSDEEP:
MD5:93BC0A018C0A3D0AE5A9D5F3FC2DC008
SHA1:313F766252B878126070DBDD40C236B87EDF358D
SHA-256:BAF013BC55FDEDC2A79ED9663F5FDA08D0D3C52DC652EF0C7CE993A2C8DA5928
SHA-512:37809FAD1743BA52956C6BD7BE8DDA4028710F01C89C02E4E074ED3199B9E0354CCCBCC1B30307ABC9066DD41A588CE902B3B919B8D2272D8DC428D8A547BF3A
Malicious:false
Reputation:unknown
Preview:%PDF-1.4.%....1 0 obj.<</Linearized 1/L 684738/H[684489 179]/O 5/E 684668/N 1/T 684673>>.endobj..................................................xref.1 14.0000000016 00000 n .0000000797 00000 n .0000000849 00000 n .0000001050 00000 n .0000001096 00000 n .0000001325 00000 n .0000001559 00000 n .0000025189 00000 n .0000644767 00000 n .0000644792 00000 n .0000644940 00000 n .0000644980 00000 n .0000645017 00000 n .0000684489 00000 n ..trailer.<</Size 15/Info 3 0 R/Root 4 0 R/ID[<2ACC267D4CBE455AF640E4A707A84692><3F8DE401CE8505297609F6405F75E74A>]/Encrypt<</Filter/Standard/R 2/V 1/Length 40/P -4/EncryptMetadata true/O<2055C756C72E1AD702608E8196ACAD447AD32D17CFF583235F6DD15FED7DAB67>/U<CB28B92FE69C58041F2A631403BECF3361206441FBCE820E5B9EF0AD077E4901>>>/Prev 684668>>.startxref.0.%%EOF......2 0 obj.<</Type/Pages/Count 1/Kids[5 0 R]>>.endobj..3 0 obj.<</Creator<591A8FC88250B0CB>/Producer<491994C6C06981E0BC7535E5B5>/CreationDate<5E48CF97DD0AF497AE2034E3B819137AC5661F78841F00>/ModDate<5E48CF97

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\W8J1AZEM\Proof of payment1 (002).pdf:Zone.Identifier

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with CRLF line terminators
Category:modified
Size (bytes):26
Entropy (8bit):3.95006375643621
Encrypted:false
SSDEEP:
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:false
Reputation:unknown
Preview:[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1711620897227920200_D839103C-D2DB-47D4-B619-71C7268623DD.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (28769), with CRLF line terminators
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.1598185003547992
Encrypted:false
SSDEEP:
MD5:07A5DC05EBD6AB635455A74182D08F6D
SHA1:8567DF72574CBB674A8144C55B40BE8CA3715691
SHA-256:068A09BA9C9AAA661575E37230E2B94344FCFD9248F57CA9824CDBAEE657B0DE
SHA-512:05626F0FD6334D44C33E4E85A0691F2AA552645FB47B408AAC0370DD0D0E8848BCBD0B760F83D9BE53079F47A56663AEDA1DEB2D414977F3D588480BD22C879D
Malicious:false
Reputation:unknown
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..03/28/2024 10:14:57.933.OUTLOOK (0x1108).0x1C8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2024-03-28T10:14:57.933Z","Contract":"Office.System.Activity","Activity.CV":"PBA52NvS1Ee2GXHHJoYj3Q.4.11","Activity.Duration":17,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...03/28/2024 10:14:58.093.OUTLOOK (0x1108).0x1C8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2024-03-28T10:14:58.093Z","Contract":"Office.System.Activity","Activity.CV":"PBA52NvS1Ee2GXHHJoYj3Q.4.12","Activity.Duration":35867,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVe

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1711620897228608400_D839103C-D2DB-47D4-B619-71C7268623DD.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI60b94.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.5209238895127717
Encrypted:false
SSDEEP:
MD5:61ED037F878DC35628ACCEFC3A691FB5
SHA1:0DA910B99E0CF5AAB2B0C2D722DFA3DF43634841
SHA-256:158750D782D57F8266D672770B74E7DD6F01D0BF41EC4358527E801CAE16D6A6
SHA-512:48230857DB8E8D05E3BF65D57DA3F5532A6486F2E87C9E305868A4FDE8E4A9529B6E64068EBA7FE75D190EE70560095C7B73665565F41F8D7742AF5528A3BA03
Malicious:false
Reputation:unknown
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.8./.0.3./.2.0.2.4. . .1.1.:.1.6.:.2.3. .=.=.=.....

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240328T1114560643-4360.etl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:modified
Size (bytes):94208
Entropy (8bit):4.482750161874205
Encrypted:false
SSDEEP:
MD5:95E0223D36DFC613283CEF0F2B068132
SHA1:ECF5DB770C2B9900101153C14EE7DF024C781204
SHA-256:EDB33A8E668D0D48ACE14D8F2D3CC0DA51CE75D0B8ED84AF53DE90F3AE55C0E5
SHA-512:08CD557CF334F0C4D422AE1DF9396AFDDF26DB3103A67687615307CE869C7A15A97933AB460199093544E86CB3B2806789CD1C92646FBCDE019C08A8BC5EB78C
Malicious:false
Reputation:unknown
Preview:............................................................................d...................................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...............................................................Y..........................v.2._.O.U.T.L.O.O.K.:.1.1.0.8.:.7.3.1.4.1.5.4.0.f.0.3.0.4.e.a.b.8.8.e.8.d.b.8.8.1.3.5.4.8.7.a.5...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.3.2.8.T.1.1.1.4.5.6.0.6.4.3.-.4.3.6.0...e.t.l...........P.P.................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-28 11-16-18-322.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.359827924713262
Encrypted:false
SSDEEP:
MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
Malicious:false
Reputation:unknown
Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):15111
Entropy (8bit):5.370313203458317
Encrypted:false
SSDEEP:
MD5:578F36711D5F79C728C89DBAFA22187D
SHA1:84991D3CB4DA4B169997449A7BB87CC67C94A5E0
SHA-256:4ACED40C29453513303DE3051382557787B0886E1662AD886732662B5619FF6B
SHA-512:D89D70A5508A4CD67B3E3B551B5FE3A5FBBF65BE89EB09753EFB4A552C6FFD231E0F017FAC2FFCBDB5AA99EB79FD9E7C6A9995C5CC8D38755180C6CF28E11006
Malicious:false
Reputation:unknown
Preview:SessionID=bab95084-ecba-4d96-9930-d41c1e53d8b2.1711620978332 Timestamp=2024-03-28T11:16:18:332+0100 ThreadID=2932 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=bab95084-ecba-4d96-9930-d41c1e53d8b2.1711620978332 Timestamp=2024-03-28T11:16:18:334+0100 ThreadID=2932 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=bab95084-ecba-4d96-9930-d41c1e53d8b2.1711620978332 Timestamp=2024-03-28T11:16:18:334+0100 ThreadID=2932 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=bab95084-ecba-4d96-9930-d41c1e53d8b2.1711620978332 Timestamp=2024-03-28T11:16:18:334+0100 ThreadID=2932 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=bab95084-ecba-4d96-9930-d41c1e53d8b2.1711620978332 Timestamp=2024-03-28T11:16:18:335+0100 ThreadID=2932 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):35721
Entropy (8bit):5.4248638526234165
Encrypted:false
SSDEEP:
MD5:FA75B7F80A048C8D6DDEB141CC8F406A
SHA1:34FAE7BE838018FE3A22D7CFF5702A4291DD0D82
SHA-256:02DD718931A5728F357A877419E8B0CC6832DC1ABC02E1A5E4D9C5B2241C9476
SHA-512:F3B9ECD0A90729E180EA237B97508F99D502D75778974E814094A775014BC2504E465B720EDDC4E527601678F556BA0575172BBF9263225199731E7E7DC281A6
Malicious:false
Reputation:unknown
Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\154629d7-965b-46f1-a048-8bc4e6ce39e6.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
Category:dropped
Size (bytes):543911
Entropy (8bit):7.977303608379539
Encrypted:false
SSDEEP:
MD5:5B21A6981E55EF9576D169BBED44BCDB
SHA1:B3A14100B7E7C2C01D61B010A54937952D111E20
SHA-256:9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E
SHA-512:FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1
Malicious:false
Reputation:unknown
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\8e199a1e-f930-49db-906c-2be6b052fcb4.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Reputation:unknown
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\cb7953a7-89b9-45b2-9f70-18354892330a.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:
MD5:959551B2D2C128135D015E3C76ED2474
SHA1:E40DEC35C10D5642AE54673E32FE0ABC250767FD
SHA-256:C86FB54AFC2BF0B60A9AB2E83AF033AEC25893004E5E72CA54F8D74DA5DCFA99
SHA-512:D10BC060B64AF49575044A29FB3CB5A7E0F3C2451F748881C96296DD2AC5E35CEE9CFEE41B394F4E81FC24B102F140D1A6F0602B7512DF87C958421E439DFC63
Malicious:false
Reputation:unknown
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\eccf1eaa-f5fe-448b-a9a6-c839e51df8b2.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:
MD5:774036904FF86EB19FCE18B796528E1E
SHA1:2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
SHA-256:D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
SHA-512:9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
Malicious:false
Reputation:unknown
Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\f654fd22-f2be-4725-b239-b77c8c202512.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:
MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:false
Reputation:unknown
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\~DF841761C6562CA492.TMP

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):163840
Entropy (8bit):0.3605242704148536
Encrypted:false
SSDEEP:
MD5:1831D364CF5EB13009E0968D8DE55AE2
SHA1:BD3E8DA639DC79315F97B3F6D12B0B45F7AE2C56
SHA-256:775188444EE262A17F6177EA1360A64DD4E1C479F28889715BA9596B2D6C16B8
SHA-512:5B5B7A64F32A4BDDE1877568F4FF8467B49E00644A48B78079449C5E690D3E6BF162331E127261BA3D0FED29468151618F9A505592C68EFAAF5FE6F3868B3522
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):30
Entropy (8bit):1.2389205950315936
Encrypted:false
SSDEEP:
MD5:462AAB6727EBAC030C55B0E742BED3C1
SHA1:8A92B30C5B84CD6BECDC56E56E4D9F176B5D9A04
SHA-256:D2FBD75259EFCAC8568B27B0F219E63E7B23CC9C5BD9F05B90358795B6A517D4
SHA-512:A722350FD924E0073D61C7E54EFF800FFB68AB01E0EEADBC4C6CF1B0F351F4E5989234AE1C977CD442877B25C8ED830BE61C0FA960C4314EDD186B6ADFF74542
Malicious:false
Reputation:unknown
Preview:..............................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Outlook email folder (>=2003)
Category:dropped
Size (bytes):271360
Entropy (8bit):1.330903668971165
Encrypted:false
SSDEEP:
MD5:F2F7D1B51E64AB84446F869C7A9F7BE4
SHA1:14F6F561EFDA44A94073BAD17E8165C1BF1FCCCC
SHA-256:E1DFF924965255DAAF6AEB3C638DFD1D344A500EC7D65AD9CD79D9CE326CE062
SHA-512:F0B74F9C7D5D4F0E6B1681C9C440CB6FBD3CF3513769753C06303B005CD3683E56264A0B3182663B8DC9A9FF7D6116279CAB596DA24DF944274EF7A8136A0977
Malicious:false
Reputation:unknown
Preview:!BDN2...SM......\..............2.......T................@...........@...@...................................@...........................................................................$.......D.......L..............................1...................................................................................................................................................................................................................................................................................................V.9........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):1.1269322161114932
Encrypted:false
SSDEEP:
MD5:6646643DF4EF8A3CF96242BD9247177C
SHA1:D1E4213573BDF0A8F038608C2EB0A781BD891BCA
SHA-256:F108B9D27F5DAC0C0831E866A3C6873F57780D21651BD5FE30261666EA294665
SHA-512:37377E87AC57FBB34BD851FAE47B9B228A2C7F30A02E56D839D9E10C0580AE338A78FF261384A01720479418D9E247C40D95F48072300C2E9902728BE63E1643
Malicious:false
Reputation:unknown
Preview:...sC...S...........5.r.......................#.!BDN2...SM......\..............2.......T................@...........@...@...................................@...........................................................................$.......D.......L..............................1...................................................................................................................................................................................................................................................................................................V.9....5.r..........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:modified
Size (bytes):403156
Entropy (8bit):5.359661884149977
Encrypted:false
SSDEEP:
MD5:6980CD549D888E1605DB286B8423D7E1
SHA1:0A9BAA961706E9AD9B8D90330AC9E021E5E2C034
SHA-256:5744AB6D2BD67963190BC672562CB8D7077DFCBE330A78F0294552CF28A9DC76
SHA-512:BDDB9FCE22E1D4B123639FC124B91C7E962ABFBC31C5D6FF84FA62DBB36D66EB9C647DFDC7EE69C47CCFE4CF62B6FD813BBB8BCFECDD7F44082A2A52365CAFD4
Malicious:false
Reputation:unknown
Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

Static File Info

General

File type:CDFV2 Microsoft Outlook Message
Entropy (8bit):7.8939388357975915
TrID:
  • Outlook Message (71009/1) 58.92%
  • Outlook Form Template (41509/1) 34.44%
  • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:payment copy1.msg
File size:735'744 bytes
MD5:306d43c45f56e82c50e88c8f143eff94
SHA1:c1a3c2600dce514e693cf15926648a0a74d26103
SHA256:a97bd6db02f1a4f0ff8ac78f03e6c014baf6c2c0804e2c9b725691b3d1779834
SHA512:6b05bd7099fc96088d154a57155127c851d6ccf4e861239b40a75bafb05af013d2cd2559d3d5357982b27a8b8cc9b9337dfcc790e173a4679d7d95d11916a244
SSDEEP:12288:afHcjt9DibvFYe7lA7Z/ZJV2k/za8+HPCy4q7IVLLPQFu9moPedQvfW:csyvioA7BV2krapHPCy4q7yLjzmMeCW
TLSH:BEF41252B1DA0B06F177AF3558E2D0939926BC42AF39C15F2286730F05B2B91D9F1B1E
File Content Preview:........................>.......................................................S...T...U...V...W...X...Y...Z...[...\...]......................................................................................................................................

Static Mail

General

Subject:payment copy1
From:"info" <cs@ubakanma.com>
To:Recipients <cs@ubakanma.com>
Cc:
BCC:
Date:Thu, 28 Mar 2024 06:22:01 +0100
Communications:
  • This email is from an External Sender and contains a potentially unsafe attachment. Please confirm senders email address before opening attachment. If unsure contact IT Support for assistance. Sincerely Dotcloud. Good day, Kindly find attached your invoice. Please use DEVM07 as your payment or support call reference. Kindly note all payments need to reflect by the 15th of the month. If you are a debit order client, please do not pay this invoice as it is for record purposes only. Need Support? Please contact our Support Desk SMS and Whatsapp number is 060 070 2283 Telegram https://telegram.me/TCSWiFibot Email support@tcswifi.co.za
Attachments:
  • Proof of payment1.pdf

Headers

Key Value
Receivedfrom mail.ubakanma.com ([185.196.10.184])
15.1.2507.37 via Mailbox Transport; Thu, 28 Mar 2024 1003:38 +0200
15.1.2507.37; Thu, 28 Mar 2024 1003:36 +0200
15.1.2507.37 via Frontend Transport; Thu, 28 Mar 2024 1003:36 +0200
by mx300.antispamcloud.com with esmtps (TLSv1.3TLS_AES_256_GCM_SHA384:256)
for batie@slmlaw.co.za; Thu, 28 Mar 2024 0903:33 +0100
DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; s=dkim; d=ubakanma.com;
h=Content-TypeMIME-Version:Subject:To:From:Date; i=cs@ubakanma.com;
Content-Typemultipart/mixed; boundary="===============0073245868=="
MIME-Version1.0
Subjectpayment copy1
ToRecipients <cs@ubakanma.com>
From"info" <cs@ubakanma.com>
DateWed, 27 Mar 2024 22:22:01 -0700
Authentication-Resultsantispamcloud.com; dkim=pass header.i=ubakanma.com; dkim=pass header.i=cs@ubakanma.com
X-Spampanel-Classunsure
X-Spampanel-EvidenceCombined (0.20)
X-Recommended-Actionaccept
X-Filter-ID8G1aH+8yearZuN6N5+X5bm6KuAmzEgFjeXz34jnHp0woGjNPtzbdf+7GR8HTYQGN7U9QAI9zNavG
X-Report-Abuse-Tospam@quarantine16.antispamcloud.com
Message-ID<11407959-7a85-4a1e-9c17-919f816ca86f@DCEXCCAS02.cloudcontrl.com>
Return-Pathcs@ubakanma.com
X-MS-Exchange-Organization-Network-Message-Idedc1d381-58f7-46cf-e1a4-08dc4efd9215
X-MS-Exchange-Organization-AVStamp-Enterprise1.0
X-C2ProcessedOrgb871e11f-2424-4379-a75e-a1a8bfbe8592
X-MS-Exchange-Organization-AuthSourceDCEXCCAS02.cloudcontrl.com
X-MS-Exchange-Organization-AuthAsAnonymous
X-MS-Exchange-Transport-EndToEndLatency00:00:02.5574624
X-MS-Exchange-Processed-By-BccFoldering15.01.2507.037
dateThu, 28 Mar 2024 06:22:01 +0100

File Icon

Icon Hash:c4e1928eacb280a2