Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Request For Quotation (RFQ)_ RFQ2400598.eml

Overview

General Information

Sample name:Request For Quotation (RFQ)_ RFQ2400598.eml
Analysis ID:1428869
MD5:d1877952c89684b362caf92b6a34477b
SHA1:eabadeefaf4bf7fa7df2b8d0aa1bb4fb4d50d3e5
SHA256:61bacabab5ca1289167090a37b32c940a9fd892bffdf10e0e0cccabac3557eae
Infos:

Detection

Score:4
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Detected clear text password fields (password is not hidden)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Phishing site detected (based on OCR NLP Model)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6312 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Request For Quotation (RFQ)_ RFQ2400598.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1504 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FDFCBF6C-301D-4498-AEFF-487513A4AFB9" "4BC47D0A-1AFA-4E2C-B133-A29D3D538865" "6312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 6288 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\03UIW9HD\RFQ2400598_0000063414_20240419161746.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 3364 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 7248 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1564,i,8300883172976244484,15640572082357883666,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 7948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?enc=20ADE221D3ACAC68BCB8A062575F01B5B2C412DEA468C864C57B7DF6E845C68CC237468EE52EE58B8255551025EC0B65849C2C1CE6B6023646A6B4AB5C53930E30BA5E14F9B6240EA9A4DCCF0AE46D91 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 8172 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1984,i,12791824266530776244,14028941170034293688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6312, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\03UIW9HD\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6312, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?sid=732b52e0-73cf-4307-b156-81fb10fbdb28&enc=20ADE221D3ACAC68BCB8A062575F01B5B2C412DEA468C864C57B7DF6E845C68CC237468EE52EE58B8255551025EC0B65849C2C1CE6B6023646A6B4AB5C53930E30BA5E14F9B6240EA9A4DCCF0AE46D91HTTP Parser: <input type="text"... for password input
Source: Chrome DOM: 0.0ML Model on OCR Text: Matched 98.7% probability on "DSO Supplier / Contractor Portal so Welcome, OFS FITEL DENMARK Aps Quotation Submission for RFQ2400598 Note that the closing date for this RFQ is on 26/04/2024 (UTC + 8) O Enter your particulars Enter your name * Enter your Email * Get OTP via Email here to receive your one-time password (OTP) via Email. O Enter the OTP OTP * Select and upload your quotation file(s) Select a quotation file Note that the file format must tk in PDF and the maximum total file size is 1014B. lbmit "
Source: https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?sid=732b52e0-73cf-4307-b156-81fb10fbdb28&enc=20ADE221D3ACAC68BCB8A062575F01B5B2C412DEA468C864C57B7DF6E845C68CC237468EE52EE58B8255551025EC0B65849C2C1CE6B6023646A6B4AB5C53930E30BA5E14F9B6240EA9A4DCCF0AE46D91HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.28.14:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 184.25.164.138 184.25.164.138
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WGcSN3OHPcpeTDp&MD=RAVVrOdY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WGcSN3OHPcpeTDp&MD=RAVVrOdY HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: unknownDNS traffic detected: queries for: extapp.dso.org.sg
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4722Host: login.live.com
Source: chromecache_206.17.drString found in binary or memory: http://bassistance.de/jquery-plugins/jquery-plugin-validation/
Source: chromecache_206.17.drString found in binary or memory: http://docs.jquery.com/Plugins/Validation
Source: chromecache_208.17.drString found in binary or memory: http://plugins.learningjquery.com/cluetip/
Source: chromecache_208.17.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: chromecache_215.17.dr, chromecache_209.17.dr, chromecache_212.17.dr, chromecache_200.17.dr, chromecache_198.17.dr, chromecache_214.17.drString found in binary or memory: http://www.telerik.com/kendo-ui)
Source: chromecache_215.17.dr, chromecache_209.17.dr, chromecache_212.17.dr, chromecache_200.17.dr, chromecache_198.17.dr, chromecache_214.17.drString found in binary or memory: http://www.telerik.com/purchase/license-agreement/kendo-ui-complete
Source: Request For Quotation (RFQ)_ RFQ2400598.eml, ~WRS{FD96D24F-17DD-4E5C-9405-4172EB113E4F}.tmp.1.drString found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: 487c501e-2d80-4577-a3a6-8aa59bd038eb.tmp.14.dr, f15b71e7-dd20-4a44-ab47-ef13bfc62bfc.tmp.14.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: Request For Quotation (RFQ)_ RFQ2400598.emlString found in binary or memory: https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?enc=20ADE221D3ACAC68BCB8A062575F01B5B2C4
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.28.14:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: classification engineClassification label: clean4.winEML@34/115@6/4
Source: RFQ2400598_0000063414_20240419161746 (002).pdf.1.drInitial sample: mailto:dso-wb@rsmethos.com
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240419T1843130290-6312.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Request For Quotation (RFQ)_ RFQ2400598.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FDFCBF6C-301D-4498-AEFF-487513A4AFB9" "4BC47D0A-1AFA-4E2C-B133-A29D3D538865" "6312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\03UIW9HD\RFQ2400598_0000063414_20240419161746.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1564,i,8300883172976244484,15640572082357883666,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?enc=20ADE221D3ACAC68BCB8A062575F01B5B2C412DEA468C864C57B7DF6E845C68CC237468EE52EE58B8255551025EC0B65849C2C1CE6B6023646A6B4AB5C53930E30BA5E14F9B6240EA9A4DCCF0AE46D91
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1984,i,12791824266530776244,14028941170034293688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FDFCBF6C-301D-4498-AEFF-487513A4AFB9" "4BC47D0A-1AFA-4E2C-B133-A29D3D538865" "6312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\03UIW9HD\RFQ2400598_0000063414_20240419161746.pdf"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?enc=20ADE221D3ACAC68BCB8A062575F01B5B2C412DEA468C864C57B7DF6E845C68CC237468EE52EE58B8255551025EC0B65849C2C1CE6B6023646A6B4AB5C53930E30BA5E14F9B6240EA9A4DCCF0AE46D91Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1564,i,8300883172976244484,15640572082357883666,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1984,i,12791824266530776244,14028941170034293688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: Google Drive.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.15.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1428869 Sample: Request For Quotation (RFQ)... Startdate: 19/04/2024 Architecture: WINDOWS Score: 4 7 OUTLOOK.EXE 513 124 2->7         started        file3 25 C:\...\~Outlook Data File - NoEmail.pst.tmp, DOS 7->25 dropped 10 chrome.exe 8 7->10         started        13 Acrobat.exe 66 7->13         started        15 ai.exe 7->15         started        process4 dnsIp5 33 192.168.2.16, 137, 138, 443 unknown unknown 10->33 35 239.255.255.250 unknown Reserved 10->35 17 chrome.exe 10->17         started        20 AcroCEF.exe 106 13->20         started        process6 dnsIp7 27 www.google.com 74.125.136.147, 443, 49742 GOOGLEUS United States 17->27 29 extapp.dso.org.sg 17->29 22 AcroCEF.exe 6 20->22         started        process8 dnsIp9 31 184.25.164.138, 443, 49743 BBIL-APBHARTIAirtelLtdIN United States 22->31

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
74.125.136.147
truefalse
    		high
    extapp.dso.org.sg
    		unknown
    		unknownfalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?sid=732b52e0-73cf-4307-b156-81fb10fbdb28&enc=20ADE221D3ACAC68BCB8A062575F01B5B2C412DEA468C864C57B7DF6E845C68CC237468EE52EE58B8255551025EC0B65849C2C1CE6B6023646A6B4AB5C53930E30BA5E14F9B6240EA9A4DCCF0AE46D91false
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://chrome.cloudflare-dns.com487c501e-2d80-4577-a3a6-8aa59bd038eb.tmp.14.dr, f15b71e7-dd20-4a44-ab47-ef13bfc62bfc.tmp.14.drfalse
        • URL Reputation: safe
        		unknown
        http://www.opensource.org/licenses/mit-license.php)chromecache_208.17.drfalse
          		high
          http://plugins.learningjquery.com/cluetip/chromecache_208.17.drfalse
            		high
            https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?enc=20ADE221D3ACAC68BCB8A062575F01B5B2C4Request For Quotation (RFQ)_ RFQ2400598.emlfalse
              		unknown
              http://bassistance.de/jquery-plugins/jquery-plugin-validation/chromecache_206.17.drfalse
                		high
                http://www.telerik.com/purchase/license-agreement/kendo-ui-completechromecache_215.17.dr, chromecache_209.17.dr, chromecache_212.17.dr, chromecache_200.17.dr, chromecache_198.17.dr, chromecache_214.17.drfalse
                  		high
                  http://docs.jquery.com/Plugins/Validationchromecache_206.17.drfalse
                    		high
                    http://www.telerik.com/kendo-ui)chromecache_215.17.dr, chromecache_209.17.dr, chromecache_212.17.dr, chromecache_200.17.dr, chromecache_198.17.dr, chromecache_214.17.drfalse
                      		high
                      https://aka.ms/LearnAboutSenderIdentificationRequest For Quotation (RFQ)_ RFQ2400598.eml, ~WRS{FD96D24F-17DD-4E5C-9405-4172EB113E4F}.tmp.1.drfalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        184.25.164.138
                        		unknownUnited States
                        		9498BBIL-APBHARTIAirtelLtdINfalse
                        239.255.255.250
                        		unknownReserved
                        		unknownunknownfalse
                        74.125.136.147
                        		www.google.comUnited States
                        		15169GOOGLEUSfalse

                        Private

                        IP
                        192.168.2.16

                        General Information

                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1428869
                        Start date and time:2024-04-19 18:42:39 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 3m 52s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:23
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Request For Quotation (RFQ)_ RFQ2400598.eml
                        Detection:CLEAN
                        Classification:clean4.winEML@34/115@6/4
                        EGA Information:Failed
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        Cookbook Comments:
                        • Found application associated with file extension: .eml

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.4.7, 20.42.65.94, 184.31.60.185, 52.202.204.11, 54.227.187.23, 52.5.13.197, 23.22.254.206, 162.159.61.3, 172.64.41.3, 74.125.138.94, 172.217.215.113, 172.217.215.139, 172.217.215.138, 172.217.215.101, 172.217.215.102, 172.217.215.100, 142.250.105.84, 104.18.12.51, 104.18.13.51, 34.104.35.123, 173.194.219.95, 64.233.176.95, 108.177.122.95, 172.253.124.95, 142.250.105.95, 172.217.215.95, 142.251.15.95, 74.125.136.95, 64.233.185.95, 64.233.177.95, 142.250.9.95, 74.125.138.95, 23.34.82.7, 23.34.82.6
                        • Excluded domains from analysis (whitelisted): extapp.dso.org.sg.cdn.cloudflare.net, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, us1.odcsm1.live.com.akadns.net, odc.officeapps.live.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, clients2.google.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, osiprod-eus2-bronze-azsc-000.eastus2.cloudapp.azure.com, ecs.office.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, acroipm2.adobe.com.edgesuite.net, p13n.adobe.io, s-0005-office.config.skype.com, onedscolprdeus23.eastus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, eus2-azsc-000.odc.officeapps.live.com, edgedl.me.gvt1.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, clients.l.google.com, geo2.adobe.com, prod.odcsm1.live.com.akadns.net, mobile.events.data.trafficmanager.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtSetValueKey calls found.
                        • VT rate limit hit for: Request For Quotation (RFQ)_ RFQ2400598.eml

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        184.25.164.138ppop_verification_request.zipGet hashmaliciousUnknownBrowse
                          Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                            file.pdf.download.lnkGet hashmaliciousUnknownBrowse
                              Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                Re_ Medina County Kitchen.emlGet hashmaliciousUnknownBrowse
                                  oiDDogdK9A.exeGet hashmaliciousLokibot, PureLog Stealer, zgRATBrowse
                                    New_Order.xlsGet hashmaliciousUnknownBrowse
                                      https://enfoldindia.org/wp-content/uploads/2019/06/Restorative-Circle-Handbook-for-CCI.pdfGet hashmaliciousUnknownBrowse
                                        TaxForm.lnkGet hashmaliciousDarkGate, MailPassViewBrowse
                                          https://ntnusa0-my.sharepoint.com/:f:/g/personal/ajaronik_ntnusa_com/EjzRads0Sf5Ivon47-zBKVABS1TZOI64W6Uv34YFqNQjmQ?e=NuZrjrGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                            239.255.255.250https://wetransfer.com/downloads/63408c72b6333965afb0118ce81f53d220240419112437/2452e85458854b24e1ec42e87285f82420240419112457/7d30d1?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousHTMLPhisherBrowse
                                              https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0DGet hashmaliciousHTMLPhisherBrowse
                                                https://docx-nok.online/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                  https://download-myproposal.xyzGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                    https://royaltattoo.in/js/kalexander@yourlawyer.comGet hashmaliciousPhisherBrowse
                                                      https://www.dropbox.com/l/scl/AADwcgxTbjuvzakz6kszZMzP6RXavhxhixQGet hashmaliciousHTMLPhisherBrowse
                                                        https://cionfacttalleriproj.norwayeast.cloudapp.azure.com/?finanzas.busqueda?q=Secretar%C3%ADa+de+Administraci%C3%B3n+y+Finanzas?30337974_3097_705331937556-157889157889770732479410588494105884Get hashmaliciousHTMLPhisherBrowse
                                                          https://cosantinexi.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                            https://diversityjobs.com/employer/company/1665/Worthington-Industries-IncGet hashmaliciousUnknownBrowse
                                                              https://app.box.com/s/ktl5qtvf2us1megbgmjabwqaxcdy69b5Get hashmaliciousUnknownBrowse

                                                                Domains

                                                                No context

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                BBIL-APBHARTIAirtelLtdINppop_verification_request.zipGet hashmaliciousUnknownBrowse
                                                                • 184.25.164.138
                                                                https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:24e81d17-b801-4fad-ae25-120d655923c5Get hashmaliciousRemcosBrowse
                                                                • 23.209.188.17
                                                                Proposal Invitation_ Proposal is Due by the EOB May 15.emlGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                • 184.25.164.138
                                                                file.pdf.download.lnkGet hashmaliciousUnknownBrowse
                                                                • 184.25.164.138
                                                                Factura_SA161.pdf.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                • 184.25.164.138
                                                                Ud310iQZnO.elfGet hashmaliciousMiraiBrowse
                                                                • 182.74.25.30
                                                                tWpGuzQQoW.elfGet hashmaliciousMiraiBrowse
                                                                • 122.185.203.209
                                                                kGbjOmkleq.elfGet hashmaliciousMiraiBrowse
                                                                • 125.23.195.204
                                                                iH18gdEj8Y.elfGet hashmaliciousMiraiBrowse
                                                                • 125.19.93.33
                                                                xmncOD7BwX.elfGet hashmaliciousMiraiBrowse
                                                                • 122.184.236.50

                                                                JA3 Fingerprints

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                28a2c9bd18a11de089ef85a160da29e4https://wetransfer.com/downloads/63408c72b6333965afb0118ce81f53d220240419112437/2452e85458854b24e1ec42e87285f82420240419112457/7d30d1?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousHTMLPhisherBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14
                                                                https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0DGet hashmaliciousHTMLPhisherBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14
                                                                https://docx-nok.online/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14
                                                                https://download-myproposal.xyzGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14
                                                                https://royaltattoo.in/js/kalexander@yourlawyer.comGet hashmaliciousPhisherBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14
                                                                https://www.dropbox.com/l/scl/AADwcgxTbjuvzakz6kszZMzP6RXavhxhixQGet hashmaliciousHTMLPhisherBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14
                                                                https://cionfacttalleriproj.norwayeast.cloudapp.azure.com/?finanzas.busqueda?q=Secretar%C3%ADa+de+Administraci%C3%B3n+y+Finanzas?30337974_3097_705331937556-157889157889770732479410588494105884Get hashmaliciousHTMLPhisherBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14
                                                                https://diversityjobs.com/employer/company/1665/Worthington-Industries-IncGet hashmaliciousUnknownBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14
                                                                https://app.box.com/s/ktl5qtvf2us1megbgmjabwqaxcdy69b5Get hashmaliciousUnknownBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14
                                                                https://dt.r24dmp.de/Get hashmaliciousUnknownBrowse
                                                                • 52.165.165.26
                                                                • 184.31.62.93
                                                                • 40.126.28.14

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):287
                                                                Entropy (8bit):5.250826042105618
                                                                Encrypted:false
                                                                SSDEEP:6:XlROq2PRN2nKuAl9OmbnIFUt8Yp6Zmw+YpGkwORN2nKuAl9OmbjLJ:XLOvaHAahFUt8YQ/+YY5JHAaSJ
                                                                MD5:C21EB462694FC1577C126ADF0BBA1E83
                                                                SHA1:4715BD2953DC44D2240C2C0AD6D44C1033A478ED
                                                                SHA-256:1212A6971402E37460EFC297F85D259801F7902C50E5455A070EE6C852CDE59A
                                                                SHA-512:FF07A48BF5006719B2176AC108816046FA4F1575C5BB2C5F66B2A439958480A2AC18F56E09ADAA5580E306870DBD94A4C15B6DC0A9139B40B5805A0D2A4F7C9A
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:2024/04/19-18:43:23.735 724 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/19-18:43:23.736 724 Recovering log #3.2024/04/19-18:43:23.736 724 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):287
                                                                Entropy (8bit):5.250826042105618
                                                                Encrypted:false
                                                                SSDEEP:6:XlROq2PRN2nKuAl9OmbnIFUt8Yp6Zmw+YpGkwORN2nKuAl9OmbjLJ:XLOvaHAahFUt8YQ/+YY5JHAaSJ
                                                                MD5:C21EB462694FC1577C126ADF0BBA1E83
                                                                SHA1:4715BD2953DC44D2240C2C0AD6D44C1033A478ED
                                                                SHA-256:1212A6971402E37460EFC297F85D259801F7902C50E5455A070EE6C852CDE59A
                                                                SHA-512:FF07A48BF5006719B2176AC108816046FA4F1575C5BB2C5F66B2A439958480A2AC18F56E09ADAA5580E306870DBD94A4C15B6DC0A9139B40B5805A0D2A4F7C9A
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:2024/04/19-18:43:23.735 724 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/19-18:43:23.736 724 Recovering log #3.2024/04/19-18:43:23.736 724 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):334
                                                                Entropy (8bit):5.179998720406089
                                                                Encrypted:false
                                                                SSDEEP:6:XUcM+q2PRN2nKuAl9Ombzo2jMGIFUt8YqKNJZmw+YqKNcMVkwORN2nKuAl9Ombzz:XZM+vaHAa8uFUt8Yq6/+YqlMV5JHAa8z
                                                                MD5:B0F42BAE1474C6193F91B4E56034BBC6
                                                                SHA1:74EA15E097898E9EEE835366402EBFAF2D370413
                                                                SHA-256:565A8E090BEF6CC1AAD81ED87F7BCC793EB493CB791F1D753612F3862AB562E1
                                                                SHA-512:A1B7D969D0BDAA839F483A33028D094D51A9B6AE4687834936B81D2ACBBF602D0E73003F8C0C8EA6043FB6C99F93758A97796830E7894D44BCF949D2E97D0CC8
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:2024/04/19-18:43:23.619 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/19-18:43:23.623 1c6c Recovering log #3.2024/04/19-18:43:23.623 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):334
                                                                Entropy (8bit):5.179998720406089
                                                                Encrypted:false
                                                                SSDEEP:6:XUcM+q2PRN2nKuAl9Ombzo2jMGIFUt8YqKNJZmw+YqKNcMVkwORN2nKuAl9Ombzz:XZM+vaHAa8uFUt8Yq6/+YqlMV5JHAa8z
                                                                MD5:B0F42BAE1474C6193F91B4E56034BBC6
                                                                SHA1:74EA15E097898E9EEE835366402EBFAF2D370413
                                                                SHA-256:565A8E090BEF6CC1AAD81ED87F7BCC793EB493CB791F1D753612F3862AB562E1
                                                                SHA-512:A1B7D969D0BDAA839F483A33028D094D51A9B6AE4687834936B81D2ACBBF602D0E73003F8C0C8EA6043FB6C99F93758A97796830E7894D44BCF949D2E97D0CC8
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:2024/04/19-18:43:23.619 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/19-18:43:23.623 1c6c Recovering log #3.2024/04/19-18:43:23.623 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\487c501e-2d80-4577-a3a6-8aa59bd038eb.tmp

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:JSON data
                                                                Category:modified
                                                                Size (bytes):403
                                                                Entropy (8bit):4.989975352353706
                                                                Encrypted:false
                                                                SSDEEP:12:YHO8sqZ6psBdOg2HrX2caq3QYiubrP7E4T3y:YXsX6dMHr53QYhbz7nby
                                                                MD5:7053083D27BD30602D3DB4F4906E23B3
                                                                SHA1:CCE94336F359C13CBAEE86EEE2F518E63C999834
                                                                SHA-256:797CEE53E935A4CF72DC9EE6ABE3DE9F23F00A9D8A332B31E6E8E9A43DB4DEB8
                                                                SHA-512:0F0FF7998A071FCBA2B84C184F7E07D22F6A2AF20FF3FC5A19B45BE8482FF0DD4BC3C9805426B4708213760AA441C6A8E0842A183E1366E0EF6AF882D0C31ED1
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358105014949155","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106278},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):403
                                                                Entropy (8bit):4.953858338552356
                                                                Encrypted:false
                                                                SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3b5719.TMP (copy)

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):403
                                                                Entropy (8bit):4.953858338552356
                                                                Encrypted:false
                                                                SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f15b71e7-dd20-4a44-ab47-ef13bfc62bfc.tmp

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):403
                                                                Entropy (8bit):4.953858338552356
                                                                Encrypted:false
                                                                SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                                                Malicious:false
                                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):4509
                                                                Entropy (8bit):5.224523787530085
                                                                Encrypted:false
                                                                SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xevTzfIahlOnzfeohlZ:OLT0bTIeYa51Ogu/0OZARBT8kN88vTrU
                                                                MD5:43686CF5DD081E42E1126712A0578AA0
                                                                SHA1:C52E3D29F1D81B9F962A1BE5B3E212229111ACB2
                                                                SHA-256:E4892D741B9DCD636963057F891478F93C55C9B38DE932130F389D6B4CB8A99D
                                                                SHA-512:CBDBC08D94525909B7E033A819A7860E074BF4A2360051B8A89311104AB4DF7D455691C2AAE664964945F193988668DBD8A8A430D5F552B52F1DAE9305D751C7
                                                                Malicious:false
                                                                Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):322
                                                                Entropy (8bit):5.229411301607881
                                                                Encrypted:false
                                                                SSDEEP:6:XnWcM+q2PRN2nKuAl9OmbzNMxIFUt8YlWJZmw+YrJocMVkwORN2nKuAl9OmbzNMT:XnjM+vaHAa8jFUt8Yq/+YrJlMV5JHAab
                                                                MD5:6B3D6634FF72F8185A82D5FA76912464
                                                                SHA1:9665C5A8C4E16C2030768A1045843648F1729F8A
                                                                SHA-256:A92519E71591DDBB29A07664DA159F861BCE30D7B314BE4019CAE277623F237E
                                                                SHA-512:C8D776A2F6B9756D383476B48A4151AFB68BDAC2D9AC92E34F18EA4FE48081F99A1266A7281398D1B602FE430E9C5F3693068967E26A3F8AE774B813E24B6149
                                                                Malicious:false
                                                                Preview:2024/04/19-18:43:23.774 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/19-18:43:23.776 1c6c Recovering log #3.2024/04/19-18:43:23.778 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):322
                                                                Entropy (8bit):5.229411301607881
                                                                Encrypted:false
                                                                SSDEEP:6:XnWcM+q2PRN2nKuAl9OmbzNMxIFUt8YlWJZmw+YrJocMVkwORN2nKuAl9OmbzNMT:XnjM+vaHAa8jFUt8Yq/+YrJlMV5JHAab
                                                                MD5:6B3D6634FF72F8185A82D5FA76912464
                                                                SHA1:9665C5A8C4E16C2030768A1045843648F1729F8A
                                                                SHA-256:A92519E71591DDBB29A07664DA159F861BCE30D7B314BE4019CAE277623F237E
                                                                SHA-512:C8D776A2F6B9756D383476B48A4151AFB68BDAC2D9AC92E34F18EA4FE48081F99A1266A7281398D1B602FE430E9C5F3693068967E26A3F8AE774B813E24B6149
                                                                Malicious:false
                                                                Preview:2024/04/19-18:43:23.774 1c6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/19-18:43:23.776 1c6c Recovering log #3.2024/04/19-18:43:23.778 1c6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419164327Z-163.bmp

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                Category:dropped
                                                                Size (bytes):65110
                                                                Entropy (8bit):1.520945008110262
                                                                Encrypted:false
                                                                SSDEEP:384:+phHXxD0SoximYwZrKWBfAPEbWuCplgsS:SHXxD0NximYwZrKWBfAPEbWuCpmsS
                                                                MD5:F912D29020D0B54AAD0907FEAB293095
                                                                SHA1:7C27EAD9912A34A65A8DC91596F02A1CEB1EC02F
                                                                SHA-256:0F193B9414BB4B01952B1BA8F4D4EA956C07884DCE77ACC8ECF46D37A79AA36D
                                                                SHA-512:6E5E3A034FFB85217C2705419411F14C8BEA1810ADBB5A867B2EB8E1A7706F837258AE618E5E0A5E10857B086A0DDAF79C7FDA6F3AA7AD7DDC2F0579ECB8AF8F
                                                                Malicious:false
                                                                Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                Category:dropped
                                                                Size (bytes):57344
                                                                Entropy (8bit):3.291927920232006
                                                                Encrypted:false
                                                                SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
                                                                MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                                                SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                                                SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                                                SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:SQLite Rollback Journal
                                                                Category:dropped
                                                                Size (bytes):16928
                                                                Entropy (8bit):1.2123303442888698
                                                                Encrypted:false
                                                                SSDEEP:48:7MhDGRqLmFTIF3XmHjBoGGR+jMz+LhJGT/Gn:7eyf9IVXEBodRBkae
                                                                MD5:602134883C57834D55062EDDDDEF0424
                                                                SHA1:C85D2211AFC8886AC885A16913EDB79F8C7CF69F
                                                                SHA-256:82DC5E021C1B32A9744E6A2C4520A835F203541ED9F0215CF6458CB61CA75BCB
                                                                SHA-512:CBCA2130375E6A13340354BFDCD0E11B333424E7F4D48023D613FC5E1FF30E362BAB8848746D6FD85CB95F0FE5877202C151127279DD83A3445B77FB270D3DFE
                                                                Malicious:false
                                                                Preview:.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1444

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:PostScript document text
                                                                Category:dropped
                                                                Size (bytes):185099
                                                                Entropy (8bit):5.182478651346149
                                                                Encrypted:false
                                                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                Malicious:false
                                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:PostScript document text
                                                                Category:dropped
                                                                Size (bytes):185099
                                                                Entropy (8bit):5.182478651346149
                                                                Encrypted:false
                                                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                                                Malicious:false
                                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):227002
                                                                Entropy (8bit):3.392780893644728
                                                                Encrypted:false
                                                                SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
                                                                MD5:265E3E1166312A864FB63291EA661C6A
                                                                SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
                                                                SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
                                                                SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
                                                                Malicious:false
                                                                Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):295
                                                                Entropy (8bit):5.369464652664115
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJM3g98kUwPeUkwRe9:YvXKXz3cWRuUhUYBwGMbLUkee9
                                                                MD5:7A30BDAA8452EA6636BEE9236045B80E
                                                                SHA1:F35817A8482C43D37BDA02E83E1AF4C20C1ACAC8
                                                                SHA-256:31984B219E7AC2655E86A747816929CDFE8A4CC8B5505C73B597ED243A6ABDF9
                                                                SHA-512:01AA904293ADD4B29076F7970AF6F05773442F68F63CBA4B0770AA24E28B69EDBA151D2D32225BBFCADD66B1F946074C3F02AFD6FF495AFA92CC44BA50147D0F
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):294
                                                                Entropy (8bit):5.317045172353576
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfBoTfXpnrPeUkwRe9:YvXKXz3cWRuUhUYBwGWTfXcUkee9
                                                                MD5:2CAB8989AE6165412732706752DD3DBF
                                                                SHA1:1B3BAD9E8A0617815897BAC7780320AA6B42BC37
                                                                SHA-256:D66191AB3BC53A390182B4A6E2DD8A0B25B64C06439504B89606DAE0C6BD5983
                                                                SHA-512:A74E31541F5EBB8D751758C83F9A742EB0315B32154F7F5A47AA944CBF22EA6F93A4C1C1BEA3C207DA3E31AEFC2997782EE1870619391606C08201A9C44B418C
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):294
                                                                Entropy (8bit):5.295866247399175
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfBD2G6UpnrPeUkwRe9:YvXKXz3cWRuUhUYBwGR22cUkee9
                                                                MD5:637CDFD37D6C510412C690A4177E29C1
                                                                SHA1:66D4F18B6A7D21046E76D26B278EF79CF0CF0F2B
                                                                SHA-256:887C29F2D610CC83D1F97ABA1F3065C8B8EE6782DB6C2DB0BE002EA8C360DE1B
                                                                SHA-512:BF3EBFD6E64ECB18D679C601F06DB912AF932BC7AD15A229D6A5DA2C7E5A137AB0D0A0DCE5C02B60E3368036681B865B206C11BC8A7ABA0697B4E2526A733936
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):285
                                                                Entropy (8bit):5.358058920926055
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfPmwrPeUkwRe9:YvXKXz3cWRuUhUYBwGH56Ukee9
                                                                MD5:F895AB4DF965C76DFE50E8DB9731071B
                                                                SHA1:AD42F06387B5B1F36D0F37ED90338A0458473BDF
                                                                SHA-256:FC40DDA212337B0820EF6C1BB46D764BB7E6E230EDB6538AE722500A45CB6A57
                                                                SHA-512:7EB3EA9AE4AB00C1F757C30B861B7B224C62CC06B7F63487C7290E4BA52D1AB9B14C093C98F29F2F100874E62705D251F6FC2D7BF943D37B1593E3AD96CE44A5
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):292
                                                                Entropy (8bit):5.316431616325604
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfJWCtMdPeUkwRe9:YvXKXz3cWRuUhUYBwGBS8Ukee9
                                                                MD5:35E2C6E25F97ADD05618565BFE35DD58
                                                                SHA1:9528A49462487E1B7721FB3B5F73F883F0490153
                                                                SHA-256:69B43491CAD6F9FA501F09F0742CB6785E84B8CB51877E8E85ED70270B35BFFE
                                                                SHA-512:6045C1A7F7E9824E2071B9C4074FB4BDAD2AC7A73AD04D9056425348648B3B2C487B6FFF207F8183E0A160233F775EC2EE5788863AEC370C14BC8CDE20CE73C7
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):289
                                                                Entropy (8bit):5.303662282327248
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJf8dPeUkwRe9:YvXKXz3cWRuUhUYBwGU8Ukee9
                                                                MD5:1466A5830C7D1098C4CF4AC78207A530
                                                                SHA1:952404A8928E81280DA5053C07B74812C87B4703
                                                                SHA-256:B9D56F427C3B2E23C48AED983CF149D39AD38F1CF9654E9305E674789E52E399
                                                                SHA-512:CBBFECF4BD8E1540877BD8DB6BA7D9317481A930D7E9515852F235A57A55BBE5946352FA3D8B05993AFA09BC665C9E58FD3393929F3A1E28EA84FBE12755F923
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):292
                                                                Entropy (8bit):5.3056932841716975
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfQ1rPeUkwRe9:YvXKXz3cWRuUhUYBwGY16Ukee9
                                                                MD5:AA75CB7B2E8A0AC6D39E072029145FCC
                                                                SHA1:E0A894FC01D254E271371D09E767BB1A44B837E9
                                                                SHA-256:BB3604EA674FB91E05C2C54CB8F26619D36D19CE5F33D60E70DBEC9EBA8E5B77
                                                                SHA-512:3A0572F14813C82A3C7890BEEB7E6639B8F47E3EAB70DE60AFDC10C4C5EA9FAF8BEC0B307C76347134D9E036A3E4F76058ABC895F0855B26AF751FE0087155B1
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):289
                                                                Entropy (8bit):5.3121294670068515
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfFldPeUkwRe9:YvXKXz3cWRuUhUYBwGz8Ukee9
                                                                MD5:BA3F9DBD22AB523AE6BE1471DB27EA18
                                                                SHA1:CA6BB99617F6079541388B4CB5E2016996FE186B
                                                                SHA-256:80F275C660B3C4B361328113F160A89DF0643D569EB73A3FD408D75B0EF04FA9
                                                                SHA-512:7A9227376149C2CC12C99ECE237A8DBB4FC2CE1F7827953BD15F6E9CD89142AABE98EC1B83CCEBF69D70DF15C7B7FA02CAC4649E7CF18C0754A59EE650A18FBD
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):1372
                                                                Entropy (8bit):5.735824248515254
                                                                Encrypted:false
                                                                SSDEEP:24:Yv6XjFU4oKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNY:YvqU4oEgigrNt0wSJn+ns8cvFJ2
                                                                MD5:6E4096A51E40E4BDA3223052A8E84CC2
                                                                SHA1:5BBADC9604AD52B9EFD349EBA915126E7211BDD3
                                                                SHA-256:F310FE88C9ECD09A9347761F6AF34D5243E2EFD1073F34B3552511FB1D520344
                                                                SHA-512:DE9CEE80FADA7EF6C930F8D7D897062874D4A271E803E54949EFD51E36144B60C24B5525D84550C606BD9E2D3734A522C0AE71D565E4900EB0EB62CEC7EB9820
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):289
                                                                Entropy (8bit):5.309675485675993
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfYdPeUkwRe9:YvXKXz3cWRuUhUYBwGg8Ukee9
                                                                MD5:9FFA52A41138D1C6FEAA2719EED64C21
                                                                SHA1:3582D4CE7207F9BAA1967CC9F7B7C478134A4864
                                                                SHA-256:A725DF01B12CA10EA005A0EE9B20F0C844DADF1122F678970F9AE339C26D7D1A
                                                                SHA-512:437989F3DA80E60013A98809DECD1AF29ADCDB9C243679AAE0E67CEA76FFD6DC6625357031B10FB70699BAEF4DCF9A142208E484055B62BD412079CD69C03747
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):1395
                                                                Entropy (8bit):5.770595845891431
                                                                Encrypted:false
                                                                SSDEEP:24:Yv6XjFU4HrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNw:YvqU4HHgDv3W2aYQfgB5OUupHrQ9FJC
                                                                MD5:051F32F10A34C07D6973DC06788314FC
                                                                SHA1:871DF0F6921E2F6A175B873ECD6E90FE93B0F802
                                                                SHA-256:E10437DD1E7D3CFAF4EDC3E3DC4C82F64CDFAA774A97FD7AF16E5775483B7171
                                                                SHA-512:9EF84BC6C97B40C4A273A6BB8ACFE2333AF2D592FD4B8EAE62A54781A531C6836E6C5C4DAC3350DC8E5783592CCFADDC7C29288D3BE23ECFDD01472C756CD440
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):291
                                                                Entropy (8bit):5.293156085166516
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfbPtdPeUkwRe9:YvXKXz3cWRuUhUYBwGDV8Ukee9
                                                                MD5:428103BB097A90DBBA2FA37517D2A9ED
                                                                SHA1:EC0630C406BD7A461DF6DACBDB68AC7DB5EFFC14
                                                                SHA-256:8F8016F464B73F6D4A5851A664DFDB9B5AA33094011339C1DF99B55D431C6D9F
                                                                SHA-512:F20589D7BAEF20519772D0F439BA830E25BC759B0206AE5888316DBC7E71870BCBB6079E769B0F523CBE7D7DD858B33EA79152AB16E9E583669A1626A8A8DE67
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):287
                                                                Entropy (8bit):5.296356948039628
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJf21rPeUkwRe9:YvXKXz3cWRuUhUYBwG+16Ukee9
                                                                MD5:6AC714EE65B58E80E60847D2578A8F86
                                                                SHA1:77982A28355ADA74315DEFCB35A0B2DAA3210873
                                                                SHA-256:C53FB37EC5CC715365F12D982B425CF81BD5436867DCF66E5918ABB5A76ADC90
                                                                SHA-512:506D44B984729838704BE776DA1F91DF4B2DEED5AEFB6D01C11D780A9C607449EACDD90232870F03064BB29E7DF1706843989E84FA5321C9485229EEA20C7BD5
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):289
                                                                Entropy (8bit):5.316788091959265
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfbpatdPeUkwRe9:YvXKXz3cWRuUhUYBwGVat8Ukee9
                                                                MD5:8553EF1CBDD5464E1C2417FF7821A43C
                                                                SHA1:E46368F11B07DF7B6CD7E1BF5C94EB541A0593AD
                                                                SHA-256:654E304A97B910A49403D5DF11FC50DD11513D80AE25AE567097C612340F8A66
                                                                SHA-512:69FCA3BA9AC655C23AC3CB14E1E54BFA6648DDEE05CEEB792B74E2EDA34991C5C82231B56561047172AEEF00F6292A3FE1D11320580230B500B24DC77409122B
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):286
                                                                Entropy (8bit):5.271778020305775
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXzwIc5IRR4UhUR0YsBPoAvJfshHHrPeUkwRe9:YvXKXz3cWRuUhUYBwGUUUkee9
                                                                MD5:648CECE4EB1E3297C44FE4BBBF1436C8
                                                                SHA1:2F252453CCFD2ABC0442BC850A111CCA71771D48
                                                                SHA-256:1836DFC39FF9628E5D70175B8FA77ADE9CDA44DC1E19D655CE2182B1B0A3D533
                                                                SHA-512:BF8F9A5E0B6C7C28C4320E9CFB91F623A350B5C67F597E8B242E6A4CDD7F21072A1BBC112B4CFF49081D045343BA6D9214EEC3AD1380BF8F54AC0BE6C483745A
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):782
                                                                Entropy (8bit):5.371040403213218
                                                                Encrypted:false
                                                                SSDEEP:12:YvXKXz3cWRuUhUYBwGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWk:Yv6XjFU4m168CgEXX5kcIfANhV
                                                                MD5:F5E13B2D0BFE6A9DA7649B4042F67FBD
                                                                SHA1:6910FEBCE9C53A8C44EBA4D4EB458AA338C8CF17
                                                                SHA-256:F64F5004BA870FA3208B8C75FF425DF41AB940D28669C1FB00826C8901E3B5EC
                                                                SHA-512:23C66F75A6421427DF810CD3A3F4497647F5F012215E8E71DD6D427B219E45DA38C9F043CE3E726C4BF6EEC3AFDB67B4601D94CAEC9B25762AB1B43860263D15
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"efcb7b59-b13c-4e47-bd55-850bdbeadb18","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713718063301,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713545008337}}}}

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):4
                                                                Entropy (8bit):0.8112781244591328
                                                                Encrypted:false
                                                                SSDEEP:3:e:e
                                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                Malicious:false
                                                                Preview:....

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):2814
                                                                Entropy (8bit):5.131253294385473
                                                                Encrypted:false
                                                                SSDEEP:24:YGF7HnETYC8/LGREcv4Saqi5aaydhBJEgMujwPEej0SeBgRYy2v2LSIjQ8954kVp:YGWsvLGycvjf7wH0gFKKc89X9j
                                                                MD5:8AA7AB8566279A478BA651BB54EFBC3E
                                                                SHA1:0A5CDB80E56DA113CCCEEE0B65B1262176ADD945
                                                                SHA-256:18A41A535D640676E56A42B3E2858EDE0ECEBF52EBDE5BA7BCDC3205E313331A
                                                                SHA-512:D4930C44A6B7A88CB407031C9505A97680B16D54D0CA31454569B0F2A82EDE99CB85B4EC742DEEE311B2692368329211F45C188E6AAB037BB97BDC03BA388519
                                                                Malicious:false
                                                                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"49487177225ec87c9e6a6aba5bc2dabb","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713545007000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f03baa97aa52cffefaf708144b41d662","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713545007000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"891892034f216e76663bc50dec97f074","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713545007000},{"id":"Edit_InApp_Aug2020","info":{"dg":"4f29d08b73d2390cf9696121043e7734","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713545007000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"2f99d50993372b8362d4cef2fe3ff28d","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713545007000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"3821992acf06cc3f40a18f653a61384b","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713545007000},

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                                                Category:dropped
                                                                Size (bytes):12288
                                                                Entropy (8bit):0.9883773595498395
                                                                Encrypted:false
                                                                SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6QeiLIcLESiAieKLF:TVl2GL7ms67YXtrTcI8c
                                                                MD5:9E93FAAB3258148128FDDC17BD5E68C8
                                                                SHA1:3251E6980746E6FF6980238B4F0D4C62F19432D2
                                                                SHA-256:857C3CCCBCB01482D94C133FA1E29EC8B6F1F5ABFE868F52BB2F4FCEEFAF7621
                                                                SHA-512:F625A466DE4F098989F756169CC3091EA09C778BD94342420791374FCB7581CBB33E4533518F95555211CBDC3A804522236CDCD8D142837220B128619AE68EFF
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:SQLite Rollback Journal
                                                                Category:dropped
                                                                Size (bytes):8720
                                                                Entropy (8bit):1.3462336094373253
                                                                Encrypted:false
                                                                SSDEEP:24:7+tvASY9QmQ6QeiL7cLESiAi0mY9QHRqLBx/XYKQvGJF7ursf:7MvlYXtrQcI8KYURqll2GL7msf
                                                                MD5:76A197612034246170F21C2DF9B8D914
                                                                SHA1:B9B0F48BFE12F5C320AC810923097565E5552DB7
                                                                SHA-256:EA47B8E027C65C8CB9883A2D9090D341FFC0B37DA5382E3FE296057D108C8A82
                                                                SHA-512:4C97E73676AF0DF16D7258483EEB91B1AAAE8941BEBFCC6F3EA9433E16ACF24B075AB44806B51BEC1F1767EC518871099E0DB6680076E8F7FDA8D1C2E4F5602F
                                                                Malicious:false
                                                                Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):231348
                                                                Entropy (8bit):4.390836382005547
                                                                Encrypted:false
                                                                SSDEEP:1536:7nYLtUgsIol74VHsFgsFvNcAz79ysQqt2yhXXqoQl7rcm0Fvb68yEFBmfHVYKXs6:E6gcKGgKmiGu2wqoQprt0Fvmks/mwvu6
                                                                MD5:E0129F6427612DD766E5A225BC36E4E8
                                                                SHA1:33D2C1CD010F1F8672A8510C92C0F3745F8C716C
                                                                SHA-256:494B67F4195563D5961705F571FE02F6DC56499C1948D3FE83472946A97B52BE
                                                                SHA-512:1E1B5D5D098036B68BFF7E0257F2E55DA7B5BDCD33C1DEA259A6B7441DF973BC83CDA68D627993B7C0142D4FD05EE77F1A1424EEECA779447F94EBB63F3A87AB
                                                                Malicious:false
                                                                Preview:TH02...... ..je.x.......SM01X...,.....W.x...........IPM.Activity...........h...............h............H..h........}.$...h............H..h\cal ...pDat...hp...0... ......h...M...........h........_`.j...hb}.M@...I.lw...h....H...8..j...0....T...............d.........2h...............k2.R.......G...!h.............. h...U....8.....#h....8.........$h........8....."h`.............'h..............1h...M<.........0h....4....j../h....h......jH..h8{..p........-h .......d.....+h&..M........................ ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):32768
                                                                Entropy (8bit):0.04567525615967531
                                                                Encrypted:false
                                                                SSDEEP:3:GtlxtjlkOAkGv1ql/tlxtjlkOAkGv1l/jR9//8l1lvlll1lllwlvlllglbelDblx:GtEObGv1OtEObGv1lF9X01PH4l942wU
                                                                MD5:1623654C118B4FC3E82CF8AA292529D8
                                                                SHA1:987A32B8082CC1405EEA8FDC39AB0263FD682D50
                                                                SHA-256:2E56B8922A1A5067479257F738252DD91B40A4A1E9BABCBA4DEB1BDC8FD2EF87
                                                                SHA-512:C394DF0012E62EB90C107AC1AFF67716B241DD1A2BBBA0A90F3C415F5A1D3B8442312FD67B8BD2B9A701908B55C77DBC94EB427264E43462D1EA1D5CCC69F0D5
                                                                Malicious:false
                                                                Preview:..-.....................q.+..E%.q.o..............-.....................q.+..E%.q.o....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                Category:dropped
                                                                Size (bytes):49472
                                                                Entropy (8bit):0.48310557919476615
                                                                Encrypted:false
                                                                SSDEEP:48:LC+nQ16IUll7DYMyzO8VFDYMKjkBO8VFDYML:+1Ebll4FjVG/ajVGC
                                                                MD5:254A6A2E6FD41A9FF3BB4C0038CE07B3
                                                                SHA1:37F5AC6E1ED7B742091CCA10E41ACABE873D834A
                                                                SHA-256:F74EBF855E51457860C30056FE27E457D91DD712BDE3DD658AA1A36CA3705BA4
                                                                SHA-512:087342A37C8AC2C2EEF5FBECFAE555DC8020EE74516D8529E335E18CA02D4F623A5F7F9A5171570C025308A1CE45716892F15B198D4E1A9B73A936F682C062ED
                                                                Malicious:false
                                                                Preview:7....-..........q.o.....xV.............q.o.....i...a2E'SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\03UIW9HD\RFQ2400598_0000063414_20240419161746 (002).pdf

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:PDF document, version 1.5, 8 pages
                                                                Category:dropped
                                                                Size (bytes):185059
                                                                Entropy (8bit):7.95240013053437
                                                                Encrypted:false
                                                                SSDEEP:3072:GsULiOZOvdyNuRwAQFfLdTJvsZZrTn5zZkN19Klt7wYJKm:i1KdysiAiLfv8TnJZ214lNwYJ
                                                                MD5:31CC6A52EE07145E22FAE11CED14CA33
                                                                SHA1:7CE75CFFBD447E5D9A77EE2D842E81AE8B7C1C0E
                                                                SHA-256:C132FD45EBAD0648C9806E89567346BCBB46B4638CE31C0BE88176B4AD79CBAF
                                                                SHA-512:2791C74DB4E8C53063D8F92DCC333DF2602F017BFEF133CF3985882C3BCCC5E3821B9E2373C654B5FFF59BB6682BE795AEFFA61D48A4D2E63272754315426034
                                                                Malicious:false
                                                                Preview:%PDF-1.5..5 0 obj..<</Type /Page/Parent 3 0 R/Contents 6 0 R/MediaBox [0 0 595.29998779 841.90002441]/Group <</Type/Group/S/Transparency/CS/DeviceRGB>>>>..endobj..6 0 obj..<</Length 40 0 R/Filter /FlateDecode>>stream..x..\.....@Y`)..v.UX.......aTJ%Z...J>.%e.VJL......yv.....w7aX..~....s~}..UK<....U"I).....Y.C..R.........uB....M......?.....~.wU......Ym...w.'..?v.@.~[.}....h*....sJjg.Ma.2..$tJ)..x.. ...).....|[...~4..!......EV....P%...'...>.?.~.u.e..gnL..<.bY..M}.:[..^.^...s....Qv..<[]....D..E...{....?.'*.B/hw.._C......s.iv.<...L.@Z..{;.W.O.c........E=O.5b..8Wu..6..-4...W...6S...o.M..%.\@.fj*(..H.R..4L......^.OK.\;5.E...N..y.+.5.k..D..ym...L.^ue(.d<Le......y.. ...B..f.@.w.e....S.0..riX..#. j..`-......j......./y........J..fk-&.S;@Vr.a...X...9~5..q..1~..........zY$.........T.7?......".h.."M.7....[..{.........5./_. U...l09./<i.7..........x...P..N.ZG..X.Y...0v..e.E-t.0.G.c.|..6.....Tg..fe_._n....g..b.D$..|..n...H.3].d.W.....`.J.DC(.m..T$M..d...(.....%...T.......lp.

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\03UIW9HD\RFQ2400598_0000063414_20240419161746 (002).pdf:Zone.Identifier

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:modified
                                                                Size (bytes):26
                                                                Entropy (8bit):3.95006375643621
                                                                Encrypted:false
                                                                SSDEEP:3:gAWY3n:qY3n
                                                                MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                Malicious:false
                                                                Preview:[ZoneTransfer]..ZoneId=3..

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\03UIW9HD\RFQ2400598_0000063414_20240419161746.pdf

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:PDF document, version 1.5, 8 pages
                                                                Category:dropped
                                                                Size (bytes):185059
                                                                Entropy (8bit):7.95240013053437
                                                                Encrypted:false
                                                                SSDEEP:3072:GsULiOZOvdyNuRwAQFfLdTJvsZZrTn5zZkN19Klt7wYJKm:i1KdysiAiLfv8TnJZ214lNwYJ
                                                                MD5:31CC6A52EE07145E22FAE11CED14CA33
                                                                SHA1:7CE75CFFBD447E5D9A77EE2D842E81AE8B7C1C0E
                                                                SHA-256:C132FD45EBAD0648C9806E89567346BCBB46B4638CE31C0BE88176B4AD79CBAF
                                                                SHA-512:2791C74DB4E8C53063D8F92DCC333DF2602F017BFEF133CF3985882C3BCCC5E3821B9E2373C654B5FFF59BB6682BE795AEFFA61D48A4D2E63272754315426034
                                                                Malicious:false
                                                                Preview:%PDF-1.5..5 0 obj..<</Type /Page/Parent 3 0 R/Contents 6 0 R/MediaBox [0 0 595.29998779 841.90002441]/Group <</Type/Group/S/Transparency/CS/DeviceRGB>>>>..endobj..6 0 obj..<</Length 40 0 R/Filter /FlateDecode>>stream..x..\.....@Y`)..v.UX.......aTJ%Z...J>.%e.VJL......yv.....w7aX..~....s~}..UK<....U"I).....Y.C..R.........uB....M......?.....~.wU......Ym...w.'..?v.@.~[.}....h*....sJjg.Ma.2..$tJ)..x.. ...).....|[...~4..!......EV....P%...'...>.?.~.u.e..gnL..<.bY..M}.:[..^.^...s....Qv..<[]....D..E...{....?.'*.B/hw.._C......s.iv.<...L.@Z..{;.W.O.c........E=O.5b..8Wu..6..-4...W...6S...o.M..%.\@.fj*(..H.R..4L......^.OK.\;5.E...N..y.+.5.k..D..ym...L.^ue(.d<Le......y.. ...B..f.@.w.e....S.0..riX..#. j..`-......j......./y........J..fk-&.S;@Vr.a...X...9~5..q..1~..........zY$.........T.7?......".h.."M.7....[..{.........5./_. U...l09./<i.7..........x...P..N.ZG..X.Y...0v..e.E-t.0.G.c.|..6.....Tg..fe_._n....g..b.D$..|..n...H.3].d.W.....`.J.DC(.m..T$M..d...(.....%...T.......lp.

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\03UIW9HD\RFQ2400598_0000063414_20240419161746.pdf:Zone.Identifier

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):26
                                                                Entropy (8bit):3.95006375643621
                                                                Encrypted:false
                                                                SSDEEP:3:gAWY3n:qY3n
                                                                MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                Malicious:false
                                                                Preview:[ZoneTransfer]..ZoneId=3..

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{FD96D24F-17DD-4E5C-9405-4172EB113E4F}.tmp

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):1604
                                                                Entropy (8bit):1.1710614971572304
                                                                Encrypted:false
                                                                SSDEEP:6:t+RCNl8a+5MVyM/FcvYo9AKY2EAhkly/n8irwl2flXMvOwWlqH4/rH:tXz+5uynvYvL2Vkl5iklGlXUIH
                                                                MD5:DF95EB34BD1E2FCCFA6E301406E842FC
                                                                SHA1:4A4BB72DEF491FEA9DEB2E408CBF110CF5A1F286
                                                                SHA-256:812E658E769F6DADA6E69B3019C7C6AC25BD30C69571D6D261C8CEF4E6AE1945
                                                                SHA-512:5D0ECC695B18E28E001ACA54693D07C39E619276B425201CC261BF1C191A980C193A60C9B2E3290EAF6BC2252790D99F1E3F3BD0BF9B50EBC6B6B98A5B5DD4B1
                                                                Malicious:false
                                                                Preview:......Y.o.u. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .e.m.a.i.l.s.v.c.@.d.s.o...o.r.g...s.g... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713544993488227400_621DCCF0-B640-4C69-88D6-56C5D0CBC84B.log

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:ASCII text, with very long lines (28769), with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):20971520
                                                                Entropy (8bit):0.1592962310059289
                                                                Encrypted:false
                                                                SSDEEP:1536:icIGJWNFTjOdhxTRKcRdULlq/FirVzjS3/7oaQEfBZT:DWredhtR2xaJ
                                                                MD5:4E27A5F21E5711F19B4F14F08EF1A404
                                                                SHA1:E2676B4F1A5AD7FA5F183913716765671D8A4FDC
                                                                SHA-256:F3A102BDF0FD5DCE8CDF3EF1B2D859D257342ABE5F4BD4434EBF65B28A65BE6C
                                                                SHA-512:DC5AB3AE87AE40DFDE9D02C298BBC233B24B98820156F3AB8535CB95D3D556AF488CCB5863EB04C88C943002F040466F9D061A5BA861F4824C6295A7DBBB7998
                                                                Malicious:false
                                                                Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..04/19/2024 16:43:13.527.OUTLOOK (0x18A8).0x18E8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2024-04-19T16:43:13.527Z","Contract":"Office.System.Activity","Activity.CV":"8MwdYkC2aUyI1lbF0MvISw.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...04/19/2024 16:43:13.543.OUTLOOK (0x18A8).0x18E8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2024-04-19T16:43:13.543Z","Contract":"Office.System.Activity","Activity.CV":"8MwdYkC2aUyI1lbF0MvISw.4.12","Activity.Duration":12931,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

                                                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713544993488929600_621DCCF0-B640-4C69-88D6-56C5D0CBC84B.log

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):20971520
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:3::
                                                                MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                Malicious:false
                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\MSIa9aee.LOG

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):246
                                                                Entropy (8bit):3.529459928009153
                                                                Encrypted:false
                                                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8m+aF23nH:Qw946cPbiOxDlbYnuRKm
                                                                MD5:51883851D4D96873076F589F8188739E
                                                                SHA1:5B5E129260FBCA333961CB38999C5513F371D328
                                                                SHA-256:17ED657B532D26F7A53D4FA3157F40A10AF8E2E078AB9BE3064CDBCAE601D35E
                                                                SHA-512:A32836E29DF851C50D865F1E95FA5E46CA06F7FC41FB31E1CE38F3988C6C491E3486F136F71328F02F5DD0EF5DAFA75D2606575C7B872B99165BCB9D52B73A23
                                                                Malicious:false
                                                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.0.4./.2.0.2.4. . .1.8.:.4.3.:.3.1. .=.=.=.....

                                                                C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240419T1843130290-6312.etl

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):106496
                                                                Entropy (8bit):4.487726613772287
                                                                Encrypted:false
                                                                SSDEEP:768:UoMpnpUweRHIBw/kOmRfKn4ws97V7dYa87zXj5+4K9O8SHpZNF:rMzUnQZ24ws97VxYrfXU4KgJz
                                                                MD5:33ADAA903A09A2FCE69E426DCC6628A5
                                                                SHA1:97D2CF8E8615B1809C8DF97E13FFB394FE9FE24A
                                                                SHA-256:C6ECC6674120434614C372A15860D586B0E325F91BB8CE7FF11CD23E5C59F780
                                                                SHA-512:30D7B0DF3E6538C7DA0C7373ABE35B183C371F35548BC4F78668B77065EE91981567FA609D78251614AF23ADD0926A0FE6C04B7E47A1B79E000282053DA0CEC7
                                                                Malicious:false
                                                                Preview:............................................................................`.............x...................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...............................................................Y............x...........v.2._.O.U.T.L.O.O.K.:.1.8.a.8.:.e.3.2.0.e.9.7.3.d.a.3.c.4.a.a.7.a.a.0.5.8.9.c.6.4.4.3.6.d.d.4.4...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.4.1.9.T.1.8.4.3.1.3.0.2.9.0.-.6.3.1.2...e.t.l.......P.P...........x...........................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 18-43-25-172.log

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:ASCII text, with very long lines (393)
                                                                Category:dropped
                                                                Size (bytes):16525
                                                                Entropy (8bit):5.353642815103214
                                                                Encrypted:false
                                                                SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
                                                                MD5:91F06491552FC977E9E8AF47786EE7C1
                                                                SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                                                                SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                                                                SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                                                                Malicious:false
                                                                Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):16603
                                                                Entropy (8bit):5.383477759854156
                                                                Encrypted:false
                                                                SSDEEP:384:MTHuNNTSnMcQKzYNa6Ri0VIwq9k7CenTYARDnjazMxGQceeelJHMnXju5/WxQYcD:jX1
                                                                MD5:9FC5DF2D7BBEE91FD20784D3AE21078E
                                                                SHA1:5F8552ADC608952902A9583D129FBAA6A521EA6D
                                                                SHA-256:22967936A9054BC2F18060E28C808E5512CFC28994DE8819974EC546BCF34B04
                                                                SHA-512:8E7036D951A142C1C0ADCCECF70489D5632E5B928E3444C9F41A164C3B117B02754ABB454125C8E639515BA0AACB892C9C9AC2D12F1D40ED800CF3CBF22C79DE
                                                                Malicious:false
                                                                Preview:SessionID=1aa902cf-b05d-4bff-b977-f85620c2ddc1.1713545005184 Timestamp=2024-04-19T18:43:25:184+0200 ThreadID=3284 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=1aa902cf-b05d-4bff-b977-f85620c2ddc1.1713545005184 Timestamp=2024-04-19T18:43:25:185+0200 ThreadID=3284 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=1aa902cf-b05d-4bff-b977-f85620c2ddc1.1713545005184 Timestamp=2024-04-19T18:43:25:185+0200 ThreadID=3284 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=1aa902cf-b05d-4bff-b977-f85620c2ddc1.1713545005184 Timestamp=2024-04-19T18:43:25:185+0200 ThreadID=3284 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=1aa902cf-b05d-4bff-b977-f85620c2ddc1.1713545005184 Timestamp=2024-04-19T18:43:25:187+0200 ThreadID=3284 Component=ngl-lib_NglAppLib Description="SetConf

                                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):29845
                                                                Entropy (8bit):5.423614720256224
                                                                Encrypted:false
                                                                SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcb4Uj1cb/KIoScbzqV:fhWlA/TVzou
                                                                MD5:25E3067B841D0A0562BF622C16964073
                                                                SHA1:E4BB298509893D593F47A2923D1939B0F3DF4AB9
                                                                SHA-256:B1CBDEBB1659FA09DEFBA625015E07FF2A38C73313496131FA9C9254011C170B
                                                                SHA-512:FACD7B3BBD489F0A16CE531CC0B431F9BFCEC59527E1AB929968B98AFEC8F827BD3C55C9BD87DE32ABD154680A2E3419AA6BE731F8EBDD3C7527D6511F6F03B1
                                                                Malicious:false
                                                                Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\07b43abe-b5e8-451a-8f85-3243bf18ffb5.tmp

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                Category:dropped
                                                                Size (bytes):1407294
                                                                Entropy (8bit):7.97605879016224
                                                                Encrypted:false
                                                                SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
                                                                MD5:716C2C392DCD15C95BBD760EEBABFCD0
                                                                SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
                                                                SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
                                                                SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
                                                                Malicious:false
                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\3bc81558-466a-4b23-8d96-6893ab715a0a.tmp

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                Category:dropped
                                                                Size (bytes):386528
                                                                Entropy (8bit):7.9736851559892425
                                                                Encrypted:false
                                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                Malicious:false
                                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\d0db2352-63ae-4618-9318-5755de95541e.tmp

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                Category:dropped
                                                                Size (bytes):1419751
                                                                Entropy (8bit):7.976496077007677
                                                                Encrypted:false
                                                                SSDEEP:24576:/M7oMOWLaGZ4ZwYIGNP8dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RVWLaGZ4ZwZGm3mlind9i4ufFXpAXkru
                                                                MD5:E787F9888A1628BE8234F19E8EE26D68
                                                                SHA1:44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
                                                                SHA-256:3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
                                                                SHA-512:EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
                                                                Malicious:false
                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                                C:\Users\user\AppData\Local\Temp\acrocef_low\d6fb1b02-7055-4319-9307-684d759a6bd6.tmp

                                                                Download File
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                Category:dropped
                                                                Size (bytes):758601
                                                                Entropy (8bit):7.98639316555857
                                                                Encrypted:false
                                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                MD5:3A49135134665364308390AC398006F1
                                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                Malicious:false
                                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                                C:\Users\user\AppData\Local\Temp\olkDE93.tmp

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):53987
                                                                Entropy (8bit):7.887554082100959
                                                                Encrypted:false
                                                                SSDEEP:768:4ol3s/KStfqHMwp5pQ2Fm83PtgMcHPeXLWvAyQAWtw4uKls2M6IAt6Y8S2rqEbnA:So6I0LlKltxIAwYKn8JKm
                                                                MD5:E9D53143E6F0855D5264A62F891721D5
                                                                SHA1:56983484D8E88F8A22B9CB790A67576002A46E91
                                                                SHA-256:D25AE0AFE47C34AE435C913F1F4355959D9A86459D1086A0494AED579415E7D2
                                                                SHA-512:319CEE0A14EDA4E110492D3762A55D763A9AE6C860AAFC37ED1469DD5BF0D9FC81D9C957A6F6C7E0D5D075CDBFA20CF256D93A84371F364D82FB6198AF9E8FEC
                                                                Malicious:false
                                                                Preview:...x..t.....{.....:x..!...>..}.....c..s.q..........\O.......#.z..L;.L;..xD.z...:s..,..>.N...8......:...A=..}>0..<q!*.".........{!,.6.2..r.x.RD...W@....g.....K.z>......].IM...r1=56.........K........7o\...@........I.9.@nrv^J..p+57?-.+..s..hwo..f.).{/............%.....0..@(..........2..W.*...W>..zT.......a.+..W.7T54V76T?n...R..T.Ammh...[..v4.u6..7.u4.w.tt.v>m.z....x......n...>......~.z_.......}......_....~.n..h.........C..q....84...G...|...L..AL..>Y..,.d. ..Y<.....(......IY<................o.xT.T......x..7M......Y<.. ..6..Y<..A...x..,.d. ..Y<..1..........endstream..endobj..113 0 obj..1252 ..endobj..48 0 obj..<</Type /Pattern/PatternType 1/PaintType 1/TilingType 3/BBox [0 0 1446 3]/XStep 1446/YStep 3/Resources<</XObject<</X2 114 0 R>>>>/Matrix [0.33333334 0 0 -0.29999998 35.40000153 96.84204102]/Length 115 0 R>>stream..q 1446 0 0 -3 0 3 cm /X2 Do Q ..endstream..endobj..115 0 obj..30 ..endobj..114 0 obj..<</Type /XObject/Subtype /Image/Width 1446/Hei

                                                                C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):30
                                                                Entropy (8bit):1.2389205950315936
                                                                Encrypted:false
                                                                SSDEEP:3:eelhlX:ee
                                                                MD5:352356E29A6E6762736BB5983EEB7A2B
                                                                SHA1:8E8F34F38C37E57F3552AAA2298DFF1D8EF5CA61
                                                                SHA-256:114DC1BB09680E4DAAA91956D80AB61E214D8E2E46C085DBAF1C12F3F1DD25E6
                                                                SHA-512:06695DB6C548722AF4ACBFC75C08FA3BDBC5A72690451ABE5ABAFBCE4C975BE8FB7CCCA253D51C82DA99BBF49B4F4211FF9ED86104C57A4FA5A09E0EEA6998BB
                                                                Malicious:false
                                                                Preview:....).........................

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 15:43:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2673
                                                                Entropy (8bit):3.9816473575788653
                                                                Encrypted:false
                                                                SSDEEP:48:8JdeTaK5H3WidAKZdA1FehwiZUklqehAy+3:8KfS/y
                                                                MD5:24C2C980C2D8378EC79FAEC3553EAE63
                                                                SHA1:0AF86765226BA296FA8776E29A87E4B2361A19DC
                                                                SHA-256:A10A94106C048FAADF3379B04CA8E2A17FC090879E0DB95ACD70DCCBB1E0EF9D
                                                                SHA-512:76CB4705B04D4D3DCA78FD0C3A5972273077CB8EAA470CA8E060A3A156901647EC0A465474F6A55445FBDA2454E21CDD266F5E386EA4CC1C1BF7BE4CF6CD62FC
                                                                Malicious:false
                                                                Preview:L..................F.@.. ...$+.,.....Q.x...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........K^eO.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 15:43:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2675
                                                                Entropy (8bit):3.998469824275267
                                                                Encrypted:false
                                                                SSDEEP:48:8udeTaK5H3WidAKZdA1seh/iZUkAQkqehvy+2:8DfM9Qay
                                                                MD5:162AF5CB866CA5210FCADBD2CE92E0C7
                                                                SHA1:0BFF275F49557EA88671267FC582A67A78EDA4FE
                                                                SHA-256:D6FE9CFCD0BFCC634D2D8FF7BE7A8F8F4EF0E42352F2E8E50F9A081E86380177
                                                                SHA-512:804CD50CD9DD854A72D3C922AF6F0E92A5A06817CD8B6D747E074B8C59A7BB0197768E1D4A01F6192703A56E6E58158695BF3DF9321990A7B49FCB7137CF8AE1
                                                                Malicious:false
                                                                Preview:L..................F.@.. ...$+.,........x...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........K^eO.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2689
                                                                Entropy (8bit):4.004526764497255
                                                                Encrypted:false
                                                                SSDEEP:48:8MdeTaKAH3WidAKZdA14meh7sFiZUkmgqeh7sZy+BX:8RfPnby
                                                                MD5:1413E92934FDB318B1985BACFE85C9C7
                                                                SHA1:D17AF59373D440E34348FC13C2F023F71C72BF73
                                                                SHA-256:D429C8D3421AEFB836F2CE9042038F7336E6634C5C29893EF44AD92BF7E353FD
                                                                SHA-512:0A6BE9114C41F8A9F22F7CF51D9AE46880399783E6228EDDA111EDB1078EB5DC0CD69578B4A5734F95620E12B239DE3DC1D9C7BDAE9E8EDC5EE149C48FBD72B2
                                                                Malicious:false
                                                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........K^eO.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 15:43:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2677
                                                                Entropy (8bit):3.9912207590605613
                                                                Encrypted:false
                                                                SSDEEP:48:8HdeTaK5H3WidAKZdA1TehDiZUkwqehTy+R:8IfHRy
                                                                MD5:7829D46F38E40EE128F309F51E0843A7
                                                                SHA1:BDFC178A9B443A7DD771D9F53EEF31A358348950
                                                                SHA-256:365762C90A4BE7D156B82E13C01D73A21386B736B32F519A84552DD913ACB72A
                                                                SHA-512:4E3BEE113E9EB1A4A06872CD5F2C66A3651154A613EA124902057329B3CCD9901423ED324B2B0713F92ABC370CCF7E4E9C623CBE3CFD73C9574FA5070D11963A
                                                                Malicious:false
                                                                Preview:L..................F.@.. ...$+.,....UC..x...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........K^eO.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 15:43:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2677
                                                                Entropy (8bit):3.9808175553735476
                                                                Encrypted:false
                                                                SSDEEP:48:8sdeTaK5H3WidAKZdA1dehBiZUk1W1qehFy+C:8xfX9ly
                                                                MD5:A7CA31F51AF78AFE75D9EA18367E780F
                                                                SHA1:2F15D7F9061AAE61B8FA8B5C885F9948EA2D98D0
                                                                SHA-256:02E4ED1F10A7A9C5FCA1AF353D524CC75C6103A98C11476057603B4343E9A179
                                                                SHA-512:8061D576F4A0E19177600AFD384D32B94CEE63BB661B7CB8E8BFCD2E0E9B9A3C74491DAA49B68B10684E1544E831092F99CDC7476AA41D148F721535A342576C
                                                                Malicious:false
                                                                Preview:L..................F.@.. ...$+.,....0M..x...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........K^eO.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 15:43:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2679
                                                                Entropy (8bit):3.9929249423120656
                                                                Encrypted:false
                                                                SSDEEP:48:8HdeTaK5H3WidAKZdA1duTeehOuTbbiZUk5OjqehOuTbby+yT+:8IfbTfTbxWOvTbby7T
                                                                MD5:215A7F7BF78D3102F0C28F6E00521C9F
                                                                SHA1:420C75781295D1F314F94B0546C5E4D291B48875
                                                                SHA-256:2085AE6EAA3107597FD20009953116EE61C06015183BEDDB7A2845DCE7E3E227
                                                                SHA-512:3755B5982A2B7D660043A1C3E36BAA1B3AF27431C00C55AC3106F42E34ED91177A4C4B046954D2A1D05BF5FF6484276927DFE0EB0413CD3DED4136A87CCF2070
                                                                Malicious:false
                                                                Preview:L..................F.@.. ...$+.,........x...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xo.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xo.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xo............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xp............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........K^eO.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:Microsoft Outlook email folder (>=2003)
                                                                Category:dropped
                                                                Size (bytes):2302976
                                                                Entropy (8bit):1.440335546118001
                                                                Encrypted:false
                                                                SSDEEP:6144:Sy8+RvXmeg8xwElLqEmc8jhOzzA9Fbpqpsu2zPu:S0RuegFEAEmdjhuUqS
                                                                MD5:BB044B82F799E9E7E764232997F385A2
                                                                SHA1:EE3D9D36F5475B249EC3232A48AA2079F6B0DC05
                                                                SHA-256:754C46E6445A830B146AC3EBBD3FDB8BC6D8C949988966BBDDD6233B78F7F023
                                                                SHA-512:CAF634AE530D24038932277EE408BD1B1D5FC237A44282CF4280CE9A723518B446057084335FB45CFCCAE5D4C8CF0F3401C78736C93ADF209C199A000F2C29B8
                                                                Malicious:false
                                                                Preview:!BDN~.#vSM......\...&....W..............`................@...........@...@...................................@...........................................................................$#......D.......S..................................................................................................................................................................................................................................................................................................................................NL.E.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:DOS executable (COM, 0x8C-variant)
                                                                Category:dropped
                                                                Size (bytes):262144
                                                                Entropy (8bit):7.468336660060387
                                                                Encrypted:false
                                                                SSDEEP:6144:sMtG582ZwkOq283wElCqE0r8jdOzjAfpbpqv4:XtGzZeq2bErE04jd+G
                                                                MD5:A7DC274919F4CE2287CA80EFB1662EB6
                                                                SHA1:77EA2686B7FB299F390AC4EE42D6B14B5F414543
                                                                SHA-256:F87CD6FAE384F92FA90AA430CEF2B0B86CA80A738BE91B6F5A227085B293B3C4
                                                                SHA-512:C736CFB0EFA167F9559B7D27C153AA12F681E2BD62DA8208B37D1C0AF1736FEE45DB1C6F2B09C87F3D0C2564C972DABD70941909D1F963B846EC73867A39D3F7
                                                                Malicious:false
                                                                Preview:.{y.0.................n.x........$............#.................................................................~...........?.......................................................................................................................................................................................................................................................................................................................................................................................................................................r,F..$........y.0.................n.x........B............#.......................................p.................................................................................................................................................................................................................................................................................................................................................................

                                                                Chrome Cache Entry: 194

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):1238
                                                                Entropy (8bit):4.936220115487561
                                                                Encrypted:false
                                                                SSDEEP:24:yYiH0G37S3WEyBF1l/egSQLrLccLDLzKI7Dr97uwyJA9:vibrEyBde7QL3ccLDLzF7Dr8wl9
                                                                MD5:7662C4F20AEFCB6B30286599CEBE18A5
                                                                SHA1:2F7DC06F6EA90CDDAD870D5AA45601807C0BD5CE
                                                                SHA-256:D40ED33A1725CCC71146F9B1E03E59AAB847815E3E3C91C910415B2FCE4A3248
                                                                SHA-512:17A31AE3B38ECF7377D0ADE941296CF23A1D226252D4BA9EA2AEF128C12C42B12E7F78BC00C54CC8B0CB2C8ED8566EBD06B05D242F838C588BE9CC0A9E05D85A
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/SupplierPortal.js
                                                                Preview:.function getQueryString(key) {.. var url = window.location.toString();.. if (url.indexOf("?") > 0) {.. url = url.substr(url.indexOf("?") + 1);.. var queryStringItems = url.split("&");.. for (q = 0; q < queryStringItems.length; q++) {.. if (queryStringItems[q] == "") continue;.. var keyValuePair = queryStringItems[q].split("=");.. if (keyValuePair.length != 2) continue;.. if (keyValuePair[0].toLowerCase() == key.toLowerCase()) {.. return decodeURIComponent(keyValuePair[1].replace(/\+/g, " "));.. }.. }.. }.... return "";..}....function validateMobileNo(mobileNo) {.. if (mobileNo != "") {...if (mobileNo.length >= 8) {....var finalMobileNo = mobileNo.substring(mobileNo.length - 8, mobileNo.length);....if (/^\d{8}$/.test(finalMobileNo)) {.. ..return true;.. .}...}.. .. }.. return false;..}....function validateEmail(email) {.. if (email != "")

                                                                Chrome Cache Entry: 195

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 340 x 336, 8-bit/color RGBA, non-interlaced
                                                                Category:dropped
                                                                Size (bytes):25725
                                                                Entropy (8bit):7.971853802112119
                                                                Encrypted:false
                                                                SSDEEP:768:r6iCKMvoZTT2Hyh+Qe19TBAsfsEj1hFvpizCeiaKHR:BPZTT2Shw19TBAtEJdiznFKx
                                                                MD5:0B10E88D46E82EB78B497233C79EEDCE
                                                                SHA1:9A67DA61EEE5BD875964B4DF0520590F2264122D
                                                                SHA-256:76F975D862C8C75EF1DBA50F37455E019982B93D9948F519BAA313F753659840
                                                                SHA-512:82C675C2DB9BCE74F393ED3BCDD71FBFDF59FAE77D070564F6A31BB2573B16F3987BA8C03D7CCF0AECC33101010E0F9573CFE1B6121C15B3A91565CC936F5EC3
                                                                Malicious:false
                                                                Preview:.PNG........IHDR...T...P.............tEXtSoftware.Adobe ImageReadyq.e<..d.IDATx..].|...-.M...{U:"Mjz.J............@(.(......B ......R.A.bA..[.Iv.{wg.d.....,...7sf&.3g.}..>..db.... .j:.... ..e.`{.t2..;......z:.$..`.V......~$....y....).+.J.Uj..??.>..M\..e....|..@..b.....p...{.(.|..|.Z.7p....{.Y..o.2|.I.;P..g.R....lB..T...=q.+..]b6.......T.V.SW._l.g.c.g..p=.,I)~Lx....x....u..N.g.R....\.&..U.-....S.(.....^^^..r...?.|V.L5k.>u...Vj..Q....$..j..2lYH.T>.@.h._0.S.j.A_Z.......C.5&..Z.f!.....J.8.H..J....f.Q...7.....g....}.....X>.....p\....md.6".....q.......q..u.x...<..p.}.y".............5.d...m.qI.....V...........n.... ..x..$~..`Su..[7o....crA.....-.R....P.....vTJ...a.L.L.....dW.=,.9y..o.>.[.F....OZ2..n......?..k..k<.\0.. ..c}O1....>a]N.6..........$......PG...6..:....}.a.V..............w;..~lT........4....T>6....L.R.O`/L..m..?.4....K....R.....w.>.3q.l....h..5k.S`.x.]g..Dn...vGAX;X+*V..`..l..El.%..`.8u..%y7W.kC..=.5..(Dh..x....'..J.g....K.c.l.3......UE.

                                                                Chrome Cache Entry: 196

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:downloaded
                                                                Size (bytes):52
                                                                Entropy (8bit):4.685922650791795
                                                                Encrypted:false
                                                                SSDEEP:3:eLGiCVdk1sMVbjkTk0Uup1:eLGicYsMJ4
                                                                MD5:5493BE8464F7E8E96DB514CE5FD4D70A
                                                                SHA1:468B1E1EDF3A84BAF997DAA8EE32258CE7D82EAA
                                                                SHA-256:57D2249484EE4F36A7D162A8D529F81CCBA820260055757D639C48CF157C7D79
                                                                SHA-512:55F7687481445E9DAC26A48C34EAC4278ED8F3C7E9DF0CB36068063DD27BE0B9A95C7ECE2043D769D0F871516039F635D5BF381A5111C37F9146671D6679F8D3
                                                                Malicious:false
                                                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgkQ70dmL_EQxhIFDRhUHPsSBQ2qmDegEgUN-wuwSw==?alt=proto
                                                                Preview:CiMKCw0YVBz7GgQIBxgBCgsNqpg3oBoECAkYAQoHDfsLsEsaAA==

                                                                Chrome Cache Entry: 197

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (65447)
                                                                Category:downloaded
                                                                Size (bytes):89664
                                                                Entropy (8bit):5.290543045467053
                                                                Encrypted:false
                                                                SSDEEP:1536:SjjxXUHJnxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBvUsuy8WnKdXwhLQvg:SdeIygP3fulzcsz8jlvaDioQ47GKH
                                                                MD5:00727D1D5D9C90F7DE826F1A4A9CC632
                                                                SHA1:EA61688671D0C3044F2C5B2F2C4AF0A6620AC6C2
                                                                SHA-256:A3CF00C109D907E543BC4F6DBC85EB31068F94515251347E9E57509B52EE3D74
                                                                SHA-512:69528A4518BF43F615FB89A3A0A06C138C771FE0647A0A0CFDE9B8E8D3650AA3539946000E305B78D79F371615EE0894A74571202B6A76B6EA53B89569E64D5C
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/jquery-3.6.1.min.js
                                                                Preview:/*! jQuery v3.6.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                Chrome Cache Entry: 198

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (32131)
                                                                Category:downloaded
                                                                Size (bytes):1750512
                                                                Entropy (8bit):5.25507723530572
                                                                Encrypted:false
                                                                SSDEEP:49152:uPjHgEJPp6y9iBXWQzUMO1S/WQ+ynwCZwHV:/zUb
                                                                MD5:957F1208363646C73D62F73B5286DEDB
                                                                SHA1:84B084D5F8A03EBC81C74F3A6F4DD7C620261982
                                                                SHA-256:61D96902E06EE48E5CD2382A6EFEF264BBED0FF24C9234E5191BD566A8944147
                                                                SHA-512:3A916AB16FAF4E006B0787F3268F28E60E40B2EAAF70496BEE95928D33A0099270F71BB4A4025B5ECF4B79AB5E766D97576CCE5B30ECA5C2EE870D6F528FB11C
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/kendo/kendo.all.min.js
                                                                Preview:/*.* Kendo UI v2014.2.1008 (http://www.telerik.com/kendo-ui).* Copyright 2014 Telerik AD. All rights reserved..*.* Kendo UI commercial licenses may be obtained at.* http://www.telerik.com/purchase/license-agreement/kendo-ui-complete.* If you do not own a commercial license, this file shall be governed by the trial license terms..*/.(function(f,define){define([],f)})(function(){"bundle all";!function(e,t){function n(){}function i(e,t){if(t)return"'"+e.split("'").join("\\'").split('\\"').join('\\\\\\"').replace(/\n/g,"\\n").replace(/\r/g,"\\r").replace(/\t/g,"\\t")+"'";var n=e.charAt(0),i=e.substring(1);return"="===n?"+("+i+")+":":"===n?"+e("+i+")+":";"+e+";o+="}function r(e,t,n){return e+="",t=t||2,n=t-e.length,n?N[t].substring(0,n)+e:e}function o(e){var t=e.css(ft.support.transitions.css+"box-shadow")||e.css("box-shadow"),n=t?t.match(Tt)||[0,0,0,0,0]:[0,0,0,0,0],i=yt.max(+n[3],+(n[4]||0));return{left:-n[1]+i,right:+n[1]+i,bottom:+n[2]+i}}function a(t,n){var i,r,a,s,l,d,c,u,h=kt.browser

                                                                Chrome Cache Entry: 199

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 29 x 29, 8-bit/color RGB, non-interlaced
                                                                Category:dropped
                                                                Size (bytes):180
                                                                Entropy (8bit):5.80019542694008
                                                                Encrypted:false
                                                                SSDEEP:3:yionv//thPloyTtkwMLts7CX9/gm6KpksyxtuGpQScUgl//t1pFGRms8QeNjTj7J:6v/lhP24tkwMR/C+KNuLjjrGRmsdeJjF
                                                                MD5:76E0733CB0AF1A1C3329D851A4D967B0
                                                                SHA1:0EE81D073AB80D41D268A0119EE945F0C2533B76
                                                                SHA-256:2BC0722595481EDC1372C2B578FABE1F1D78F29A9991F89259AEB7CC63517791
                                                                SHA-512:B42984166BFC529CD88BD30FFA0498C693D711E7EEBD6A8303265447A11F25E16D7565B9E0A4578BE02DB58F0DD280623DA41072EA0717384FA8D59CA2BE1BDE
                                                                Malicious:false
                                                                Preview:.PNG........IHDR................X....sRGB.........gAMA......a.....pHYs..........o.d...IIDATHKc...@......F..Z..H.kJT ..AH..(k4|a`4.A.h:...t......F...../...\......Cb.......IEND.B`.

                                                                Chrome Cache Entry: 200

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (9518)
                                                                Category:downloaded
                                                                Size (bytes):9852
                                                                Entropy (8bit):5.1908381425252
                                                                Encrypted:false
                                                                SSDEEP:192:QijkBgqDFxrF9cfLEsbFvzEs/nZRpclQva6Nu0PyZhRey/F+T1DoQYYT9nFD:QijkBgOrC/h7Zva6NuzhRey/F+5Dnpn1
                                                                MD5:12F7266E9E99876F83F581EE17185C82
                                                                SHA1:1EAF9349B68DE5124DCD39590BDF2246C508DA3D
                                                                SHA-256:22983A14CF34C5EDC049F3D94A1B788FF0B4681A3FF3F6FD3646CD137D21F0A7
                                                                SHA-512:A77E62A3D18658B3676407A957C47B837F05A68C23EB8ED6A7FC146CF687878A5C08551FBB2C9F94B2DCFCE1858628D76DD3AEACB5AE7DE096A56CA83BA92CD0
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/kendo/kendo.aspnetmvc.min.js
                                                                Preview:/*.* Kendo UI v2014.2.1008 (http://www.telerik.com/kendo-ui).* Copyright 2014 Telerik AD. All rights reserved..*.* Kendo UI commercial licenses may be obtained at.* http://www.telerik.com/purchase/license-agreement/kendo-ui-complete.* If you do not own a commercial license, this file shall be governed by the trial license terms..*/.!function(e,define){define(["./kendo.data.min","./kendo.combobox.min","./kendo.dropdownlist.min","./kendo.multiselect.min","./kendo.validator.min"],e)}(function(){return function(e,t){function n(t,n,i,r){var o={};return t.sort?(o[this.options.prefix+"sort"]=e.map(t.sort,function(e){return e.field+"-"+e.dir}).join("~"),delete t.sort):o[this.options.prefix+"sort"]="",t.page&&(o[this.options.prefix+"page"]=t.page,delete t.page),t.pageSize&&(o[this.options.prefix+"pageSize"]=t.pageSize,delete t.pageSize),t.group?(o[this.options.prefix+"group"]=e.map(t.group,function(e){return e.field+"-"+e.dir}).join("~"),delete t.group):o[this.options.prefix+"group"]="",t.aggre

                                                                Chrome Cache Entry: 201

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
                                                                Category:downloaded
                                                                Size (bytes):25350
                                                                Entropy (8bit):7.9841635737224825
                                                                Encrypted:false
                                                                SSDEEP:768:xRV8lj58M0SX54InIY9S27VzdH14e7wlO3FlmSs:1S30SJ4InyCa3lO3Flmj
                                                                MD5:4DD04B05307BE4A824975B4938C249F9
                                                                SHA1:C32DC91172336D957A1F407E8BA07BDD8FB6AD1A
                                                                SHA-256:03AB5D238898701915C557B8CF786095F6039EE17AB159D4408B40D2FC445795
                                                                SHA-512:DF742A13908621C830FD4D1B960C55B964C5EB0F07DAF7D67B5C6F437777AB5760BF134C3C43A6C08476FC1101213188D8058592B5B44043573AECC6D0161C02
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/Images/applogo.png
                                                                Preview:.PNG........IHDR...x...x.....9d6.....sRGB.........gAMA......a...b.IDATx^...eWu.*.{+..;...n.$!.....36A..1.3N..7c<c..c..c.......ju...+.n.z.o.{......%y..{.q..7......^.....F..#.......a..0....?...>....7~.._NL..X....HKIY.H.,H..........WJ.RRR.3..@.o....~..|..>KNN...$KLL.....FGG...D,.3....`.FF.6<2b...#6.........z.g..........;u........u....]....5{..j..).=..=....u.<.{...w.~?'....9.9......^~.I~g...}5.p..j|.'>....~./..M..&.%...}5!1.....IyI......7p...S.]zr51P.^.._...c.(..c...'...(.sz.]<.....7.....I??.......A..{M..{....w.z.x..7. ....-...E&k....W;::._.L...|.>......_1.?..H.......VT.o9.Y...'...x%....Y.t4E4.t.Y.w..uv0.. ... ....mXg8d.'.n..(Z@.hR%%%XZF&g.%#..E.H.F..-..Y..jy..VUUes.....~#.V.."....0.Q^^..J.{.*......%.}.D..H..=.......WzM..??......`o..ut....x..q........Q...G-.l.y9...o..u2.'...Pp...{m.....,...Xt.*....dK.,s....;0C..?g..^.\3...9.tv.......M.7g..[....~%.........u'..*?.I0 ....v@.t..$........y..l:$..T.e..rr..di..~.F....!.'...Fb.a...G.....~.U.x.....|.....;v.

                                                                Chrome Cache Entry: 202

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (3704)
                                                                Category:downloaded
                                                                Size (bytes):3844
                                                                Entropy (8bit):5.134886341438832
                                                                Encrypted:false
                                                                SSDEEP:96:m+ijDOc41cHAx1ToGH/tBFR0Twy/bPwhS8QQ8CtKcZqOe787lXgDH8DILAg3:m+ih4L/ToGH/t3R0TVUhS8QQ8CtKQqOc
                                                                MD5:DE486A6852828DE84E85AA15B792E424
                                                                SHA1:570E1AFEB33EB4DF3339B6497CABE33DB47FB788
                                                                SHA-256:8BE4750EE4C973A07CE989BC481E8A1F1E37D7BECE26FA960D5D98C7122E0494
                                                                SHA-512:7483DF61E9A7A09CE06D878E19636C24AB764D1B1F21F6BAA1CCF5E3B89D5ED42C683AAC55EAA7DF679512FAFF196D1706D266579B6A7CBB12A412F916AC02C7
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/jquery.validate.unobtrusive.min.js
                                                                Preview:/*.** Unobtrusive validation support library for jQuery and jQuery Validate.** Copyright (C) Microsoft Corporation. All rights reserved..*/.(function(a){var d=a.validator,b,f="unobtrusiveValidation";function c(a,b,c){a.rules[b]=c;if(a.message)a.messages[b]=a.message}function i(a){return a.replace(/^\s+|\s+$/g,"").split(/\s*,\s*/g)}function g(a){return a.substr(0,a.lastIndexOf(".")+1)}function e(a,b){if(a.indexOf("*.")===0)a=a.replace("*.",b);return a}function l(c,d){var b=a(this).find("[data-valmsg-for='"+d[0].name+"']"),e=a.parseJSON(b.attr("data-valmsg-replace"))!==false;b.removeClass("field-validation-valid").addClass("field-validation-error");c.data("unobtrusiveContainer",b);if(e){b.empty();c.removeClass("input-validation-error").appendTo(b)}else c.hide()}function k(e,d){var c=a(this).find("[data-valmsg-summary=true]"),b=c.find("ul");if(b&&b.length&&d.errorList.length){b.empty();c.addClass("validation-summary-errors").removeClass("validation-summary-valid");a.each(d.errorList,funct

                                                                Chrome Cache Entry: 203

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):602
                                                                Entropy (8bit):4.440419871616921
                                                                Encrypted:false
                                                                SSDEEP:12:sL7GctEc2hkGxFEvvF2wvF2R08G6WEvvF2wvFFWiIQGnvvF2wvFFyF2R0WiXTf6y:su5xav3vYCh6Bv3vXUlvv3vGYCNDiuLh
                                                                MD5:22AAF3AAB75983A0199E43FED27C7A27
                                                                SHA1:64C104C4DA2144B8A3534313E02CDF79B003C6C8
                                                                SHA-256:138BDA4B94672B403A73FFDB410CB27E122C9ABEAAA5A6DB686A37F94D7A9A76
                                                                SHA-512:8AC88AB9DBFCB59F19983A241EB0F7B0ED42FBBE63C439E86DFFD3623C06F05E57B832BB6E19B5B5CC8C31CAF982F8DA0C30149D6BF89F96C32267BDF50C87A9
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/dialog-window.css
                                                                Preview:.div.dialog-content..{.. position: absolute;.. top: 10px;.. left: 10px;.. right: 10px;.. bottom: 10px;..}....div.dialog-header..{.. position: absolute;.. top: 0px;.. left: 0px;.. right: 0px;.. height: 40px;..}....div.dialog-body..{.. position: absolute;.. top: 40px;.. left: 0px;.. right: 0px;.. bottom: 40px;.. overflow: auto;..}....div.dialog-commands..{.. position: absolute;.. left: 0px;.. right: 0px;.. bottom: 0px;.. height: 40px;.. text-align: center;..}.....dialog-title..{.. font-size: 16pt;.. font-weight: bold; ..}

                                                                Chrome Cache Entry: 204

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):5542
                                                                Entropy (8bit):4.948295222016391
                                                                Encrypted:false
                                                                SSDEEP:96:KgCdlh8iI/hQ4OC+J++QuT+YH+t2zlDfgDMFS88k8niX4VwBAjcB:w6/CCwhQuTxHw2p8w0Ti8wBecB
                                                                MD5:941F1A03B16649938876037078E41B1A
                                                                SHA1:B1235911EA8F936F25F67D5301D5C484D530736D
                                                                SHA-256:3FA260876EA3B0608E0398158FCE69DB8ED38E1BC90DAF25FF5243E07D15FBF9
                                                                SHA-512:CBEF195204BAAA3C84B941A2711162008E4A91BC5C53CA43F1679DE37E0255E7777801F23B96D9D50BE1F792F9DFB2369AC5012727EE70239CA0DD644AFE97AB
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/main.js
                                                                Preview:...function cancelBubble(evt) {.. if (window.event).. window.event.cancelBubble = true;.. else.. evt.stopPropagation();..}....function cancelEvent(evt) {.. if (window.event) {.. window.event.returnValue = false;.. window.event.cancelBubble = true;.. }.. else {.. evt.returnValue = false;.. evt.stopPropagation();.. evt.preventDefault();.. }..}....function centerElement(windowId) {.. var win = $("#" + windowId);.. if (win != null) {.. if (typeof win.center != "function") {.. alert("Function center is undefined.");.. }.. else {.. win.center();.. win.show();.. }.. }.. else {.. alert("'" + windowId + "' does not exist.");.. }..}....function centerKendoWindow(windowId) {.. var win = $("#" + windowId);.. if (win != null) {.. win.data("kendoWindow").center();.. }.. else {.. alert("'" + windowId + "' does not exist.");..

                                                                Chrome Cache Entry: 205

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
                                                                Category:dropped
                                                                Size (bytes):25350
                                                                Entropy (8bit):7.9841635737224825
                                                                Encrypted:false
                                                                SSDEEP:768:xRV8lj58M0SX54InIY9S27VzdH14e7wlO3FlmSs:1S30SJ4InyCa3lO3Flmj
                                                                MD5:4DD04B05307BE4A824975B4938C249F9
                                                                SHA1:C32DC91172336D957A1F407E8BA07BDD8FB6AD1A
                                                                SHA-256:03AB5D238898701915C557B8CF786095F6039EE17AB159D4408B40D2FC445795
                                                                SHA-512:DF742A13908621C830FD4D1B960C55B964C5EB0F07DAF7D67B5C6F437777AB5760BF134C3C43A6C08476FC1101213188D8058592B5B44043573AECC6D0161C02
                                                                Malicious:false
                                                                Preview:.PNG........IHDR...x...x.....9d6.....sRGB.........gAMA......a...b.IDATx^...eWu.*.{+..;...n.$!.....36A..1.3N..7c<c..c..c.......ju...+.n.z.o.{......%y..{.q..7......^.....F..#.......a..0....?...>....7~.._NL..X....HKIY.H.,H..........WJ.RRR.3..@.o....~..|..>KNN...$KLL.....FGG...D,.3....`.FF.6<2b...#6.........z.g..........;u........u....]....5{..j..).=..=....u.<.{...w.~?'....9.9......^~.I~g...}5.p..j|.'>....~./..M..&.%...}5!1.....IyI......7p...S.]zr51P.^.._...c.(..c...'...(.sz.]<.....7.....I??.......A..{M..{....w.z.x..7. ....-...E&k....W;::._.L...|.>......_1.?..H.......VT.o9.Y...'...x%....Y.t4E4.t.Y.w..uv0.. ... ....mXg8d.'.n..(Z@.hR%%%XZF&g.%#..E.H.F..-..Y..jy..VUUes.....~#.V.."....0.Q^^..J.{.*......%.}.D..H..=.......WzM..??......`o..ut....x..q........Q...G-.l.y9...o..u2.'...Pp...{m.....,...Xt.*....dK.,s....;0C..?g..^.\3...9.tv.......M.7g..[....~%.........u'..*?.I0 ....v@.t..$........y..l:$..T.e..rr..di..~.F....!.'...Fb.a...G.....~.U.x.....|.....;v.

                                                                Chrome Cache Entry: 206

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Unicode text, UTF-8 text, with very long lines (14656), with CRLF, LF line terminators
                                                                Category:downloaded
                                                                Size (bytes):25614
                                                                Entropy (8bit):5.19342415156933
                                                                Encrypted:false
                                                                SSDEEP:768:PtpHJrx0o6d9z16oc8eDTW3vnyV9msz7aH0z30:Xv0o6d9z16oc8aTW3vnyV9IHj
                                                                MD5:A39AA7A120DC457A7158F93300343080
                                                                SHA1:6018E711893B3EB94D69FB7BF8151389D1B907B7
                                                                SHA-256:98D9D777AD9FD96F2CFA6FD75A199B4D6A1AD7BAB792A7DDCB73212F8DC12B57
                                                                SHA-512:D828375397C80563CDD7834226F5CE8E8AB0C8D03C13B29CBB6EF48FE5CF202FA0A4FC64948BE021BEC2014FF8A65D4A06C1410684EB989BBA2F4F6441DF7100
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/jquery.validate.min.js
                                                                Preview:/*. * Note: While Microsoft is not the author of this file, Microsoft is.. * offering you a license subject to the terms of the Microsoft Software.. * License Terms for Microsoft ASP.NET Model View Controller 3... * Microsoft reserves all other rights. The notices below are provided.. * for informational purposes only and are not the license terms under.. * which Microsoft distributed this file... *. * jQuery validation plug-in 1.7. *. * http://bassistance.de/jquery-plugins/jquery-plugin-validation/. * http://docs.jquery.com/Plugins/Validation. *. * Copyright (c) 2006 - 2008 J.rn Zaefferer. *. * $Id: jquery.validate.js 6403 2009-06-17 14:27:16Z joern.zaefferer $. *. */.(function($){$.extend($.fn,{validate:function(options){if(!this.length){options&&options.debug&&window.console&&console.warn("nothing selected, can't validate, returning nothing");return;}var validator=$.data(this[0],'validator');if(validator){return validator;}validator=new $.validator(options,this[0]);$.data(this[0],'

                                                                Chrome Cache Entry: 207

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (13326)
                                                                Category:downloaded
                                                                Size (bytes):13424
                                                                Entropy (8bit):5.261709214397548
                                                                Encrypted:false
                                                                SSDEEP:192:arprDN+e3IUefKSfI0bP1CMjt9kdgOFWIa/aC3+sZv9LRM:arprx6PfK2P1CMjt8FWIa2sZVi
                                                                MD5:5CFA2B481DE6E87C2190A0E3538515D8
                                                                SHA1:0FCCF3C8AB2C10B4DCC7970E64CE997AB1622F68
                                                                SHA-256:9810AEE7E6D57D8CCEAA96322B88E6DF46710194689AE12B284149148CABC2F3
                                                                SHA-512:51C4C1DBAF330EA0F6852659CB0FE53434F6ED64460D6039921DD8E82F7A0663EEBFB7377DC7E12827D77FF31A5AFEE964EEA91DA8C75FA942ACF6D596EF430F
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/jquery-migrate-3.4.0.min.js
                                                                Preview:/*! jQuery Migrate v3.4.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)||[],o=r.exec(t)||[],a=1;a<=3;a++){if(+n[a]>+o[a])return 1;if(+n[a]<+o[a])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.4.0";var t=Object.create(null),o=(s.migrateDisablePatches=function(){for(var e=0;e<arguments.length;e++)t[arguments[e]]=!0},s.migrateEnablePatches=function(){for(var e=0;e<arguments.length;e++)delete t[arguments[e]]},s.migrateIsPatchEnabled=function(e){return!t[e]},n.console&&n.console.log&&(s&&e("3.0.0")||n.console.log("JQMIGRATE: jQuery 3.0.0+ REQUIRED"),s.migrateWarnings&&n.console

                                                                Chrome Cache Entry: 208

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (11738)
                                                                Category:downloaded
                                                                Size (bytes):11931
                                                                Entropy (8bit):5.395501265689811
                                                                Encrypted:false
                                                                SSDEEP:192:3mbPGYF2UQfxDisjQlJlQG1lVe/+9THerTXAGg8jOILB:3aPP2UQ51QlJlBlU/+9yDAQtB
                                                                MD5:34F9525653CE189D212A4C56C9D5E4B7
                                                                SHA1:A5160142DEB280F067BD96B287B96CE792574A0D
                                                                SHA-256:4E9CD283CD8D3E79DE3138DC0991430C01A6B14788C7B5025DCBDFF3D136BC9D
                                                                SHA-512:7A8361190577039EC54F0BCEC0BC473CBEB84E654514C1785A92F79DAC3963928645C7BA23AC0A380D2031CD0188757F901BFE7A3F135F08BD4DFE554D60A2DD
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/jquery.cluetip.min.js
                                                                Preview:/*!. * clueTip - v1.2.10 - 2013-09-29. * http://plugins.learningjquery.com/cluetip/. * Copyright (c) 2013 Karl Swedberg. * Licensed MIT (http://www.opensource.org/licenses/mit-license.php). */.(function(t){t.cluetip={version:"1.2.10",template:["<div>",'<div class="cluetip-outer">','<h3 class="cluetip-title ui-widget-header ui-cluetip-header"></h3>','<div class="cluetip-inner ui-widget-content ui-cluetip-content"></div>',"</div>",'<div class="cluetip-extra"></div>',"</div>"].join(""),setup:{insertionType:"appendTo",insertionElement:"body"},defaults:{multiple:!1,width:275,height:"auto",cluezIndex:97,positionBy:"auto",topOffset:15,leftOffset:15,snapToEdge:!1,local:!1,localPrefix:null,louserdSuffix:null,hideLocal:!0,attribute:"rel",titleAttribute:"title",splitTitle:"",escapeTitle:!1,showTitle:!0,cluetipClass:"default",hoverClass:"",waitImage:!0,cursor:"help",arrows:!1,dropShadow:!0,dropShadowSteps:6,sticky:!1,mouseOutClose:!1,delayedClose:50,activation:"hover",clickThrough:!0,tracking:!1,c

                                                                Chrome Cache Entry: 209

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Unicode text, UTF-8 text, with very long lines (1217)
                                                                Category:downloaded
                                                                Size (bytes):1552
                                                                Entropy (8bit):5.206671091562328
                                                                Encrypted:false
                                                                SSDEEP:24:SLZLRvdPzaEm1jraaNSiI1y6wOPud3Rg6HlJ9qg9J0JGrdGOEPzEiSfLgqSJ3:SLFRlmLbMV15G3Rgcc6sOEPzExTgqSJ3
                                                                MD5:3D78C8353A53B5265E7E6A26DEDD30D1
                                                                SHA1:6E4B6178DFA93BC399BCF21C41F17B581CCEB544
                                                                SHA-256:26B6495E80E1FF14797B3E99EE09D10CCAAD8CA862788F84D246226755528507
                                                                SHA-512:29DD058934162ECF704456F00B811BEE3E44841BC73FB4E527D81B774D818F376872750A601AA128F0753B7361145DC0A6700A44E0F3E0EB9BF1AC1E65CF576B
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Scripts/kendo/cultures/kendo.culture.en-GB.min.js
                                                                Preview:/*.* Kendo UI v2014.2.1008 (http://www.telerik.com/kendo-ui).* Copyright 2014 Telerik AD. All rights reserved..*.* Kendo UI commercial licenses may be obtained at.* http://www.telerik.com/purchase/license-agreement/kendo-ui-complete.* If you do not own a commercial license, this file shall be governed by the trial license terms..*/.!function(e,define){define([],e)}(function(){return function(e){var t=e.kendo||(e.kendo={cultures:{}});t.cultures["en-GB"]={name:"en-GB",numberFormat:{pattern:["-n"],decimals:2,",":",",".":".",groupSize:[3],percent:{pattern:["-n %","n %"],decimals:2,",":",",".":".",groupSize:[3],symbol:"%"},currency:{pattern:["-$n","$n"],decimals:2,",":",",".":".",groupSize:[3],symbol:"."}},calendars:{standard:{days:{names:["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"],namesAbbr:["Sun","Mon","Tue","Wed","Thu","Fri","Sat"],namesShort:["Su","Mo","Tu","We","Th","Fr","Sa"]},months:{names:["January","February","March","April","May","June","July","August

                                                                Chrome Cache Entry: 210

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 29 x 29, 8-bit/color RGB, non-interlaced
                                                                Category:downloaded
                                                                Size (bytes):180
                                                                Entropy (8bit):5.80019542694008
                                                                Encrypted:false
                                                                SSDEEP:3:yionv//thPloyTtkwMLts7CX9/gm6KpksyxtuGpQScUgl//t1pFGRms8QeNjTj7J:6v/lhP24tkwMR/C+KNuLjjrGRmsdeJjF
                                                                MD5:76E0733CB0AF1A1C3329D851A4D967B0
                                                                SHA1:0EE81D073AB80D41D268A0119EE945F0C2533B76
                                                                SHA-256:2BC0722595481EDC1372C2B578FABE1F1D78F29A9991F89259AEB7CC63517791
                                                                SHA-512:B42984166BFC529CD88BD30FFA0498C693D711E7EEBD6A8303265447A11F25E16D7565B9E0A4578BE02DB58F0DD280623DA41072EA0717384FA8D59CA2BE1BDE
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/Images/mobilemenu.png
                                                                Preview:.PNG........IHDR................X....sRGB.........gAMA......a.....pHYs..........o.d...IIDATHKc...@......F..Z..H.kJT ..AH..(k4|a`4.A.h:...t......F...../...\......Cb.......IEND.B`.

                                                                Chrome Cache Entry: 211

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):13950
                                                                Entropy (8bit):4.5368476479711735
                                                                Encrypted:false
                                                                SSDEEP:192:wMpVsXQFqNKqQ4ZIp90R1pdc+nDdedmSWQSXgj8YbmR:YUqBupOXT
                                                                MD5:80744241258A30671C761A9208B5595A
                                                                SHA1:A7E20488505719412F084152A5BB3E2F5DA0C854
                                                                SHA-256:B47B4C96422768CD91F8B0C60B4E9447A20F54F23B140A95382C8560D41FDA33
                                                                SHA-512:9424D7A33AE25AE14B575882D46AAF37AC93BB515ACC6FA6BC073992A847B7BF8BFABECA4BC7925C78FF6D18B716F5C01FF5EAA7698071E1AAE5D6E8D7D6A183
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/Site.css
                                                                Preview:.html {.. background-color: #e2e2e2;.. margin: 0;.. padding: 0;..}....body {.. background-color: #fff;.. /* border-top: solid 10px #000; */.. color: #333;.. font-size: .85em;.. font-family: "Segoe UI", Verdana, Helvetica, Sans-Serif;.. margin: 0;.. padding: 0;..}....a {.. color: #333;.. outline: none;.. padding-left: 3px;.. padding-right: 3px;.. text-decoration: underline;..}.... a:link, a:visited,.. a:active, a:hover {.. color: #333;.. }.... a:hover {.. background-color: #c7d1d6;.. }....header, footer, hgroup,..nav, section {.. display: block;..}....mark {.. background-color: #a6dbed;.. padding-left: 5px;.. padding-right: 5px;..}.....float-left {.. float: left;..}.....float-right {.. float: right;..}.....clear-fix:after {.. content: ".";.. clear: both;.. display: block;.. height: 0;.. visibility: hidden;..}....h1, h2, h3,..h4, h5, h6 {.. color: #000;.. margin-bottom: 0;..

                                                                Chrome Cache Entry: 212

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (36046)
                                                                Category:downloaded
                                                                Size (bytes):36380
                                                                Entropy (8bit):4.972424492632804
                                                                Encrypted:false
                                                                SSDEEP:384:Q8YjS/zDETO/NAEJYT2pJpT8xLyCVQRmXjbTKpMPK2pB9YoVbyHtJk7I:Q8YjS/zDEK/N9SxLyCVI66pMPwHh
                                                                MD5:4B6A7820C407AB84423211CFB911978F
                                                                SHA1:B0971F4538F6F9A9A67875374A0220C38B206F70
                                                                SHA-256:A0F45AE22DD490757FB3326EDDE9E6073E3C5C1887A6E22AE03A0EDA8DA7E5F9
                                                                SHA-512:3BAB765BE9430A65BDD3401E48B226DDFE56E7CE6DF9A343BCEAE4DAAE5A995420C445E298A34B084215BF88F82F702CF451CC9253C8359EBEED5DB0BA6A9D07
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/kendo/kendo.default.min.css
                                                                Preview:/*.* Kendo UI v2014.2.1008 (http://www.telerik.com/kendo-ui).* Copyright 2014 Telerik AD. All rights reserved..*.* Kendo UI commercial licenses may be obtained at.* http://www.telerik.com/purchase/license-agreement/kendo-ui-complete.* If you do not own a commercial license, this file shall be governed by the trial license terms..*/..k-in,.k-item,.k-window-action{border-color:transparent}.k-block,.k-widget{background-color:#fff}.k-block,.k-widget,.k-input,.k-textbox,.k-group,.k-content,.k-header,.k-filter-row>th,.k-editable-area,.k-separator,.k-colorpicker .k-i-arrow-s,.k-textbox>input,.k-autocomplete,.k-dropdown-wrap,.k-toolbar,.k-group-footer td,.k-grid-footer,.k-footer-template td,.k-state-default,.k-state-default .k-select,.k-state-disabled,.k-grid-header,.k-grid-header-wrap,.k-grid-header-locked,.k-grid-footer-locked,.k-grid-content-locked,.k-grid td,.k-grid td.k-state-selected,.k-grid-footer-wrap,.k-pager-wrap,.k-pager-wrap .k-link,.k-pager-refresh,.k-grouping-header,.k-grouping-h

                                                                Chrome Cache Entry: 213

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):3346
                                                                Entropy (8bit):5.092257107801661
                                                                Encrypted:false
                                                                SSDEEP:96:vT+3sq2ixgj/7H6qiPfhHV6k2ZeW9oIRrwE:va3sqLxgj/b+HRdIRrr
                                                                MD5:A083513746AD6508FF3E42FE3CDE9FB8
                                                                SHA1:8F2022D8487DD1832CDC02C0FEBAAC0A6D165AB4
                                                                SHA-256:E1BD8C84AF706B6D51DACEB0FAB9B0987E9323F0921D52DDEDB5021FABFA9635
                                                                SHA-512:7939E9ED460AD11DEB8B8F229C7499AF58BE0EBB6C9FC0D1F9DAE784C091F9FDDB17ECEBAC01C0B25EE06AC7F9AB5293B1F165B463F66B43C24839C1DAA0FC41
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/jquery.cluetip.css
                                                                Preview:<!DOCTYPE html>..<html>.. <head>.. <title>The resource cannot be found.</title>.. <meta name="viewport" content="width=device-width" />.. <style>.. body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;} .. p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}.. b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}.. H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }.. H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }.. pre {font-family:"Consolas","Lucida Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}.. .marker {font-weight: bold; color: black;text-decoration: none;}.. .version {color: gray;}.. .error {margin-bottom: 10px;}.. .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:pointer; }.. @media screen and (max-width

                                                                Chrome Cache Entry: 214

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (65202)
                                                                Category:downloaded
                                                                Size (bytes):183299
                                                                Entropy (8bit):4.9413661303608905
                                                                Encrypted:false
                                                                SSDEEP:1536:JeXFBrK7r4nGedxPIF/WNZElVU/4eDrT9beeGdrDMjoe3pZAG:leGVp3G
                                                                MD5:351FB9E0D2C19C676A8B33D503498E2C
                                                                SHA1:E2DA6DA9B3A42BEC1EAA31406E2352A3D1BC8F89
                                                                SHA-256:3FD58F502057DB07C6A2FA1EEEB1F2AB3CC7CADF775BB998B57A9659375F9E0B
                                                                SHA-512:93020178153CBBAFA59A520ABAA73839A6A80A5D08855DB108D39467B90C100969EC1C574D7D4BCF71D8AF65C4D3C7E08495F64ED4FB11802EB450953E362013
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/kendo/kendo.common.min.css
                                                                Preview:/*.* Kendo UI v2014.2.1008 (http://www.telerik.com/kendo-ui).* Copyright 2014 Telerik AD. All rights reserved..*.* Kendo UI commercial licenses may be obtained at.* http://www.telerik.com/purchase/license-agreement/kendo-ui-complete.* If you do not own a commercial license, this file shall be governed by the trial license terms..*/..fake{color:red}.k-reset{margin:0;padding:0;border:0;outline:0;text-decoration:none;font-size:100%;list-style:none}.k-floatwrap:after,.k-slider-items:after,.k-grid-toolbar:after{content:"";display:block;clear:both;visibility:hidden;height:0;overflow:hidden}.k-floatwrap,.k-slider-items,.k-grid-toolbar{display:inline-block}.k-floatwrap,.k-slider-items,.k-grid-toolbar{display:block}.k-block,.k-button,.k-header,.k-grid-header,.k-toolbar,.k-grouping-header,.k-tooltip,.k-pager-wrap,.k-tabstrip-items .k-item,.k-link.k-state-hover,.k-textbox,.k-textbox:hover,.k-autocomplete,.k-dropdown-wrap,.k-picker-wrap,.k-numeric-wrap,.k-autocomplete.k-state-hover,.k-dropdown-wra

                                                                Chrome Cache Entry: 215

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (9881)
                                                                Category:downloaded
                                                                Size (bytes):10215
                                                                Entropy (8bit):4.750430596494177
                                                                Encrypted:false
                                                                SSDEEP:192:QnyQXDCwz8K5YQ+/dvE4TYt+dJEgTKTvRWimZ+apF4zGG8et:QnyQTCzeYL/dvE4TYt+JEgTKTvRWnNPU
                                                                MD5:F6152F7B56235A174EC847E55AD34409
                                                                SHA1:D2982AA3C27668EF7328FBC75C7353B99BB17013
                                                                SHA-256:5A9A5566EADE6DC675CFA68C19D025E3500E2AA6D7E848C137669DD11F2BF6F8
                                                                SHA-512:93A8157FFC8ABC103F1E17A45A6C108E96217E2EF8F34A81591724C69AFE2746B79BBC1C792C698FE49F9BDC02A14FDB06E487B2E03377D3D62EBAA9C6941399
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/kendo/kendo.rtl.min.css
                                                                Preview:/*.* Kendo UI v2014.2.1008 (http://www.telerik.com/kendo-ui).* Copyright 2014 Telerik AD. All rights reserved..*.* Kendo UI commercial licenses may be obtained at.* http://www.telerik.com/purchase/license-agreement/kendo-ui-complete.* If you do not own a commercial license, this file shall be governed by the trial license terms..*/..k-rtl{direction:rtl}.k-rtl .k-autocomplete .k-loading,.k-rtl .k-multiselect .k-loading{right:auto;left:3px}.k-rtl .k-button-icontext .k-icon,.k-rtl .k-button-icontext .k-image{margin-right:-.2rem;margin-left:.2rem}.k-rtl .k-dropdown-wrap,.k-rtl .k-picker-wrap,.k-rtl .k-numeric-wrap{padding-right:0;padding-left:1.9em}.k-rtl .k-numeric-wrap.k-expand-padding{padding-left:0}.k-rtl .k-datetimepicker .k-picker-wrap{padding-right:0;padding-left:3.8em}.k-rtl span.k-picker-wrap .k-select,.k-rtl .k-numeric-wrap .k-select,.k-rtl .k-dropdown-wrap .k-select{right:auto;left:0;border-width:0 1px 0 0}.k-rtl .k-dropdown-wrap .k-input,.k-rtl .k-picker-wrap .k-input,.k-rtl .k

                                                                Chrome Cache Entry: 216

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):1245
                                                                Entropy (8bit):5.462849750105637
                                                                Encrypted:false
                                                                SSDEEP:24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
                                                                MD5:5343C1A8B203C162A3BF3870D9F50FD4
                                                                SHA1:04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
                                                                SHA-256:DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
                                                                SHA-512:E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/favicon.ico
                                                                Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

                                                                Chrome Cache Entry: 217

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:HTML document, ASCII text, with very long lines (867), with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):22872
                                                                Entropy (8bit):4.758817468421598
                                                                Encrypted:false
                                                                SSDEEP:384:HAYoSKP0DD2YTfPgWuOlx5rDl795AhpG1:WXPa2YTfPgWuOlrl795AI
                                                                MD5:5006EE8C047E157565B2A57FE588DB80
                                                                SHA1:0357C50A375117E45DDD65B84657F57BBBBF34F3
                                                                SHA-256:72A3FC241A8E7DE887F9B12B65F1E0FE462CEA872BF72F4829253A7584A1F29C
                                                                SHA-512:8E493315EDC1039363D5276A421EAFDBA2905F13BDDCD21163994A190A66614D010EA05A76D2063438CF537C0C3E0A20C5BA74BAC8AC8540BDD52A720C2E2CE6
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?sid=732b52e0-73cf-4307-b156-81fb10fbdb28&enc=20ADE221D3ACAC68BCB8A062575F01B5B2C412DEA468C864C57B7DF6E845C68CC237468EE52EE58B8255551025EC0B65849C2C1CE6B6023646A6B4AB5C53930E30BA5E14F9B6240EA9A4DCCF0AE46D91
                                                                Preview:<!DOCTYPE html>..<html xmlns="http://www.w3.org/1999/xhtml">..<head>.... <title>DSO Supplier / Contractor Portal</title> .. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.... <link href="/SupplierPortal/Content/kendo/kendo.common.min.css" rel="stylesheet" type="text/css" />.. <link href="/SupplierPortal/Content/kendo/kendo.default.min.css" rel="stylesheet" type="text/css" />.. <link href="/SupplierPortal/Content/kendo/kendo.rtl.min.css" rel="stylesheet" type="text/css" />.. <link href="/SupplierPortal/Content/jquery.cluetip.css" rel="stylesheet" type="text/css" />.. <link href="/SupplierPortal/Content/dialog-window.css" rel="stylesheet" type="text/css" />.. <link href="/SupplierPortal/Content/Site.css" rel="stylesheet" type="text/css" />.. <link href="/SupplierPortal/Content/SupplierPortal.css" rel="stylesheet" type="text/css" />.... .. <script src="/SupplierPortal/Scripts/jquery-migrate-3.4.0.min.js"></script>.. <script src="/SupplierPorta

                                                                Chrome Cache Entry: 218

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 340 x 336, 8-bit/color RGBA, non-interlaced
                                                                Category:downloaded
                                                                Size (bytes):25725
                                                                Entropy (8bit):7.971853802112119
                                                                Encrypted:false
                                                                SSDEEP:768:r6iCKMvoZTT2Hyh+Qe19TBAsfsEj1hFvpizCeiaKHR:BPZTT2Shw19TBAtEJdiznFKx
                                                                MD5:0B10E88D46E82EB78B497233C79EEDCE
                                                                SHA1:9A67DA61EEE5BD875964B4DF0520590F2264122D
                                                                SHA-256:76F975D862C8C75EF1DBA50F37455E019982B93D9948F519BAA313F753659840
                                                                SHA-512:82C675C2DB9BCE74F393ED3BCDD71FBFDF59FAE77D070564F6A31BB2573B16F3987BA8C03D7CCF0AECC33101010E0F9573CFE1B6121C15B3A91565CC936F5EC3
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/kendo/Default/sprite.png
                                                                Preview:.PNG........IHDR...T...P.............tEXtSoftware.Adobe ImageReadyq.e<..d.IDATx..].|...-.M...{U:"Mjz.J............@(.(......B ......R.A.bA..[.Iv.{wg.d.....,...7sf&.3g.}..>..db.... .j:.... ..e.`{.t2..;......z:.$..`.V......~$....y....).+.J.Uj..??.>..M\..e....|..@..b.....p...{.(.|..|.Z.7p....{.Y..o.2|.I.;P..g.R....lB..T...=q.+..]b6.......T.V.SW._l.g.c.g..p=.,I)~Lx....x....u..N.g.R....\.&..U.-....S.(.....^^^..r...?.|V.L5k.>u...Vj..Q....$..j..2lYH.T>.@.h._0.S.j.A_Z.......C.5&..Z.f!.....J.8.H..J....f.Q...7.....g....}.....X>.....p\....md.6".....q.......q..u.x...<..p.}.y".............5.d...m.qI.....V...........n.... ..x..$~..`Su..[7o....crA.....-.R....P.....vTJ...a.L.L.....dW.=,.9y..o.>.[.F....OZ2..n......?..k..k<.\0.. ..c}O1....>a]N.6..........$......PG...6..:....}.a.V..............w;..~lT........4....T>6....L.R.O`/L..m..?.4....K....R.....w.>.3q.l....h..5k.S`.x.]g..Dn...vGAX;X+*V..`..l..El.%..`.8u..%y7W.kC..=.5..(Dh..x....'..J.g....K.c.l.3......UE.

                                                                Chrome Cache Entry: 219

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):8951
                                                                Entropy (8bit):4.7593813297703225
                                                                Encrypted:false
                                                                SSDEEP:192:ORhYoPfo2AiWSXagRZbTa1qYXxMWZoIpJRWZ:cPa8v+Pi
                                                                MD5:FFB6221494F5FE2D1CB291E196DD0744
                                                                SHA1:192F5F786E52D74CA3F0305FBAE20BCAF78E8498
                                                                SHA-256:919100B39B643AEDA7A7A245B9099160C04471ABB1700F65B963640E99CF5397
                                                                SHA-512:1CD9D52487B7E56989214777D420DA4AE3AD33613663C9D4A4DF670ED9AB0CD83805E5A1074FB1E7F21998E894D03B9D9C7D00195CA993278F735572B0BAC69D
                                                                Malicious:false
                                                                URL:https://extapp.dso.org.sg/SupplierPortal/Content/SupplierPortal.css
                                                                Preview:*, *:before, *:after {.. -moz-box-sizing: border-box;.. -webkit-box-sizing: border-box;.. box-sizing: border-box;..}..html {.. background-color: White;..}..body {.. margin: 0;.. font-family: Tahoma, Verdana, Arial, "Helvetica Neue", Helvetica, Sans-Serif;.. color: #424242;.. background-color: White;..}.....BottomNavMenu, header {.. position: relative;.. margin: .5em;..}.....DsoMainScreen, .DsoLeftNavMenu, BottomNavMenu, header {.. /* border: 1px solid #ccc; padding: 1.25em; */..}.....frm-message {.. padding-top: 5px;.. font-size: 1.2em;..}.....DsoMainScreen {.. /*margin-bottom: .5em; */.. min-width: 550px;.. max-width: 550px;.. margin-left: 10px;.. margin-right: 10px;.. text-align: left;..}.....DSOLabelHeaderText {.. font-size: 1.2em;.. font-weight: bold;..}.....DSOLabelArea {.. padding-left: 35px;..}.....DSOLabelValue {.. font-size: .8em;.. /*width: 100%;*/..}.....DsoLabelText {.. font-size: .9em;.. font-weigh

                                                                Static File Info

                                                                General

                                                                File type:RFC 822 mail, Unicode text, UTF-8 (with BOM) text, with very long lines (626), with CRLF line terminators
                                                                Entropy (8bit):6.1011726139346845
                                                                TrID:
                                                                • Text - UTF-8 encoded (3003/1) 100.00%
                                                                File name:Request For Quotation (RFQ)_ RFQ2400598.eml
                                                                File size:273'378 bytes
                                                                MD5:d1877952c89684b362caf92b6a34477b
                                                                SHA1:eabadeefaf4bf7fa7df2b8d0aa1bb4fb4d50d3e5
                                                                SHA256:61bacabab5ca1289167090a37b32c940a9fd892bffdf10e0e0cccabac3557eae
                                                                SHA512:55eff0d2714b3133f26da81462c72d0a2861681ffe8d7510d60d34de8b6c741606ecbcc3086bc8a019eea4127164c770a1602dfcd3460885577ca7c139bc9552
                                                                SSDEEP:6144:L4Dx/urG9u6dLjIZmdz+797AUoRuHpLIP4/9gkF0/nmEbrrSZXKnetv4J:L4Dx/urd6yY+79MUPHlIg/1Xio4J
                                                                TLSH:D8440227AD6514BA973023FFA31FFC4735B33E1D1D5789C0B266425282A82BBDA15C8D
                                                                File Content Preview:...Received: from MW4PR20MB5202.namprd20.prod.outlook.com (2603:10b6:303:1e8::20).. by PH7PR20MB5946.namprd20.prod.outlook.com with HTTPS; Fri, 19 Apr 2024.. 09:19:01 +0000..Received: from SJ0PR13CA0169.namprd13.prod.outlook.com (2603:10b6:a03:2c7::24)..

                                                                Static Mail

                                                                General

                                                                Subject:Request For Quotation (RFQ): RFQ2400598
                                                                From:DSO Email Service <emailsvc@dso.org.sg>
                                                                To:OFS Avon Customer Care <AVOorders@ofsoptics.com>
                                                                Cc:Fok Yi Ling Carmen <fyiling@dso.org.sg>, DSO Email Service <emailsvc@dso.org.sg>
                                                                BCC:Fok Yi Ling Carmen <fyiling@dso.org.sg>, DSO Email Service <emailsvc@dso.org.sg>
                                                                Date:Fri, 19 Apr 2024 09:18:14 +0000
                                                                Communications:
                                                                • You don't often get email from emailsvc@dso.org.sg. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> EXTERNAL ________________________________ You are invited to make an offer against the RFQ2400598 for the Good(s), Article(s) and/or Service(s) as detailed in the RFQ attached. You are required to respond within the RFQ closure date. You are required to upload ALL quotations via the link below. Please note that quotations submitted via emails will NOT be accepted. https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?enc=20ADE221D3ACAC68BCB8A062575F01B5B2C412DEA468C864C57B7DF6E845C68CC237468EE52EE58B8255551025EC0B65849C2C1CE6B6023646A6B4AB5C53930E30BA5E14F9B6240EA9A4DCCF0AE46D91 Please submit any clarification directly to the Requesting Officer <FOK YI LING CARMEN>. This is a computer generated email. Please do not reply. __________________________________________________________________ The messages contained therein may have information which is sensitive and privileged to the DSO National Laboratories. If you are not the intended address, please notify DSO National Laboratories by return email immediately, and delete the message and the reply (if it contains the original message) from your computer. You must not copy, distribute, or take any action in reliance thereon. Any transmission or disclosure of the message or any information contained therein to anyone for any purpose other than as permitted by DSO National Laboratories is strictly prohibited and any such use may result in legal proceedings.
                                                                Attachments:
                                                                • RFQ2400598_0000063414_20240419161746.pdf

                                                                Headers

                                                                Key Value
                                                                Receivedfrom SGBP274MB0300.SGPP274.PROD.OUTLOOK.COM ([fe80::b761:4e8e:522c:a1cb]) by SGBP274MB0300.SGPP274.PROD.OUTLOOK.COM ([fe80::b761:4e8e:522c:a1cb%6]) with mapi id 15.20.7472.037; Fri, 19 Apr 2024 09:18:14 +0000
                                                                FromDSO Email Service <emailsvc@dso.org.sg>
                                                                ToOFS Avon Customer Care <AVOorders@ofsoptics.com>
                                                                CCFok Yi Ling Carmen <fyiling@dso.org.sg>, DSO Email Service <emailsvc@dso.org.sg>
                                                                SubjectRequest For Quotation (RFQ): RFQ2400598
                                                                Thread-TopicRequest For Quotation (RFQ): RFQ2400598
                                                                Thread-IndexAQHakjqCJ1KYL+UbnEa4JwGaId2fLA==
                                                                X-MS-Exchange-MessageSentRepresentingType1
                                                                DateFri, 19 Apr 2024 09:18:14 +0000
                                                                Message-ID <SGBP274MB0300D1136C18D6B3B3748171E60D2@SGBP274MB0300.SGPP274.PROD.OUTLOOK.COM>
                                                                Accept-Languageen-US
                                                                Content-Languageen-US
                                                                X-MS-Exchange-Organization-AuthAsAnonymous
                                                                X-MS-Exchange-Organization-AuthSource CO1PEPF000066EA.namprd05.prod.outlook.com
                                                                X-MS-Has-Attachyes
                                                                X-MS-Exchange-Organization-Network-Message-Id 69a3ae1e-1754-47d6-bd4b-08dc6051a673
                                                                X-MS-TNEF-Correlator
                                                                X-MS-Exchange-Organization-RecordReviewCfmType0
                                                                received-spfPass (protection.outlook.com: domain of dso.org.sg designates 40.107.133.98 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.133.98; helo=SGP01-SG2-obe.outbound.protection.outlook.com; pr=C
                                                                authentication-resultsspf=pass (sender IP is 40.107.133.98) smtp.mailfrom=dso.org.sg; dkim=pass (signature was verified) header.d=dso.org.sg;dmarc=pass action=none header.from=dso.org.sg;compauth=pass reason=100
                                                                dkim-signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=dso.org.sg; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lQPE9HTTp5ov1G/OaXSOc0NUyu7RrVmm/n30zbEurpU=; b=6CkxrEpiw03gQU3fE0SkZyTkrQFVPcwJjLEJhR4dU1aAqUmXJvACn75wHYG9tfzXGAoQpee4WanV0Vuo0L4QecCccYX3bf/1h2zTUPmgx+Jw4YB+3xNWWya+iYT3BeRp1KbWTti3mi0NbT367NAbWIswF5gs1hRnTv3PhE3FvIQ5zGeIXfx9/BW9YYavTIMrucWaDt78j99P4IKvjjXXZPDo4T9lM3fKc4hDJRo6rbD6mj9yetOtekhTbVmwZwxlVGkE3FI2cWe/PEO/uwBDlCsQRaCFoklzjpflxfMlP7x9dgVHWGYxSkMsJxPMVlxH8lrlN1zMtJqpr07idISh3Q==
                                                                x-ms-publictraffictypeEmail
                                                                x-forefront-antispam-report CIP:40.107.133.98;CTRY:SG;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SGP01-SG2-obe.outbound.protection.outlook.com;PTR:mail-sg2sgp01on2098.outbound.protection.outlook.com;CAT:NONE;SFTY:9.25;SFS:(13230031)(5000899004);DIR:INB;SFTY:9.25;
                                                                arc-seali=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gj1xbvw2i7/9jkefMvBe7IJCmvmDifpgxSTrEfxFZ4JRr5xDpUWVMem06hKMjuYyovJ1eqlB1aGowsckbfhmywbrAxy6xDCkknDNFIwo27mBHxQi0YelTptpRcDfmHLhGApemQTi1KF6lZJRZdcezIJSDO9FXtgurfcB5RLfGJpgkO1LqGTjUh/J0OykZq/sIbDYh9jRDUlJSpwymSU100ShCVQ8Tw9owtj2/cr9EEhaBhrT3zIhu9JIwvfn3eVJFILe1gvAp0weABEkGyjTw8AWp8hc7GyHfXN7dRUHSHkDZ5uD6O2mcDNG2xtcEtQJ1BCA9HKrPjg6lnjiO0PYHw==
                                                                arc-message-signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lQPE9HTTp5ov1G/OaXSOc0NUyu7RrVmm/n30zbEurpU=; b=iHoOpWulRoyaGo0qRD9q7q5ZcK72WzTxmmi0mpVE3mzRIzmzO9TDWirH0yYa4ddeN5fgfMTHtzT6QAgZW588LmmtRFx1hslfZKWoyLv/wgyIulyuyU809lAI+i41Ec2UpTWUGRRNsRJnSyr9crkRGYDNoUlOuUjoun43iPsgWk9uUDF3/YLz51IN3zXhNZuRlfj1MELd7beIbvkxX1kpwMQrxvEx/3tpekCimEnm2Rbjv/kogtIk0l/hX0HGJt+kO+lspkGIvebyacyv0VQLy8D2qhfjqzJ2dk0cXV/EdM0HphLP3XksPB0y0zrdCvcXVZ1BgfoAqRrf2E5KREiyng==
                                                                arc-authentication-resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dso.org.sg; dmarc=pass action=none header.from=dso.org.sg; dkim=pass header.d=dso.org.sg; arc=none
                                                                authentication-results-originaldkim=none (message not signed) header.d=none;dmarc=none action=none header.from=dso.org.sg;
                                                                x-eopattributedmessage0
                                                                x-forefront-antispam-report-untrusted CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SGBP274MB0300.SGPP274.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230031)(366007)(1800799015)(376005)(38070700009);DIR:OUT;SFP:1102;
                                                                x-ms-office365-filtering-correlation-id69a3ae1e-1754-47d6-bd4b-08dc6051a673
                                                                x-ms-traffictypediagnostic SGBP274MB0300:EE_|SGAP274MB0505:EE_|CO1PEPF000066EA:EE_|MW4PR20MB5202:EE_|PH7PR20MB5946:EE_
                                                                x-ms-exchange-senderadcheck1
                                                                x-microsoft-antispam-untrusted BCL:0;ARA:13230031|366007|1800799015|376005|38070700009;
                                                                x-microsoft-antispam-message-info-original OtdNfFWjNOPtsJgizhgETO8kAQe/Pn2FfEY6ANMsf/779LvhzXLWFjIrWfBfJ+TFMYqXQA45L2k3U0YXrtMH/+SfuYhuJ7p2x/zDaIb483kKEMCaFHkNbqBvbnNn6g49jHswTb3cKpfG6JhNP3xjNvHIQ0MAmc/TUg/tVdVPxWel1uhwkHIkHQYyH+m4uaP2HaZGmYtQFEowQxi2yjOYJw18rw6lF/pCT8zRHXdOXVn0hPWKRjpV930ZuhBSz71yAPlT6fadd0vSiLCqaxMcA+1RF6kLoHe5kl7ApKcYSigHRVQbkVdiw8AV0/x06vjRjZlmljJ3ROTYNYwbBf+9KqHDNzVZZjuJZpBfGIvhGubUjIyUg+Ad0VmZvBw8jemSOVugxrqotteee2mJ8DZOxVPlPEctUpArvECSKv0bmdVuwsKgXUyFFbIyrd1EioiIkG3ltowEZ1YljfrPn+0eGnSkr095b+Jl3yp3x5kW0SF1LDxQkuy7okAKv2wLX2tJ7Ephg1aos5k4WAyFIjvz3uWqzBSbmw0y7u6kMJ5QotKfD5nTQ4SDWe0Z7Vb+5m6VW8tVd5BdOsoxofYnnt8k5jej66t/gBJA4uXNxAl01uTWBeX53O/JiUpdN2OL6fzYczl5oijph1rYr8isBTIi0ZjrxLoEJjosH9ZfrcqtOY2MBFf3HU1nNDvU5/51xv1BqK7+KoxbaGzB5V6qSrQpmFHHT+e3tfzkQuS7UMmA6RG1VfmC2JGkIoG1ikrV3ReQbivAbOPVr8Z5xNVgd6D034b80BerwlGFJ4fLm5HcOOQakysJJt7tydYN5QNwknRgVAeB7rtAIaurHe5+U/K9Gf8gMlb45OcGska0pNsFCF48jfLLhzCFxY4UJhcxdG5RfNIqvu5VErUiNVCSjIbx+ktEtF4FZwaFZJFU6bgyzZQ4vm8BBIVw1sPwBVtOEZ2QA4cvf/Y4BHpi26ZwP9/M5PewxFU68flgffRBZJx9bJEbtm2AQeLvHDhkrVI8whU1ROVXtGdYwLYOmj+kgIVAJLyImCVVpKOvpgqGFLxfDWAP+YzzJjohQ+YEI4CxqOSN4pL6IlScxu7J8WlsTwOnOzlcM6Wmm1xYgtitXPClXevs0QWuRA9aW5M5ssAyYxZiiFfl+9XZKQyK36rhkPDBjhXCzUzyF+Bb+FhIT4HyY0+9scwJs+n4zpS6Mbv8MIsq3fptVxOaa45786IKujuWXA==
                                                                x-ms-exchange-transport-crosstenantheadersstampedMW4PR20MB5202
                                                                x-ms-exchange-transport-crosstenantheadersstripped CO1PEPF000066EA.namprd05.prod.outlook.com
                                                                x-ms-office365-filtering-correlation-id-prvs 566d5548-967c-4fdd-1509-08dc6051a48f
                                                                x-ms-exchange-atpmessagepropertiesSA|SL
                                                                x-microsoft-antispamBCL:0;
                                                                x-ms-exchange-crosstenant-network-message-id 69a3ae1e-1754-47d6-bd4b-08dc6051a673
                                                                x-ms-exchange-crosstenant-originalarrivaltime19 Apr 2024 09:18:17.7081 (UTC)
                                                                x-ms-exchange-crosstenant-fromentityheaderInternet
                                                                x-ms-exchange-crosstenant-id8bfb461a-5c15-4f85-8b7e-d88458bf4341
                                                                x-eoptenantattributedmessage8bfb461a-5c15-4f85-8b7e-d88458bf4341:0
                                                                x-ms-exchange-transport-endtoendlatency00:00:43.4086581
                                                                x-ms-exchange-processed-by-bccfoldering15.20.7452.029
                                                                x-ms-exchange-transport-crosstenantheaderspromoted CO1PEPF000066EA.namprd05.prod.outlook.com
                                                                x-ms-exchange-crosstenant-authasAnonymous
                                                                x-ms-exchange-crosstenant-authsource CO1PEPF000066EA.namprd05.prod.outlook.com
                                                                x-ms-exchange-antispam-messagedata-original-chunkcount1
                                                                x-ms-exchange-antispam-messagedata-original-0 ONScsGXXGhvsvBEEd5mtinSwRITwFTV9TODIVz8O8AyG1dnWNyPD0rPim+wJiiQcb12hNTPCDUTF28Alil2HEaCtEduqtOtf2VRgbQPtT/CwF7Z+tdhe259KzUXVniB11wdTD0Aih/55nevXw/phnLYHAl2/yFrZ81uFQscQKRRQNg+Z8NLJBk5y79siimr8jEO+PRDYNtIOUq0gWzJuO8oi+enetGZvprM6UMuxZX5K06ovIuAPqexvQj2KFboa4CP1dLNmI+cT9zvXp4JojjkMe/AZSPRSMfmdvBf+S9pfq/QZ7kklPaf8zN9QAspXk7GpvkYHXOzFs/22gXlQehIIKB7Ra7PrGOTsGHlxQerjiLNxJiHlNjSKnJbRt4/3qpe4dnaO/4F8/2AZOMXpmfiS4UEmSd9vWKUqexyOuDLzaBezTp+MDxhAMBVZ6l2d2LE60LZQI7roWclmwU1ATY/Ie07USta7E94OA+zE+yeLnRyRyINpa1eDrB9+YzbsxDRUYKOtjBqhTbqnmy6NbBspaRJTajv6wiKZkDNXmDldKiuIx6nsLQYz2vDX1ek0K8/TuEPx5Zi30ONOvuyKwN4O1mUhnSxLvyZIFMz9VkxTZ5tBFmzgtluBG7w5z3EHhtjcRLLPIuIfhw+omOeJAe3uwVXEI3vpJeTui+7vsjVcI0xWCj1tBL/TZjzELuoEiaAJwKg9g4fUuLHaxUhzcCC2nto8zwA+pW39seqVUnAlu4URjLGXV9Zmduh7LgJMfTRbE6rtfc9jMS4lQSfFVlb9gVUJxJG2PnTex8Ky8/+nCF9W6mWgOqYggTiueWOUyM4kRFOg6zu2FcBQlh4Xof+1W3jCnpMsN9ynMur1rn8vUezSzIAJSQmx0NjZr0EQc2ZNoTBFmhJOAvk5nAzB8JnkUHseOiH9vhdNZAZFjywvIKqoZHiyDNmb4XR1FJnxfmEYss07pDyFIGz+JK2vvq3Q/pUjwhPV3LQzuwSHt1/zbIrmbCoyPQ+K9b6RE8fDE5UtJmkNhhgnOyvtPDKRvPl4xk4RdlcgXK2qoJbxeJ7Cy/jZ/VzySsdfAMZaCNji+c9nGeJrK9vUMtZli9m5A7E3wq4kknn7X1YdtJ/iUvQCg5EAYg5nu8HyqR+Jj8i4eVi7aaZQcUgr4/UwCk/Xz2KcoK6dn1nGONk7zfwdY0iajAlrqtNw1igPMCCPS63K5aNUjf+1fwEbi9L3vAqZoCBZom8Kzbuefh2tc7vmrW3vipKtuzWAJ6wQ7CigL/8AYx0o2qRtd8mK5X33oO/kIUfHrX425H9t7EZoVl2SR+97A3ccGWAL+Cff4mLLzElh78aB7Ip40Q34IdZ/u5bzH4ORHJ79hwer36dzFtxggu/yEcY+TiQzhOkB1/jD1AYqgWYTbIslc4lddW5UzdfluHBjW23bDvuyR//qe2IJv2gyQ1zhUnPXphhKXSfGRKJKsIabh4cf/uwVSibxildkSFX4oovkrnAI2XZqtCP1SoPe1Xcy3a4O6NCAHRwZlJkVpDAL2dpzZJ/bMjuCEyB81oc/0vfa7L4RmjhBXOnITKAL+yJnYnkKUmINTDYXr0zqCdBkHf8GawCJJPbJHHDavg==
                                                                x-ms-exchange-antispam-relay0
                                                                X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                                X-Microsoft-Antispam-Message-Info 4bonrV3VS9JCkhyM5K9n/Xo0rlYyRv3cjEVBiukGKfjgzSZYXDx7G2q2RA5Pj2AB4k89goxWxG+lglElmCtLWyYh4ktZg0Pm9asIMf82s1QR9Hwn8S/4JAyHUYftBoMZIaZEH88w7UNzaGCIhqH9gI9fDSXsgPnkEw/44qlJ9pu01phg/ue0CwE0nMwCqK5t+Yh/6bo0i+BeWzC6evtvggZNCyE+PkO4y31a2fW+Eb28bsSmwUg4VkpepA7jR6vMNwz7dij5M04jW6iJTfM1RhDqyz0FUeoCKUJYxgsycg1Ary/dTU2DnhilB5XzP4sq1OWtCMDuKqnhf0Rwpi5ck2Bx3TDBuqe3w9HumdZyDopL0nyfrGxxk0kq7B/DKeNc1z6q1O3Ih4MyfN/j+grAD+CdwM71JMnSNDVAQ8rDpJwY2fH+ZrxaJP0JIibEhj/tVrG0NAiz65rvQ9wgN33WcdPlv0apQYsSykCrPtYh/gnTVuEERbmBucUTNuzSEMsqcTv7A4AFsjnxyGJ79/+r4sWr7Ljhzb7K+FZRavvfI0jXL/o3/B4xQWWwr51ev/hr8Z4WgetTI6/FzmwF28zJD1OK5qfJewgopKxViZ5W/WttE+BKYoZJ9ZjQHmKNipvHmVv1R3u176OE7RZ8Oqx9JvJCVpiXWDvi6OYy2h7lQbiuyWvVdbHK15F0iKjkgggVe9oNl8eZWCmHANsL7kvWnEN2xQJXmHrDC4WwvJ9637ev5d/D5y6J8iX1ISL+xGdn/MM2Fl5W1UuQ+oY5lov9VJHuBTir47bvaRshc48LaP+tCXOzR25mTz5cWGFcdhb2mIA/2EpWSQAejCIPevcKG5JtvYKKVSEAIDO1wELiYTaA2j2DDqUMlg5SP//LoughoUgBJkSAH367Yr9Vj6jBle8Jimw5aI5zgaEjObFUizX30Qx7ERpuKe0WO97Em7WDyUX/bePVbqyxO8B/ZEQXx3GapTsqiWgwfuQ20vrXScbeO8Eyh7qPilieeYus9A3nQcjY+wFXc0YemoB7TBMT6Yw3BhWCvzgTpnNfn+yOJNflZMd53a1a3LF9DaD9JmFE+LIUZ0L3w/TLOrvSovhUnpLmlf2uvo/uFnmn+F1V9HKhDdsTuCE2FMsfw1EWQGgcO50DFpu5vSO4Fnj6ju0IeGRO2N0Nhn3jy8PEbA4rAZ++TcA0mSmcTqTSGpgausm1wpIbeayl2X1+ZBV9VvdZdZvz61Fc74iQ17gFg/tErC7igl81i7V22WLW1vYsHbGRzh5r5qGBylh3i6x0g3My/iv5jTT44VASfVGgF8xEiTji7w/Gw+bYFVLPeqdQWJ6z9DZtXeNXjOQZ6ySHasz6e6hxB6Vr8DlLbUnbmSfQQRaNxmWPYkydTnCLdgqv7LKfOA4FboGMqYstdVixdr/5HB3abT3s0/Qen9A1tgoU3XiqQfvLAOdphX2Vqnfaalzk/YrgLy4ztfeBcrKuBF3ojNOeDiRKQnPUOU03ZL0rd6DWUbJWyn9Pfek7+PlaWQq1gnmVdnkPRrIdRbMQ61anvb4pXLOoWWXHFUIVjCsPTdHxQz93sGBoeuW0BlDzcjMGPzNX9tgiT5QjxZXUU5IF5hc6COWdFzG2sojBL3sXiIcR+wG038Y2+QtYTSrX+paenc7GkqR43RRi7vDceajqIJgHoswudVM+LdvNwxyt9bE5oOVjgH0uGahXYGTwTuC+wtfWCigwGW8kCelm1MHLujoWbXZS6lD14ekS4uZxlH2TRspPxaWE2J6vbIkBn9T/jGI3gIC59JHniz8Q6HBc1512r2rgEYTDG82kVgKl3Hfli+vRJhGp3q/ZYIi73rGBEgD1tztTTNlkcqG/cwQSt7TIwE5miaqt531M6QutpsPTt5cqf3K0XVcDqfe5cpVqyrdhIsWJHv9UsBmrNQxnJ9Atf3jgPf0ODjhzp4VdrhI=
                                                                Content-Typemultipart/mixed; boundary="_004_SGBP274MB0300D1136C18D6B3B3748171E60D2SGBP274MB0300SGPP_"
                                                                MIME-Version1.0

                                                                File Icon

                                                                Icon Hash:46070c0a8e0c67d6

                                                                Network Behavior

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Apr 19, 2024 18:43:10.532157898 CEST49673443192.168.2.16204.79.197.203
                                                                Apr 19, 2024 18:43:10.835886955 CEST49673443192.168.2.16204.79.197.203
                                                                Apr 19, 2024 18:43:11.442857981 CEST49673443192.168.2.16204.79.197.203
                                                                Apr 19, 2024 18:43:12.652766943 CEST49673443192.168.2.16204.79.197.203
                                                                Apr 19, 2024 18:43:15.057765007 CEST49673443192.168.2.16204.79.197.203
                                                                Apr 19, 2024 18:43:16.943800926 CEST49706443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:16.943842888 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:16.943972111 CEST49706443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:16.945935965 CEST49706443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:16.945947886 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.160605907 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.161022902 CEST49706443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.164721966 CEST49706443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.164730072 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.164984941 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.210901022 CEST49706443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.252140045 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.363269091 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.363334894 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.363430023 CEST49706443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.363728046 CEST49706443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.363728046 CEST49706443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.363754034 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.363765955 CEST44349706184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.399818897 CEST49707443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.399883986 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.399986029 CEST49707443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.400365114 CEST49707443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.400387049 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.613868952 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.614001989 CEST49707443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.615890980 CEST49707443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.615910053 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.616421938 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.618325949 CEST49707443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.664114952 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.823174953 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.823308945 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.823374033 CEST49707443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.825643063 CEST49707443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.825671911 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:17.825685978 CEST49707443192.168.2.16184.31.62.93
                                                                Apr 19, 2024 18:43:17.825692892 CEST44349707184.31.62.93192.168.2.16
                                                                Apr 19, 2024 18:43:18.705024958 CEST49678443192.168.2.1620.189.173.10
                                                                Apr 19, 2024 18:43:19.007775068 CEST49678443192.168.2.1620.189.173.10
                                                                Apr 19, 2024 18:43:19.265326977 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.265412092 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.265790939 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.266011000 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.266032934 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.613763094 CEST49678443192.168.2.1620.189.173.10
                                                                Apr 19, 2024 18:43:19.656976938 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.657078028 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.668401003 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.668453932 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.669035912 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.669810057 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.669872999 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.669943094 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.867774963 CEST49673443192.168.2.16204.79.197.203
                                                                Apr 19, 2024 18:43:19.962663889 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.962691069 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.962753057 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.962811947 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.966121912 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.966491938 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.966491938 CEST49708443192.168.2.1640.126.28.14
                                                                Apr 19, 2024 18:43:19.966533899 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:19.966559887 CEST4434970840.126.28.14192.168.2.16
                                                                Apr 19, 2024 18:43:20.828772068 CEST49678443192.168.2.1620.189.173.10
                                                                Apr 19, 2024 18:43:23.172925949 CEST4968080192.168.2.16192.229.211.108
                                                                Apr 19, 2024 18:43:23.236787081 CEST49678443192.168.2.1620.189.173.10
                                                                Apr 19, 2024 18:43:23.475775003 CEST4968080192.168.2.16192.229.211.108
                                                                Apr 19, 2024 18:43:23.512120962 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:23.512217045 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:23.512310982 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:23.514915943 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:23.514950037 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:23.937592030 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:23.937690020 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:23.939987898 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:23.940001011 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:23.940326929 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:23.985884905 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.018201113 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.060125113 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.079775095 CEST4968080192.168.2.16192.229.211.108
                                                                Apr 19, 2024 18:43:24.338854074 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.338920116 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.338941097 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.338980913 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.339023113 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.339052916 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.339071989 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.339123011 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.339139938 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.339139938 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.339153051 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.339195013 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.339240074 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.339248896 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.339313030 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.339736938 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.358647108 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.358690023 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:24.358721972 CEST49710443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:43:24.358731985 CEST4434971052.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:43:25.293797016 CEST4968080192.168.2.16192.229.211.108
                                                                Apr 19, 2024 18:43:27.697779894 CEST4968080192.168.2.16192.229.211.108
                                                                Apr 19, 2024 18:43:28.045810938 CEST49678443192.168.2.1620.189.173.10
                                                                Apr 19, 2024 18:43:29.471894026 CEST49673443192.168.2.16204.79.197.203
                                                                Apr 19, 2024 18:43:32.501878977 CEST4968080192.168.2.16192.229.211.108
                                                                Apr 19, 2024 18:43:35.469623089 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:35.469646931 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:43:35.469715118 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:35.469911098 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:35.469927073 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:43:35.697942019 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:43:35.698568106 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:35.698580980 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:43:35.700171947 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:43:35.700256109 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:35.701349020 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:35.701436996 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:43:35.743793011 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:35.743809938 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:43:35.791815042 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:35.991451979 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:35.991482973 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:35.991605997 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:35.991852045 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:35.991863966 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:36.307665110 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:36.308507919 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:36.308526039 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:36.309638977 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:36.310698032 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:36.313364029 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:36.313457966 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:36.313560963 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:36.313571930 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:36.368460894 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:36.418709040 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:36.418796062 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:36.420399904 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:36.420655966 CEST49743443192.168.2.16184.25.164.138
                                                                Apr 19, 2024 18:43:36.420667887 CEST44349743184.25.164.138192.168.2.16
                                                                Apr 19, 2024 18:43:37.656816959 CEST49678443192.168.2.1620.189.173.10
                                                                Apr 19, 2024 18:43:42.112804890 CEST4968080192.168.2.16192.229.211.108
                                                                Apr 19, 2024 18:43:45.681308031 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:43:45.681406021 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:43:45.681500912 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:47.099800110 CEST49742443192.168.2.1674.125.136.147
                                                                Apr 19, 2024 18:43:47.099828005 CEST4434974274.125.136.147192.168.2.16
                                                                Apr 19, 2024 18:44:00.063055038 CEST4969680192.168.2.16199.232.214.172
                                                                Apr 19, 2024 18:44:00.063149929 CEST4969780192.168.2.16199.232.214.172
                                                                Apr 19, 2024 18:44:00.166659117 CEST8049696199.232.214.172192.168.2.16
                                                                Apr 19, 2024 18:44:00.166701078 CEST8049696199.232.214.172192.168.2.16
                                                                Apr 19, 2024 18:44:00.166809082 CEST8049697199.232.214.172192.168.2.16
                                                                Apr 19, 2024 18:44:00.166842937 CEST8049697199.232.214.172192.168.2.16
                                                                Apr 19, 2024 18:44:00.166889906 CEST4969680192.168.2.16199.232.214.172
                                                                Apr 19, 2024 18:44:00.166944027 CEST4969780192.168.2.16199.232.214.172
                                                                Apr 19, 2024 18:44:01.208091021 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:01.208154917 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:01.208372116 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:01.208679914 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:01.208695889 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:01.634664059 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:01.634752035 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:01.636177063 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:01.636202097 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:01.636615992 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:01.638186932 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:01.684124947 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037404060 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037461996 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037504911 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037569046 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:02.037635088 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037676096 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:02.037678003 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037699938 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:02.037719965 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037750959 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:02.037764072 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037801027 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:02.037811995 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037864923 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:02.037909985 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.037965059 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:02.040854931 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:02.040875912 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:02.040888071 CEST49752443192.168.2.1652.165.165.26
                                                                Apr 19, 2024 18:44:02.040894985 CEST4434975252.165.165.26192.168.2.16
                                                                Apr 19, 2024 18:44:12.455003977 CEST49688443192.168.2.1613.107.21.200

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Apr 19, 2024 18:43:30.549200058 CEST5464853192.168.2.161.1.1.1
                                                                Apr 19, 2024 18:43:30.549493074 CEST6415853192.168.2.161.1.1.1
                                                                Apr 19, 2024 18:43:30.637275934 CEST53566101.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:43:30.711498976 CEST53508071.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:43:30.927755117 CEST53641581.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:43:31.311705112 CEST53600281.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:43:35.364084959 CEST6255953192.168.2.161.1.1.1
                                                                Apr 19, 2024 18:43:35.364284039 CEST5513553192.168.2.161.1.1.1
                                                                Apr 19, 2024 18:43:35.468607903 CEST53625591.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:43:35.468641996 CEST53551351.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:43:36.013073921 CEST5262953192.168.2.161.1.1.1
                                                                Apr 19, 2024 18:43:36.013123035 CEST6261953192.168.2.161.1.1.1
                                                                Apr 19, 2024 18:43:36.425684929 CEST53626191.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:43:36.765302896 CEST53539931.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:43:48.322747946 CEST53562181.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:43:53.975361109 CEST137137192.168.2.16192.168.2.255
                                                                Apr 19, 2024 18:43:54.725939035 CEST137137192.168.2.16192.168.2.255
                                                                Apr 19, 2024 18:43:55.477112055 CEST137137192.168.2.16192.168.2.255
                                                                Apr 19, 2024 18:43:56.228255987 CEST137137192.168.2.16192.168.2.255
                                                                Apr 19, 2024 18:43:56.979131937 CEST137137192.168.2.16192.168.2.255
                                                                Apr 19, 2024 18:43:57.729954004 CEST137137192.168.2.16192.168.2.255
                                                                Apr 19, 2024 18:44:07.138335943 CEST53609961.1.1.1192.168.2.16
                                                                Apr 19, 2024 18:44:14.880445957 CEST138138192.168.2.16192.168.2.255

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Apr 19, 2024 18:43:30.549200058 CEST192.168.2.161.1.1.10xadd4Standard query (0)extapp.dso.org.sgA (IP address)IN (0x0001)false
                                                                Apr 19, 2024 18:43:30.549493074 CEST192.168.2.161.1.1.10x74daStandard query (0)extapp.dso.org.sg65IN (0x0001)false
                                                                Apr 19, 2024 18:43:35.364084959 CEST192.168.2.161.1.1.10x9c95Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                Apr 19, 2024 18:43:35.364284039 CEST192.168.2.161.1.1.10x2c3bStandard query (0)www.google.com65IN (0x0001)false
                                                                Apr 19, 2024 18:43:36.013073921 CEST192.168.2.161.1.1.10x7c01Standard query (0)extapp.dso.org.sgA (IP address)IN (0x0001)false
                                                                Apr 19, 2024 18:43:36.013123035 CEST192.168.2.161.1.1.10x5259Standard query (0)extapp.dso.org.sg65IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Apr 19, 2024 18:43:30.915811062 CEST1.1.1.1192.168.2.160xadd4No error (0)extapp.dso.org.sgextapp.dso.org.sg.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                Apr 19, 2024 18:43:30.927755117 CEST1.1.1.1192.168.2.160x74daNo error (0)extapp.dso.org.sgextapp.dso.org.sg.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                Apr 19, 2024 18:43:35.468607903 CEST1.1.1.1192.168.2.160x9c95No error (0)www.google.com74.125.136.147A (IP address)IN (0x0001)false
                                                                Apr 19, 2024 18:43:35.468607903 CEST1.1.1.1192.168.2.160x9c95No error (0)www.google.com74.125.136.99A (IP address)IN (0x0001)false
                                                                Apr 19, 2024 18:43:35.468607903 CEST1.1.1.1192.168.2.160x9c95No error (0)www.google.com74.125.136.103A (IP address)IN (0x0001)false
                                                                Apr 19, 2024 18:43:35.468607903 CEST1.1.1.1192.168.2.160x9c95No error (0)www.google.com74.125.136.104A (IP address)IN (0x0001)false
                                                                Apr 19, 2024 18:43:35.468607903 CEST1.1.1.1192.168.2.160x9c95No error (0)www.google.com74.125.136.105A (IP address)IN (0x0001)false
                                                                Apr 19, 2024 18:43:35.468607903 CEST1.1.1.1192.168.2.160x9c95No error (0)www.google.com74.125.136.106A (IP address)IN (0x0001)false
                                                                Apr 19, 2024 18:43:35.468641996 CEST1.1.1.1192.168.2.160x2c3bNo error (0)www.google.com65IN (0x0001)false
                                                                Apr 19, 2024 18:43:36.392354965 CEST1.1.1.1192.168.2.160x7c01No error (0)extapp.dso.org.sgextapp.dso.org.sg.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                Apr 19, 2024 18:43:36.425684929 CEST1.1.1.1192.168.2.160x5259No error (0)extapp.dso.org.sgextapp.dso.org.sg.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false

                                                                HTTP Request Dependency Graph

                                                                • fs.microsoft.com
                                                                • login.live.com
                                                                • slscr.update.microsoft.com
                                                                • armmf.adobe.com

                                                                HTTPS Proxied Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.1649706184.31.62.93443
                                                                TimestampBytes transferredDirectionData
                                                                2024-04-19 16:43:17 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Accept: */*
                                                                Accept-Encoding: identity
                                                                User-Agent: Microsoft BITS/7.8
                                                                Host: fs.microsoft.com
                                                                2024-04-19 16:43:17 UTC467INHTTP/1.1 200 OK
                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                Content-Type: application/octet-stream
                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                Server: ECAcc (chd/079C)
                                                                X-CID: 11
                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                X-Ms-Region: prod-eus-z1
                                                                Cache-Control: public, max-age=138004
                                                                Date: Fri, 19 Apr 2024 16:43:17 GMT
                                                                Connection: close
                                                                X-CID: 2


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.2.1649707184.31.62.93443
                                                                TimestampBytes transferredDirectionData
                                                                2024-04-19 16:43:17 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Accept: */*
                                                                Accept-Encoding: identity
                                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                Range: bytes=0-2147483646
                                                                User-Agent: Microsoft BITS/7.8
                                                                Host: fs.microsoft.com
                                                                2024-04-19 16:43:17 UTC805INHTTP/1.1 200 OK
                                                                ApiVersion: Distribute 1.1
                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                Server: ECAcc (chd/0778)
                                                                X-CID: 11
                                                                X-CCC: US
                                                                X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z
                                                                X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z
                                                                Content-Type: application/octet-stream
                                                                X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                                                                Cache-Control: public, max-age=138025
                                                                Date: Fri, 19 Apr 2024 16:43:17 GMT
                                                                Content-Length: 55
                                                                Connection: close
                                                                X-CID: 2
                                                                2024-04-19 16:43:17 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                2192.168.2.164970840.126.28.14443
                                                                TimestampBytes transferredDirectionData
                                                                2024-04-19 16:43:19 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                Connection: Keep-Alive
                                                                Content-Type: application/soap+xml
                                                                Accept: */*
                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                Content-Length: 4722
                                                                Host: login.live.com
                                                                2024-04-19 16:43:19 UTC4722OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                2024-04-19 16:43:19 UTC569INHTTP/1.1 200 OK
                                                                Cache-Control: no-store, no-cache
                                                                Pragma: no-cache
                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                Expires: Fri, 19 Apr 2024 16:42:19 GMT
                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                x-ms-route-info: C538_SN1
                                                                x-ms-request-id: f9de51aa-131c-4cf5-908d-193652727163
                                                                PPServer: PPV: 30 H: SN1PEPF0002F955 V: 0
                                                                X-Content-Type-Options: nosniff
                                                                Strict-Transport-Security: max-age=31536000
                                                                X-XSS-Protection: 1; mode=block
                                                                Date: Fri, 19 Apr 2024 16:43:18 GMT
                                                                Connection: close
                                                                Content-Length: 10197
                                                                2024-04-19 16:43:19 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.164971052.165.165.26443
                                                                TimestampBytes transferredDirectionData
                                                                2024-04-19 16:43:24 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WGcSN3OHPcpeTDp&MD=RAVVrOdY HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Accept: */*
                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                Host: slscr.update.microsoft.com
                                                                2024-04-19 16:43:24 UTC560INHTTP/1.1 200 OK
                                                                Cache-Control: no-cache
                                                                Pragma: no-cache
                                                                Content-Type: application/octet-stream
                                                                Expires: -1
                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                MS-CorrelationId: f811aab1-1d54-43b9-a9d7-56019c2667ba
                                                                MS-RequestId: 7cc635c6-8b79-4d72-a7ea-11a8b8d26e93
                                                                MS-CV: q2YdO2Ia1USCxcu+.0
                                                                X-Microsoft-SLSClientCache: 2880
                                                                Content-Disposition: attachment; filename=environment.cab
                                                                X-Content-Type-Options: nosniff
                                                                Date: Fri, 19 Apr 2024 16:43:23 GMT
                                                                Connection: close
                                                                Content-Length: 24490
                                                                2024-04-19 16:43:24 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                2024-04-19 16:43:24 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.1649743184.25.164.1384437248C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-04-19 16:43:36 UTC390OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                                                Host: armmf.adobe.com
                                                                Connection: keep-alive
                                                                Accept-Language: en-US,en;q=0.9
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                                                Sec-Fetch-Site: same-origin
                                                                Sec-Fetch-Mode: no-cors
                                                                Sec-Fetch-Dest: empty
                                                                Accept-Encoding: gzip, deflate, br
                                                                2024-04-19 16:43:36 UTC225INHTTP/1.1 200 OK
                                                                Server: Apache
                                                                Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                                                                ETag: "78-5faa31cce96da"
                                                                Content-Type: text/plain; charset=UTF-8
                                                                Date: Fri, 19 Apr 2024 16:43:36 GMT
                                                                Content-Length: 120
                                                                Connection: close
                                                                2024-04-19 16:43:36 UTC120INData Raw: 46 69 6c 65 20 74 68 61 74 20 61 63 74 73 20 6c 69 6b 65 20 61 20 4b 69 6c 6c 20 73 77 69 74 63 68 20 66 6f 72 20 53 4d 53 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 69 6e 20 52 65 61 64 65 72 2e 20 44 65 6c 65 74 65 20 74 68 69 73 20 66 69 6c 65 20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 6b 69 6c 6c 20 73 77 69 74 63 68 20 69 6e 20 52 65 61 64 65 72 2e
                                                                Data Ascii: File that acts like a Kill switch for SMS functionality in Reader. Delete this file to enable the kill switch in Reader.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.164975252.165.165.26443
                                                                TimestampBytes transferredDirectionData
                                                                2024-04-19 16:44:01 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=WGcSN3OHPcpeTDp&MD=RAVVrOdY HTTP/1.1
                                                                Connection: Keep-Alive
                                                                Accept: */*
                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                Host: slscr.update.microsoft.com
                                                                2024-04-19 16:44:02 UTC560INHTTP/1.1 200 OK
                                                                Cache-Control: no-cache
                                                                Pragma: no-cache
                                                                Content-Type: application/octet-stream
                                                                Expires: -1
                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                MS-CorrelationId: 0476219b-e734-4c70-abb1-3fbc11449af9
                                                                MS-RequestId: e0912074-6a8c-4071-b155-61dd7b53c383
                                                                MS-CV: UjuvdbTEWUWX5u+q.0
                                                                X-Microsoft-SLSClientCache: 2160
                                                                Content-Disposition: attachment; filename=environment.cab
                                                                X-Content-Type-Options: nosniff
                                                                Date: Fri, 19 Apr 2024 16:44:01 GMT
                                                                Connection: close
                                                                Content-Length: 25457
                                                                2024-04-19 16:44:02 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                2024-04-19 16:44:02 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:1
                                                                Start time:18:43:13
                                                                Start date:19/04/2024
                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Request For Quotation (RFQ)_ RFQ2400598.eml"
                                                                Imagebase:0x640000
                                                                File size:34'446'744 bytes
                                                                MD5 hash:91A5292942864110ED734005B7E005C0
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:false

                                                                General

                                                                Target ID:3
                                                                Start time:18:43:14
                                                                Start date:19/04/2024
                                                                Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FDFCBF6C-301D-4498-AEFF-487513A4AFB9" "4BC47D0A-1AFA-4E2C-B133-A29D3D538865" "6312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                Imagebase:0x7ff69d7b0000
                                                                File size:710'048 bytes
                                                                MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:false

                                                                General

                                                                Target ID:11
                                                                Start time:18:43:21
                                                                Start date:19/04/2024
                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\03UIW9HD\RFQ2400598_0000063414_20240419161746.pdf"
                                                                Imagebase:0x7ff68de10000
                                                                File size:5'641'176 bytes
                                                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                General

                                                                Target ID:13
                                                                Start time:18:43:22
                                                                Start date:19/04/2024
                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                Imagebase:0x7ff761420000
                                                                File size:3'581'912 bytes
                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                General

                                                                Target ID:14
                                                                Start time:18:43:23
                                                                Start date:19/04/2024
                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1564,i,8300883172976244484,15640572082357883666,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                Imagebase:0x7ff761420000
                                                                File size:3'581'912 bytes
                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:moderate
                                                                Has exited:true

                                                                General

                                                                Target ID:15
                                                                Start time:18:43:28
                                                                Start date:19/04/2024
                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://extapp.dso.org.sg/SupplierPortal/RFQVendor/Create/0?enc=20ADE221D3ACAC68BCB8A062575F01B5B2C412DEA468C864C57B7DF6E845C68CC237468EE52EE58B8255551025EC0B65849C2C1CE6B6023646A6B4AB5C53930E30BA5E14F9B6240EA9A4DCCF0AE46D91
                                                                Imagebase:0x7ff7f9810000
                                                                File size:3'242'272 bytes
                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:17
                                                                Start time:18:43:29
                                                                Start date:19/04/2024
                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1984,i,12791824266530776244,14028941170034293688,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                Imagebase:0x7ff7f9810000
                                                                File size:3'242'272 bytes
                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                Disassembly

                                                                No disassembly