Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml

Overview

General Information

Sample name:49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml
Analysis ID:1458476
MD5:ee0f35659eb9bdbac4964768e4d9b987
SHA1:ba0a9a9d07f955ee459a629d3e8581a8f6aa6ff9
SHA256:08b95795c7991b93224489b317e5bf39838ca91f0c6cfec01d9eb2589facf8ec
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected suspicious e-Mail
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6528 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 828 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7C44A89B-53EC-409D-8728-588BABF159F0" "2AF9E6BA-0FC6-4D68-BDDC-6AEABD9378A5" "6528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 4916 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 816 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6292 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1560,i,16432077869950964751,5752443073126241527,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6528, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6528, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.5.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 77EC63BDA74BD0D0E0426DC8F80085060.5.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.aadrm.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.aadrm.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.cortana.ai
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.office.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.onedrive.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://api.scheduler.
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://app.powerbi.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://augloop.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 49a790ea-b732-4d5f-9f94-3f246fad2b7e.emlString found in binary or memory: https://can01.safelinks.protection.outl=
Source: ~WRS{EF18C7F1-C1BC-4E24-BE04-887A6C43C825}.tmp.0.drString found in binary or memory: https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fus-phishalarm-ewt.proofpoint.com%2
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://cdn.entity.
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://clients.config.office.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://clients.config.office.net/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://config.edge.skype.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://cortana.ai
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://cortana.ai/api
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://cr.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://d.docs.live.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://dev.cortana.ai
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://devnull.onenote.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://directory.services.
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ecs.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://graph.windows.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://graph.windows.net/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://invites.office.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://lifecycle.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://login.windows.local
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://make.powerautomate.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://management.azure.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://management.azure.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://messaging.office.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ncus.contentsync.
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://officeapps.live.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://onedrive.live.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://outlook.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://outlook.office.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://outlook.office365.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://outlook.office365.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://res.cdn.office.net
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://service.powerapps.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://settings.outlook.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://staging.cortana.ai
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://substrate.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://tasks.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 49a790ea-b732-4d5f-9f94-3f246fad2b7e.emlString found in binary or memory: https://us-phishalarm-ewt.proofpoint.com/EWT/v1=
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://wus2.contentsync.
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: sus21.winEML@20/71@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240617T1151470522-6528.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7C44A89B-53EC-409D-8728-588BABF159F0" "2AF9E6BA-0FC6-4D68-BDDC-6AEABD9378A5" "6528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1560,i,16432077869950964751,5752443073126241527,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7C44A89B-53EC-409D-8728-588BABF159F0" "2AF9E6BA-0FC6-4D68-BDDC-6AEABD9378A5" "6528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986.pdf"Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1560,i,16432077869950964751,5752443073126241527,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior

Persistence and Installation Behavior

barindex
AI detected suspicious e-Mail
Source: e-MailLLM: Score: 9 Reasons: The email contains a warning message indicating it is from an untrusted sender, which is a common characteristic of phishing emails. The header suggests that the recipient has not previously corresponded with this sender, raising suspicion. The presence of a 'Report Suspicious' button further indicates that the email might be flagged as potentially harmful. These elements collectively suggest a high risk of phishing.
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: 49a790ea-b732-4d5f-9f94-3f246fad2b7e.emlBinary or memory string: FkXyjQ6KaDcxvMciAK2yvPLdM/Dl8/rywyfyW5T5sVArN/bJJNqCyftIJfyw10d/fo8/xZ6yRIkz
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS14
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1458476 Sample: 49a790ea-b732-4d5f-9f94-3f2... Startdate: 17/06/2024 Architecture: WINDOWS Score: 21 18 AI detected suspicious e-Mail 2->18 8 OUTLOOK.EXE 513 125 2->8         started        process3 process4 10 Acrobat.exe 75 8->10         started        12 ai.exe 8->12         started        process5 14 AcroCEF.exe 128 10->14         started        process6 16 AcroCEF.exe 4 14->16         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://login.microsoftonline.com/0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%Avira URL Cloudsafe
https://api.diagnosticssdf.office.com0%Avira URL Cloudsafe
https://shell.suite.office.com:14430%Avira URL Cloudsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%Avira URL Cloudsafe
https://autodiscover-s.outlook.com/0%Avira URL Cloudsafe
https://cdn.entity.0%Avira URL Cloudsafe
https://api.addins.omex.office.net/appinfo/query0%Avira URL Cloudsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%Avira URL Cloudsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%Avira URL Cloudsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%Avira URL Cloudsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%Avira URL Cloudsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%Avira URL Cloudsafe
https://lookup.onenote.com/lookup/geolocation/v10%Avira URL Cloudsafe
https://cortana.ai0%Avira URL Cloudsafe
https://powerlift.acompli.net0%Avira URL Cloudsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%Avira URL Cloudsafe
https://api.powerbi.com/v1.0/myorg/imports0%Avira URL Cloudsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%Avira URL Cloudsafe
https://entitlement.diagnosticssdf.office.com0%Avira URL Cloudsafe
https://cloudfiles.onenote.com/upload.aspx0%Avira URL Cloudsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
https://api.aadrm.com/0%Avira URL Cloudsafe
https://ic3.teams.office.com0%Avira URL Cloudsafe
https://www.yammer.com0%Avira URL Cloudsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%Avira URL Cloudsafe
https://api.microsoftstream.com/api/0%Avira URL Cloudsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%Avira URL Cloudsafe
https://cr.office.com0%Avira URL Cloudsafe
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft0%Avira URL Cloudsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%Avira URL Cloudsafe
https://edge.skype.com/registrar/prod0%Avira URL Cloudsafe
https://portal.office.com/account/?ref=ClientMeControl0%Avira URL Cloudsafe
https://graph.ppe.windows.net0%Avira URL Cloudsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%Avira URL Cloudsafe
https://powerlift-frontdesk.acompli.net0%Avira URL Cloudsafe
https://tasks.office.com0%Avira URL Cloudsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%Avira URL Cloudsafe
https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
https://api.scheduler.0%Avira URL Cloudsafe
https://my.microsoftpersonalcontent.com0%Avira URL Cloudsafe
https://store.office.cn/addinstemplate0%Avira URL Cloudsafe
https://api.aadrm.com0%Avira URL Cloudsafe
https://outlook.office.com/autosuggest/api/v1/init?cvid=0%Avira URL Cloudsafe
https://globaldisco.crm.dynamics.com0%Avira URL Cloudsafe
https://edge.skype.com/rps0%Avira URL Cloudsafe
https://messaging.engagement.office.com/0%Avira URL Cloudsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%Avira URL Cloudsafe
https://dev0-api.acompli.net/autodetect0%Avira URL Cloudsafe
https://can01.safelinks.protection.outl=0%Avira URL Cloudsafe
https://www.odwebp.svc.ms0%Avira URL Cloudsafe
https://api.diagnosticssdf.office.com/v2/feedback0%Avira URL Cloudsafe
https://api.powerbi.com/v1.0/myorg/groups0%Avira URL Cloudsafe
https://web.microsoftstream.com/video/0%Avira URL Cloudsafe
https://graph.windows.net0%Avira URL Cloudsafe
https://api.addins.store.officeppe.com/addinstemplate0%Avira URL Cloudsafe
https://dataservice.o365filtering.com/0%Avira URL Cloudsafe
https://officesetup.getmicrosoftkey.com0%Avira URL Cloudsafe
https://analysis.windows.net/powerbi/api0%Avira URL Cloudsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%Avira URL Cloudsafe
https://prod-global-autodetect.acompli.net/autodetect0%Avira URL Cloudsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%Avira URL Cloudsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%Avira URL Cloudsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%Avira URL Cloudsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%Avira URL Cloudsafe
https://d.docs.live.net0%Avira URL Cloudsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%Avira URL Cloudsafe
https://ncus.contentsync.0%Avira URL Cloudsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%Avira URL Cloudsafe
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false0%Avira URL Cloudsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%Avira URL Cloudsafe
http://weather.service.msn.com/data.aspx0%Avira URL Cloudsafe
https://apis.live.net/v5.0/0%Avira URL Cloudsafe
https://officepyservice.office.net/service.functionality0%Avira URL Cloudsafe
https://messaging.lifecycle.office.com/0%Avira URL Cloudsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%Avira URL Cloudsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%Avira URL Cloudsafe
https://templatesmetadata.office.net/0%Avira URL Cloudsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%Avira URL Cloudsafe
https://management.azure.com0%Avira URL Cloudsafe
https://wus2.contentsync.0%Avira URL Cloudsafe
https://outlook.office365.com0%Avira URL Cloudsafe
https://pushchannel.1drv.ms0%Avira URL Cloudsafe
https://insertmedia.bing.office.net/odc/insertmedia0%Avira URL Cloudsafe
https://incidents.diagnostics.office.com0%Avira URL Cloudsafe
https://clients.config.office.net/user/v1.0/ios0%Avira URL Cloudsafe
https://make.powerautomate.com0%Avira URL Cloudsafe
https://api.addins.omex.office.net/api/addins/search0%Avira URL Cloudsafe
https://outlook.office365.com/api/v1.0/me/Activities0%Avira URL Cloudsafe
https://api.office.net0%Avira URL Cloudsafe
https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
https://clients.config.office.net/user/v1.0/android/policies0%Avira URL Cloudsafe
https://incidents.diagnosticssdf.office.com0%Avira URL Cloudsafe
https://outlook.office.com/0%Avira URL Cloudsafe
https://entitlement.diagnostics.office.com0%Avira URL Cloudsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%Avira URL Cloudsafe
https://substrate.office.com/search/api/v2/init0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
windowsupdatebg.s.llnwi.net
87.248.204.0
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://api.diagnosticssdf.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://login.microsoftonline.com/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • URL Reputation: safe
    		unknown
    https://shell.suite.office.com:14430A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://autodiscover-s.outlook.com/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://useraudit.o365auditrealtimeingestion.manage.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://outlook.office365.com/connectors0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://cdn.entity.0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.addins.omex.office.net/appinfo/query0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://clients.config.office.net/user/v1.0/tenantassociationkey0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://powerlift.acompli.net0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://rpsticket.partnerservices.getmicrosoftkey.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://lookup.onenote.com/lookup/geolocation/v10A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://cortana.ai0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.powerbi.com/v1.0/myorg/imports0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://cloudfiles.onenote.com/upload.aspx0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://entitlement.diagnosticssdf.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.aadrm.com/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://ofcrecsvcapi-int.azurewebsites.net/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://ic3.teams.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.yammer.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.microsoftstream.com/api/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://cr.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://messagebroker.mobile.m365.svc.cloud.microsoft0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://otelrules.svc.static.microsoft0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://portal.office.com/account/?ref=ClientMeControl0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://edge.skype.com/registrar/prod0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://graph.ppe.windows.net0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://res.getmicrosoftkey.com/api/redemptionevents0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://powerlift-frontdesk.acompli.net0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://tasks.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://officeci.azurewebsites.net/api/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://sr.outlook.office.net/ws/speech/recognize/assistant/work0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.scheduler.0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://my.microsoftpersonalcontent.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://store.office.cn/addinstemplate0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.aadrm.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://edge.skype.com/rps0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://outlook.office.com/autosuggest/api/v1/init?cvid=0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://globaldisco.crm.dynamics.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://messaging.engagement.office.com/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://dev0-api.acompli.net/autodetect0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://can01.safelinks.protection.outl=49a790ea-b732-4d5f-9f94-3f246fad2b7e.emlfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.odwebp.svc.ms0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.diagnosticssdf.office.com/v2/feedback0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.powerbi.com/v1.0/myorg/groups0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://web.microsoftstream.com/video/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.addins.store.officeppe.com/addinstemplate0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://graph.windows.net0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://dataservice.o365filtering.com/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://officesetup.getmicrosoftkey.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://analysis.windows.net/powerbi/api0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://prod-global-autodetect.acompli.net/autodetect0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://substrate.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/autodiscover/autodiscover.json0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://consent.config.office.com/consentcheckin/v1.0/consents0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://d.docs.live.net0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://safelinks.protection.outlook.com/api/GetPolicy0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://ncus.contentsync.0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://weather.service.msn.com/data.aspx0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://apis.live.net/v5.0/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://officepyservice.office.net/service.functionality0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://templatesmetadata.office.net/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://messaging.lifecycle.office.com/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://pushchannel.1drv.ms0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://management.azure.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://outlook.office365.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://wus2.contentsync.0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://incidents.diagnostics.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://clients.config.office.net/user/v1.0/ios0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://make.powerautomate.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.addins.omex.office.net/api/addins/search0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://insertmedia.bing.office.net/odc/insertmedia0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://outlook.office365.com/api/v1.0/me/Activities0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.office.net0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://incidents.diagnosticssdf.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://asgsmsproxyapi.azurewebsites.net/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://clients.config.office.net/user/v1.0/android/policies0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://entitlement.diagnostics.office.com0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://substrate.office.com/search/api/v2/init0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://outlook.office.com/0A86DA2E-783E-486A-9402-60BB19DD1A02.0.drfalse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1458476
    Start date and time:2024-06-17 17:51:10 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 54s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:18
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml
    Detection:SUS
    Classification:sus21.winEML@20/71@0/0
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found application associated with file extension: .eml

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 52.109.89.119, 51.11.192.48, 2.19.105.74, 2.19.126.149, 2.19.126.143, 18.213.11.84, 34.237.241.83, 54.224.241.105, 50.16.47.176, 162.159.61.3, 172.64.41.3, 2.16.202.123, 95.101.54.195, 88.221.168.141, 2.19.126.163, 2.19.126.154, 93.184.221.240, 2.19.126.139, 2.16.164.121, 2.16.164.91, 2.16.164.115, 2.16.164.114, 2.16.164.59, 2.16.164.11
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, e4578.dscb.akamaiedge.net, a767.dspw65.akamai.net, acroipm2.adobe.com, wu.azureedge.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, a1952.dscq.akamai.net, osiprod-weu-bronze-azsc-000.westeurope.cloudapp.azure.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, apps.identrust.com, wu-b-net.trafficmanager.net, ecs.office.com, fs.microsoft.com, identrust.edgesuite.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, weu-azsc-000.odc.officeapps.live.com, p13n.adobe.io, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.co
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing behavior information.
    • Report size getting too big, too many NtQueryAttributesFile calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Report size getting too big, too many NtSetValueKey calls found.
    • VT rate limit hit for: 49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml

    Simulations

    Behavior and APIs

    TimeTypeDescription
    11:52:10API Interceptor2x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    InputOutput
    URL: e-Mail Model: gpt-4o
    ```json
{
  "riskscore": 9,
  "brand_impersonated": "Unknown",
  "reasons": "The email contains a warning message indicating it is from an untrusted sender, which is a common characteristic of phishing emails. The header suggests that the recipient has not previously corresponded with this sender, raising suspicion. The presence of a 'Report Suspicious' button further indicates that the email might be flagged as potentially harmful. These elements collectively suggest a high risk of phishing."
}

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    windowsupdatebg.s.llnwi.nethttp://visit.keznews.comGet hashmaliciousUnknownBrowse
    • 178.79.238.0
    https://it-help-desk-cat.weebly.com/Get hashmaliciousUnknownBrowse
    • 87.248.204.0
    https://dev-myjobportal.pantheonsite.io/includes/b675c8fb75f0e448546583fe6c2760a4/Get hashmaliciousUnknownBrowse
    • 87.248.204.0
    https://dev-myjobportal.pantheonsite.io/includes/5f51daa1093fa05235ee988a8cb154c5/Get hashmaliciousUnknownBrowse
    • 178.79.238.0
    https://safeconnect.tistory.com/Get hashmaliciousUnknownBrowse
    • 87.248.204.0
    http://pub-65273bf3152747d28b528bcd3782747d.r2.dev/wetransdnyd.htmlGet hashmaliciousUnknownBrowse
    • 178.79.242.0
    https://domian-turnstile-52498.pages.dev/help/options.phpGet hashmaliciousUnknownBrowse
    • 178.79.208.1
    https://metamaskxlogiun.webflow.io/Get hashmaliciousUnknownBrowse
    • 87.248.204.0
    https://domian-turnstile-52498.pages.dev/help/contact/599558141205100Get hashmaliciousUnknownBrowse
    • 87.248.205.0
    http://telegramtw1.org/Get hashmaliciousUnknownBrowse
    • 87.248.202.1

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.225474514053276
    Encrypted:false
    SSDEEP:6:dyJBzOq2PoSc2nKuAl9OmbnIFUt8syJSnZmw+syJS1kwOoSc2nKuAl9OmbjLJ:wJB6vgSfHAahFUt85JI/+5JQ5LSfHAae
    MD5:5BD51123D2D7344305050D95C9746A2F
    SHA1:7D1A9BBC709ABF0F92CAB4A924735CAD9A79B335
    SHA-256:24EF8A2FAE052F44E2AF5C6F10590F29D2D505078D5053278DEA56893ADE6992
    SHA-512:7848E711FF3A4D5DDA3B85389AFE16FDDB68E74922FB155AD4C0433656D0F37EB9813673158D8E18B0BA0B20B44AA3B090C1C4DA316C8BD3619209F09D33EF00
    Malicious:false
    Reputation:low
    Preview:2024/06/17-11:51:57.914 1940 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/17-11:51:57.917 1940 Recovering log #3.2024/06/17-11:51:57.917 1940 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.225474514053276
    Encrypted:false
    SSDEEP:6:dyJBzOq2PoSc2nKuAl9OmbnIFUt8syJSnZmw+syJS1kwOoSc2nKuAl9OmbjLJ:wJB6vgSfHAahFUt85JI/+5JQ5LSfHAae
    MD5:5BD51123D2D7344305050D95C9746A2F
    SHA1:7D1A9BBC709ABF0F92CAB4A924735CAD9A79B335
    SHA-256:24EF8A2FAE052F44E2AF5C6F10590F29D2D505078D5053278DEA56893ADE6992
    SHA-512:7848E711FF3A4D5DDA3B85389AFE16FDDB68E74922FB155AD4C0433656D0F37EB9813673158D8E18B0BA0B20B44AA3B090C1C4DA316C8BD3619209F09D33EF00
    Malicious:false
    Reputation:low
    Preview:2024/06/17-11:51:57.914 1940 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/17-11:51:57.917 1940 Recovering log #3.2024/06/17-11:51:57.917 1940 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.236046804745825
    Encrypted:false
    SSDEEP:6:dyKxq2PoSc2nKuAl9Ombzo2jMGIFUt8sydgXZmw+sydgFkwOoSc2nKuAl9Ombzos:wsvgSfHAa8uFUt85ds/+5dM5LSfHAa8z
    MD5:745E8A28B1295F8A6A2081BB1DC6D70B
    SHA1:74C27E0A62C254BAB36BA3B23B47CE113221F194
    SHA-256:66EB3666B9E6371A1762216A7BCBEB09B989CB256AE29FADDD94893FC546BBA0
    SHA-512:3F57D957EFB85B11192A0B5B1C6AE3E7D34849E96C1283EA7A74E4CAE9CA58A2469D510E39D8D01EABE90D1106A2CF91310B0FB7CDFE9A706AC8F4C9B6C7565F
    Malicious:false
    Reputation:low
    Preview:2024/06/17-11:51:57.809 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/17-11:51:57.813 1a94 Recovering log #3.2024/06/17-11:51:57.813 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.236046804745825
    Encrypted:false
    SSDEEP:6:dyKxq2PoSc2nKuAl9Ombzo2jMGIFUt8sydgXZmw+sydgFkwOoSc2nKuAl9Ombzos:wsvgSfHAa8uFUt85ds/+5dM5LSfHAa8z
    MD5:745E8A28B1295F8A6A2081BB1DC6D70B
    SHA1:74C27E0A62C254BAB36BA3B23B47CE113221F194
    SHA-256:66EB3666B9E6371A1762216A7BCBEB09B989CB256AE29FADDD94893FC546BBA0
    SHA-512:3F57D957EFB85B11192A0B5B1C6AE3E7D34849E96C1283EA7A74E4CAE9CA58A2469D510E39D8D01EABE90D1106A2CF91310B0FB7CDFE9A706AC8F4C9B6C7565F
    Malicious:false
    Reputation:low
    Preview:2024/06/17-11:51:57.809 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/17-11:51:57.813 1a94 Recovering log #3.2024/06/17-11:51:57.813 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8a0e1d4c-21a4-42f1-a87f-350dded3535b.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):476
    Entropy (8bit):4.965779662503592
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqdEWsBdOg2HpyNcaq3QYiubxP7E4T3y:Y2sRdsXdMHpy83QYhb17nby
    MD5:46D218BE165D6B3BAD8EC6058F0E60C1
    SHA1:DA22E88BC1EABAA0E48C63C54DE1D5A4327840C3
    SHA-256:BD87D80568CBAC230464825CC22C945F5AC5E78A1BCDCF4B1DD5D643B011F275
    SHA-512:262BE2568E68E18A29685E3B6501FE8C725757C9246FF06303B72B39BD376239A5A25B24137DB50C77657CE206972E36A5DFB7A37590396A1F5F21CB0110401F
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13363199523580502","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":234142},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.18","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):476
    Entropy (8bit):4.965779662503592
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqdEWsBdOg2HpyNcaq3QYiubxP7E4T3y:Y2sRdsXdMHpy83QYhb17nby
    MD5:46D218BE165D6B3BAD8EC6058F0E60C1
    SHA1:DA22E88BC1EABAA0E48C63C54DE1D5A4327840C3
    SHA-256:BD87D80568CBAC230464825CC22C945F5AC5E78A1BCDCF4B1DD5D643B011F275
    SHA-512:262BE2568E68E18A29685E3B6501FE8C725757C9246FF06303B72B39BD376239A5A25B24137DB50C77657CE206972E36A5DFB7A37590396A1F5F21CB0110401F
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13363199523580502","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":234142},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.18","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):7504
    Entropy (8bit):5.244330646330724
    Encrypted:false
    SSDEEP:192:7T5zVPGMEdvJ85E7hMgFZ6t9zEubg3RVEoMC22bCmtEW0phgRIitkNyWNEx3yOZ:dKaqZzZ
    MD5:55AAFED4B6C3FBEB98D416440E9C141F
    SHA1:01BCDD4ACB9683A587EBF5760553D9ACB6000AF0
    SHA-256:15669212E0F6AA5F43D15BCB86B3C51DF892BC5970024EAA9DD44025B1295F14
    SHA-512:48718AAF45BFE7C65206EB35DA6EB64B2500CC9DB670D8807C49E33D175CAAB4293795D3CD80CF2DB5266B26F9F0E1D92CE90090DB315C1AA171A49896A0DFDF
    Malicious:false
    Reputation:low
    Preview:*...#................version.1..namespace-...o................next-map-id.1.Pnamespace-5767294d_7b9a_47c6_b1e0_955ef27d1acf-https://rna-resource.acrobat.com/.0=..Nr................next-map-id.2.Snamespace-0be79751_1d4a_40c3_9b57_40751dcd8802-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-90f7539d_81d9_41c2_b2e3_1ee7ed96c7c7-https://rna-v2-resource.acrobat.com/.2S.<.o................next-map-id.4.Pnamespace-1700ec5e_d769_43b7_97b8_3e6ca674d396-https://rna-resource.acrobat.com/.3...^...............Pnamespace-5767294d_7b9a_47c6_b1e0_955ef27d1acf-https://rna-resource.acrobat.com/D..#^...............Pnamespace-1700ec5e_d769_43b7_97b8_3e6ca674d396-https://rna-resource.acrobat.com/....a...............Snamespace-0be79751_1d4a_40c3_9b57_40751dcd8802-https://rna-v2-resource.acrobat.com/B[_.a...............Snamespace-90f7539d_81d9_41c2_b2e3_1ee7ed96c7c7-https://rna-v2-resource.acrobat.com/.^..r................next-map-id.5.Snamespace-cc1e5959_9927_4cd0_b606_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.226970086064988
    Encrypted:false
    SSDEEP:6:dyHUCq2PoSc2nKuAl9OmbzNMxIFUt8syNmjZZmw+syNWAkwOoSc2nKuAl9OmbzNq:wHUCvgSfHAa8jFUt85NmjZ/+5NR5LSfv
    MD5:1E88A54260BC9965374A75E2CE5ED881
    SHA1:8D7FD662D1BEBBD6D3A0237B93FC38DA29CD143F
    SHA-256:4AB5D0754E38821C26C1FFF8EEE5C0EC9886FFFB76E7212230248B307FCEF38A
    SHA-512:C1899C6F3A16392BE4ED9354C845B7CB6D6FE62CE5F8F5F2BA704DE2B6C2735374A5CEBE4C8AD75FFDEBB2FB4690C466633769B881C40DD51BDB6BE8D9852166
    Malicious:false
    Reputation:low
    Preview:2024/06/17-11:51:57.949 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/17-11:51:57.950 1a94 Recovering log #3.2024/06/17-11:51:57.953 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.226970086064988
    Encrypted:false
    SSDEEP:6:dyHUCq2PoSc2nKuAl9OmbzNMxIFUt8syNmjZZmw+syNWAkwOoSc2nKuAl9OmbzNq:wHUCvgSfHAa8jFUt85NmjZ/+5NR5LSfv
    MD5:1E88A54260BC9965374A75E2CE5ED881
    SHA1:8D7FD662D1BEBBD6D3A0237B93FC38DA29CD143F
    SHA-256:4AB5D0754E38821C26C1FFF8EEE5C0EC9886FFFB76E7212230248B307FCEF38A
    SHA-512:C1899C6F3A16392BE4ED9354C845B7CB6D6FE62CE5F8F5F2BA704DE2B6C2735374A5CEBE4C8AD75FFDEBB2FB4690C466633769B881C40DD51BDB6BE8D9852166
    Malicious:false
    Reputation:low
    Preview:2024/06/17-11:51:57.949 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/17-11:51:57.950 1a94 Recovering log #3.2024/06/17-11:51:57.953 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):16
    Entropy (8bit):3.2743974703476995
    Encrypted:false
    SSDEEP:3:1sjgWIV//Uv:1qIFUv
    MD5:46295CAC801E5D4857D09837238A6394
    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
    Malicious:false
    Preview:MANIFEST-000001.

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):107
    Entropy (8bit):4.499533765034893
    Encrypted:false
    SSDEEP:3:ekklltt1HcZUV/TgllfOAHWXlknl/11HcZUV/TEPGKTTW:gllttVnV8VUunVnVoeITW
    MD5:C719980A1EEC1C5A0EB1F004D83A17A6
    SHA1:F77A92E46D1816AEC09B83B54F4F31DA59E5B320
    SHA-256:F342B3E5953620F46D693B744DF77543F19885D1BB8DC32BA7F937CB3D8F171D
    SHA-512:51727556DB3CD37C0E7737C5A07E9F3B1DA374C514E481DDD2DB1039159296F16B0109F9C3F054100A02AED7539C7FFE24D73DA93CAC4279676FA98A6991E112
    Malicious:false
    Preview:..y^.................22_11|360x240|60..x....9.k.vn.yB.[../................22_11|360x240|60........9Fl.vn.yB

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):16
    Entropy (8bit):3.2743974703476995
    Encrypted:false
    SSDEEP:3:1sjgWIV//Uv:1qIFUv
    MD5:46295CAC801E5D4857D09837238A6394
    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
    Malicious:false
    Preview:MANIFEST-000001.

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):283
    Entropy (8bit):5.254340505423749
    Encrypted:false
    SSDEEP:6:d/SM1oSc2nKuAl9OmbzfXkrl2KLlbajyq2PoSc2nKuAl9OmbzfXkrK+IFUv:NSlSfHAa8/uLojyvgSfHAa8/F3FUv
    MD5:100B37BE7AEA082FDF023406C7AEAC98
    SHA1:F5411374B79235854DEC6BE31A5AA64FDDFB47CE
    SHA-256:20E997DA0937AC936073ECE8B29E37D432B7C1CA5458EFC04D24AB0F0140979C
    SHA-512:41E1D87C153A0049879501998F652C1C31EA18097B20E95A2250BA3FEC675C1865B17C296DB264A835F911EB3E5C50AFAC52EF2A5A5124E0BD999453604FC08C
    Malicious:false
    Preview:2024/06/17-11:53:39.651 1534 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db since it was missing..2024/06/17-11:53:39.665 1534 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db/MANIFEST-000001.

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:OpenPGP Secret Key
    Category:dropped
    Size (bytes):41
    Entropy (8bit):4.704993772857998
    Encrypted:false
    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
    Malicious:false
    Preview:.|.."....leveldb.BytewiseComparator......

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):16
    Entropy (8bit):3.2743974703476995
    Encrypted:false
    SSDEEP:3:1sjgWIV//Uv:1qIFUv
    MD5:46295CAC801E5D4857D09837238A6394
    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
    Malicious:false
    Preview:MANIFEST-000001.

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):126
    Entropy (8bit):3.6123534208443075
    Encrypted:false
    SSDEEP:3:G0XttkJcsRwI9tkJcsSaJkG3mH2lztzlkzXlfmH2lG:G0XtqcsqczaJf3mH2lztzl4mH2lG
    MD5:A05963DD9E2C7C3F13C18A9245AD5934
    SHA1:15A87493591860C6C22499DF3A705ACB3CB466BD
    SHA-256:F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
    SHA-512:E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2
    Malicious:false
    Preview:.h.6.................__global... .t...................__global... ..7..................22_......u...................22_.....

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):16
    Entropy (8bit):3.2743974703476995
    Encrypted:false
    SSDEEP:3:1sjgWIV//Uv:1qIFUv
    MD5:46295CAC801E5D4857D09837238A6394
    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
    Malicious:false
    Preview:MANIFEST-000001.

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):301
    Entropy (8bit):5.224840177113146
    Encrypted:false
    SSDEEP:6:dvM1oSc2nKuAl9OmbzfXkrzs52KLlbuyq2PoSc2nKuAl9OmbzfXkrzAdIFUv:NlSfHAa8/N9LYyvgSfHAa8/iFUv
    MD5:DCE4275326AC575657921031D7C03D08
    SHA1:BB769303BA38A26BC06BA723046322CFDEBEFEE4
    SHA-256:174F4C4C1E770D95DB1DD4026B9066E9E8167D90792C05C4BB2540E23198F035
    SHA-512:2E208098D3C7BC136E1D8B3FFD87F12D7EA0D9D82B48064B466E8F383935E7ED27C572D6499B74275C36A63D5201D082D7330FA63E275EC8E11C62CB35601337
    Malicious:false
    Preview:2024/06/17-11:53:39.630 1534 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata since it was missing..2024/06/17-11:53:39.647 1534 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata/MANIFEST-000001.

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:OpenPGP Secret Key
    Category:dropped
    Size (bytes):41
    Entropy (8bit):4.704993772857998
    Encrypted:false
    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
    Malicious:false
    Preview:.|.."....leveldb.BytewiseComparator......

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240617155201Z-169.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
    Category:dropped
    Size (bytes):65110
    Entropy (8bit):1.505231583602419
    Encrypted:false
    SSDEEP:96:oXXquNmzrT1B3TWwKoz+keJ07Y5mIrMsYo7LEMMMUEMZ/+eYoDOjWRWY/0dKMMM5:Qq91BjkBYIrMjqY/0C/7PCIaaJWf
    MD5:39742FB3CA88000F7C836753FEDE050F
    SHA1:2481BF6773FACD752744EAD2712B0A93282592AD
    SHA-256:47A08D326E97C526B729554C1BD5B89EFF59DA299DA057D206C7ACBDE6BA142F
    SHA-512:50D511BC6A21521D7E4C16A8988469787B08C640EBB5E73911E8A4EC7B67A7051D2DA3090E295581C46BC713835963AC202E4E2CFE724CC798381B7A17C046E2
    Malicious:false
    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
    Category:dropped
    Size (bytes):86016
    Entropy (8bit):4.444985781175468
    Encrypted:false
    SSDEEP:384:yeUci5tviBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:8ks3OazzU89UTTgUL
    MD5:02773EBF6F39C2839AECD6550F48D3DD
    SHA1:3C780AB18B6871A7F2FFCB0D5B8A4594285B658E
    SHA-256:58EC5C4C8298A18E8482B5B86BD72915A9FC59054FE4E02F10238A151E33C028
    SHA-512:334A8E49EBDB3D11FED61A01450CBF49DEC251FF71D50013EF0679CAD5C45FEE47F796FC28E45A6437BEBDF40D0D65B1B66120278FF869ACD368FEB6F4D585B6
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):3.772447744781087
    Encrypted:false
    SSDEEP:48:7Mup/E2ioyVqioyioWoy1CPoy1uKOioy1noy1AYoy1Wioy1hioybioyIoy1noy1M:75pjuqoQXKQtvb9IVXEBodRBk8
    MD5:846C14B4A6887F25130AE7F75AA2D37E
    SHA1:119569BC6A2063D231234E4CF6940079BB28FC93
    SHA-256:934F3718D981A8F78C97837CBB9A9306C33DB6D770A5A6EDEC3E8DE75A0A4948
    SHA-512:66AB16485BA30B22F0DBAD26704E69D3D050DCE213AEE93CA471170C585B12F86680391BA8890EE29388F1449848BEC765FC5CD165A10750573F64793BBBF75A
    Malicious:false
    Preview:.... .c.....-m.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):893
    Entropy (8bit):7.366016576663508
    Encrypted:false
    SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
    MD5:D4AE187B4574036C2D76B6DF8A8C1A30
    SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
    SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
    SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
    Malicious:false
    Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):328
    Entropy (8bit):3.1341929632267593
    Encrypted:false
    SSDEEP:6:kKOF9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:2sDnLNkPlE99SNxAhUe/3
    MD5:32782A20ABF715E4FB93787994D1F01E
    SHA1:1F56EE776DC1F3CEBC4D6C1AAD03A75CF4D1D9E0
    SHA-256:5EC107BC3D77D7E9B557E282A09E72AB7496E5852B584FC01585430AB0694C86
    SHA-512:31B7723B9E04BB8461E967BA8F65236CE8075ED7981FA97FC182D811A1DA14A8837E03B51FC29D7E705A885E3E929A778550076A8035893C156BD5653E5B185D
    Malicious:false
    Preview:p...... ...........b....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):252
    Entropy (8bit):3.0135904565956606
    Encrypted:false
    SSDEEP:3:kkFklkEl1fllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnka:kKxEzxliBAIdQZV7I7kc3
    MD5:9650422D9478C315A6257FBE0ABC993F
    SHA1:8E1E54D23EE5B2BD15FA013836E19264E8ECC553
    SHA-256:5818B575F19040AEB59DD55334CA3AF07BCEDFA7E36DD67A3EDDA1093D680D0C
    SHA-512:A0B317DEE9CF26D16A272E893EBBE764F24E2CB1709BAE8D682804C8A1ACC404CFF71830563891CBF442F8470CF83DE1496C18684493593358850F2D33C97D4F
    Malicious:false
    Preview:p...... ....`....mdP....(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.378333905346283
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJM3g98kUwPeUkwRe9:YvXKXqsBDhQIOQxGGMbLUkee9
    MD5:29A628F98257791D32324A96C4DBFEE2
    SHA1:0DE04FA28BA1EEB2C87A15709FE2FA281647009B
    SHA-256:F6F778097C676EAE7F11A8DD40F8981DA1E47DC822895609244B1509415FDDF8
    SHA-512:B72224B004F73C379FF26730F3531D99CB595A964126D0592FF2D025E466BF3620157FCDAE0164CE2F65FC7E00BDBD45E05811436CFA6B9F2E8E0890B9AAF763
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.326773862817023
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfBoTfXpnrPeUkwRe9:YvXKXqsBDhQIOQxGGWTfXcUkee9
    MD5:8A560AFDE574FCB8AF46580D24F3E07F
    SHA1:66D0FF739F86C904B35B127C74600AC398CC6586
    SHA-256:552E41340512BB72D084FF5BFA21D513CA73A9AB9BA42C2E8A78BD5CAD098213
    SHA-512:BD934EBE302AFBE675FFC04F8E780F2610042DC592CE83F2D6454FBE6905F9BAD65029B992512FBA080CAC2FCA9C7994666DC1A8029C84291B9670A4EC0A2C9A
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.306260431954425
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfBD2G6UpnrPeUkwRe9:YvXKXqsBDhQIOQxGGR22cUkee9
    MD5:D86BD5DB5E4055AC861D65DF752E1FD5
    SHA1:A5FAF907EB590DF12776761B812D26882A251190
    SHA-256:BDA03D579BD9234E44C1591A827137661BA2C36976AD49D8A7753BE798F44401
    SHA-512:01A9C8AA225F29A603A7CAC0443790568DE904B0920AA5B7C35560D18359EF984A82EF7E0F9E25E2B7FCF10E84018EBF47950B9C3896FDDD7B008490B025C6A8
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.3692488446336375
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfPmwrPeUkwRe9:YvXKXqsBDhQIOQxGGH56Ukee9
    MD5:59814D53FBCC3D6FA2AF6C48CDE69AB7
    SHA1:693D792B35B75E019120A3BF0F420DFA495C47DF
    SHA-256:63A097E0FC5C9F20D543BC9A61338DC77E433767E22AECF22C81AF4BE57F00E9
    SHA-512:BF128EF4BD8544CC48846A3300BAA8021AC6491404AA1A028A4703C89FFC9D68E516B0240884443D07E366FB0434D12F228976CC072609CEF9698C2B56866CAC
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.3312557950825035
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfJWCtMdPeUkwRe9:YvXKXqsBDhQIOQxGGBS8Ukee9
    MD5:F7F3EB8AF3040AEC05230385EFCCAF52
    SHA1:ADDD806ED4277B56F89343D88D90111B8A0C1022
    SHA-256:2F97B706E32B4D091B3A0C12B76CC86C62C7E6A09652BCB61E4F67781B66A060
    SHA-512:211A9EF7F301C5D0918E2C1FB266F9813A82C8D1CBD8F8F4E8DF18D520D94EE554337B3BFD38BA71A75AC60AC180066C7EF5110576FAC739DAD7A199C7A45661
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.318237267258436
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJf8dPeUkwRe9:YvXKXqsBDhQIOQxGGU8Ukee9
    MD5:6FD7E9D80933FB64318A442FF95617AB
    SHA1:9A82753EC11EB50E9DD88BE28AE43DD1FD0E3C2B
    SHA-256:72EC0758C23182735F395376621C81A79659A9BD88074D851407FBBC800FAC9F
    SHA-512:76381AAB361756B49674280649A1594568E1C002A1DB596B1C68B8A30AD931BABB5EDD92B51974935E815DA75E4046F12C1B834A86477B586334C6C9B2DD6864
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.32006352598445
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfQ1rPeUkwRe9:YvXKXqsBDhQIOQxGGY16Ukee9
    MD5:15065A83F9129D59A63EF841070E6868
    SHA1:695D660FB5BC4744D993464B9AA1090D840F1749
    SHA-256:4582E92DC90891BAA040AD15FF05147C7010D6670399F88B92ECE1190119D102
    SHA-512:F83DA4ECCA64BD844E88111498E0BA4941CAC7A5E07AE209BC2E6A4CD2CA5CC827C05AA0EF6E7B4C7C253FDE3A89AF278EDF80869782C7BCA75D76344AF3672D
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.324708329083552
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfFldPeUkwRe9:YvXKXqsBDhQIOQxGGz8Ukee9
    MD5:13C99F57004C6ED70185AFA62C2B66E6
    SHA1:0EBF169F085BEDDC582A54236D87ED89EEBAD85A
    SHA-256:20D76A1ED8F1E66BBBA6472599A7D635519703EDBCEC3E149AEA6030AE2E01A0
    SHA-512:3EE049F24F01DD1C81077E7037FFB17E140F5CACBE5DFFBA32920E416223514EF3AD0D82A8499FFAD946D0AD8EEE74E103B65884537B074738EB4EEA494C45F0
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1372
    Entropy (8bit):5.745740203345896
    Encrypted:false
    SSDEEP:24:Yv6XqWJVxSKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNq1:YvVWjxSEgigrNt0wSJn+ns8cvFJU1
    MD5:C0FDBD0E2F77938CBCDAE3A937F4E71A
    SHA1:C7CDA036CB936EE2B88105F0E17CB9D3804E3C47
    SHA-256:05D1B224E3E94FC0DB18D30C04123DBA247B3757596A19CA6E11E8C6D4FC4833
    SHA-512:E89C93CA3E80EA606EDD23164EE29A41E14C2DB763997F26BBF62141F24F99CC63519A67857A8CE024DA378C11940BCD3665CE54B000E1AEC5318BF8C880D6A0
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.324653548641441
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfYdPeUkwRe9:YvXKXqsBDhQIOQxGGg8Ukee9
    MD5:C57791AB3E864AFCB920E8B00FCAA482
    SHA1:DB6FF583488E613C0039B339A5F7E9EC766945BA
    SHA-256:ECB95EDB4D656F84A27C57C7BB20B8FD78DB826E21509E9C0EE3FB9B49C92D00
    SHA-512:9DE5BEBE8C2F0C4AC3E1904AD0DF87B0AE9EB53DCF44BD40DC5E79214A9C392457E6E5258EB628E6A7F932CBFE951E55351838AEC5ED69EA6C86F0FC3BDF2AA3
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.786602594641358
    Encrypted:false
    SSDEEP:24:Yv6XqWJVxRrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNy1:YvVWjxRHgDv3W2aYQfgB5OUupHrQ9FJq
    MD5:1A6CCFB1E7967DC58F3B021D8ED6026E
    SHA1:A390AB543FBBB2A4BE43713BE9C2D87FB06B4E63
    SHA-256:2F6035A61519BF7A042174C6EBDC278F88A620994FD8B4920566072982653AFA
    SHA-512:04968D869905D00CABBB0293418CBCF1B8B2B1AC01910832FC727DF2EF5BB3DF0E4CBECB6BD09CF1D30AC5908BE6CF89C331AFCEF1BA0041393C0D2380CAFEB3
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.308031206118455
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfbPtdPeUkwRe9:YvXKXqsBDhQIOQxGGDV8Ukee9
    MD5:FC1F98553416BE55F55E65C082F2FDC3
    SHA1:4DC53EB51B85DF353691F235B8DFD74828283C72
    SHA-256:6A4CEF1A4E816DAC14E813420D31CF37D8794A7437A6759F49A59DB37EDFB684
    SHA-512:BCAC4F10E8917E700F6414CB7A74CCAD2D90D63DEF6F1EB2614CB3358C3A4E19905282087F73C825DB5A974A1B13FAFFAD4237299F2985235FF1CDC176F63ECC
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.31110401827121
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJf21rPeUkwRe9:YvXKXqsBDhQIOQxGG+16Ukee9
    MD5:9E4256FE302C3B3C4B03EFC413590E81
    SHA1:DA3289AB586EA16DE16A17A020A77362BC2BE768
    SHA-256:D72180865905639D140CEDF7460D1621B8ACE63233D74F3E227DA734B8CA96C5
    SHA-512:1AD969EA636DB2DEF1419FF6458A91BC9036CE714B6E2D368BED955C60E15236CD806E2173C456FDC91631F195A15773FA04B2C892D794ED55DB1B5A28424EEB
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.331488677399588
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfbpatdPeUkwRe9:YvXKXqsBDhQIOQxGGVat8Ukee9
    MD5:A535EDD8D3A6570584D3899F603F07A7
    SHA1:7DD973BB24B5F0E072A44C99CFF0D6BD71AA8AC6
    SHA-256:19B7E49B8D11FDBBC6A7984B9AE25E074915EC1651A2F0D7CE15F39FDC32956A
    SHA-512:FE951DD0E6E9FE66D4E39308688700CEB1656346B0832C4F9B8F5E35FA9072A21354DCA8F058B69510BAB232084910D1B1A6C913A2AF4CBEA427F4E610149F9E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.288493188724984
    Encrypted:false
    SSDEEP:6:YEQXJ2HXqsrFriWphgnIOQF0YRPxLDoAvJfshHHrPeUkwRe9:YvXKXqsBDhQIOQxGGUUUkee9
    MD5:F6A1C64519B75F0F0BF869F855448DC1
    SHA1:684D7A56BB81B0D03DEBBBD6A230A7F31976CCE6
    SHA-256:876D3F5ACED7FAE7E0F7E6DD14344A5BE88359CB048638A1913D1BD481D8BA3F
    SHA-512:A5667A3740D90C07CF9088FEC4FC042580EB2B2F007DF4DA10AAA5ADE4E1F7A133DE2B16A8BFF84365E0302E4B438CC8E5091EF40B43514810842751E61532F3
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.394697210990893
    Encrypted:false
    SSDEEP:12:YvXKXqsBDhQIOQxGGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW21:Yv6XqWJVxg168CgEXX5kcIfANhP1
    MD5:DDF708AF97A0C49D419D7D5AED1959EE
    SHA1:95280B6ADA800B56E66927DCB73174CFF686EC79
    SHA-256:4A7956EAC8E57007A5DEF3C0857E3CA1E9CDCE38D7B26BC15F173508B6D1D2C6
    SHA-512:F7C98B0D40C4206EB27E5426CD92D0BD1E6CCD596B9964B5FB8D3B3D1E0D901BBC01B6DED37418365C1D66BD553B02C5E8B97A3B6584C2DC832AA92E013CBFF3
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"be474822-4bbb-47f2-9d54-12ff253b0e80","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1718813644201,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1718639524234}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2814
    Entropy (8bit):5.134275801451724
    Encrypted:false
    SSDEEP:24:YIdrCmbC2+D4cV0VX5xQaRiray7ST+EOG4S0jKXj0Ss38M263j2LS2a9EMn5CA1v:YI4AUUys/qtG4LKT0ZBjoa9EMnl1m96
    MD5:84A58AB64CF204301B23CA2F4D9619A8
    SHA1:C7C11F200776CB590171AA85C70453D78DF71BA6
    SHA-256:CAD4168C3FC01F328278F54904CFDB1CF838297C6A4CEC33862CF478AE9C8D35
    SHA-512:E1A3BD17F28E17A2513EEAA98E61E0AB69F310FD4313832B9F633D2EB794ED2AB3F22B7BD73CC21DC9A6819C22C9CE66E6E35DC89E5481FB83E68EA02016A6F0
    Malicious:false
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"1659c63fe19e14d8042a24c2376ab856","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1718639523000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c11b85e8f586a1d4668bc28edb384607","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1718639523000},{"id":"Edit_InApp_Aug2020","info":{"dg":"21cc0e2ef0d54f80d0a5bf64930d2b48","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1718639523000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"8be52faaa17072ece446a9d890a9d7fd","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1718639523000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"1128f7782cae0214930abd21ea2a4f5d","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1718639523000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"36eaec739c0a6d1245f028aaf2e2abc3","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1718639523000},

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 28, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 28
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):1.4574494038703771
    Encrypted:false
    SSDEEP:96:/VmsnyVaydoAoDoTJoTKkovkoBkoro/oLog8Xgt4K:okykydH
    MD5:5981D02A32C7FA8DCFF7D1C233E07E65
    SHA1:4FADF1A16A7B869C8C7F039157CCC967D10EB2FC
    SHA-256:575E247F813017208AF18B2DC7E6A537AE3C11B48F00DF14F518743F57202112
    SHA-512:EA572819EF2B363D1C2066EFB9284C5DCAE689501BFD906D3680AED77E6589FC4C6D0BBE56B073719A0C4BEE0C9B13B395A9EE00D85319DB67E8A562FB7B5C1B
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.9608108433435634
    Encrypted:false
    SSDEEP:96:7+yVaydoAoDoTJoTKkovkoBkoro/oLoglXgt4MaVmsV:7+ykydcnA
    MD5:F3DD223A4EFF42149FB3C6ECDCF7E07B
    SHA1:8B2540344EC900BDF5D675D5338CD2A258D83927
    SHA-256:C66019FE7402EDC3EA0A50C92CE7830D40169111D55FDF59351F35FDE3390DC8
    SHA-512:E09DD406D90F8168B81955FF11AD04C8187A19CC892290A299615914C1C9932921108823175FE2397EE95ED58F7B5C16DD15FF8AEBBE1679BF86962EE74142B2
    Malicious:false
    Preview:.... .c......w............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):231348
    Entropy (8bit):4.377729522114159
    Encrypted:false
    SSDEEP:1536:EiYL8ogsF11oZ5mZ9gsMhNcAz79ysQqt2jZswqoQUGrcm0FvH4+yZbpqYRwzzH2R:8Lg/LOgfmiGu25qoQtrt0FvqnjcebFsi
    MD5:1438C0ED8E66AF9E3E573C03E1BC3CFE
    SHA1:C79DEF5CBD401E138C9F791DCC61C759B5388FFB
    SHA-256:172C0E6E0992400C84F7684BA938E326039AF8ECDCC883DC5DFC2A41CD361059
    SHA-512:3F15BAF3FB543838CB1F8D5CEAA0E43C1DD9CE13BF53901360F0693CF273E72459DFC5565D030EE8B6BE6D72E83EDFBD15EDA491F7B9F23BE7CFBB8EC818EDE4
    Malicious:false
    Preview:TH02...... .@<.5........SM01X...,...`.t5............IPM.Activity...........h...............h............H..hL.{........&...h........p8..H..h\nor ...ppDa...h....0.....{....h...M...........h........_`.k...h?..M@...I..w...h....H...8..k...0....T...............d.........2h...............kd.i.....p.p...!h.............. h..........{...#h....8.........$hp8......8....."h........(.....'h..............1h...M<.........0h....4....k../h....h......kH..h....p...L.{...-h ........{...+h{..M....@.{................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0A86DA2E-783E-486A-9402-60BB19DD1A02

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):173591
    Entropy (8bit):5.290711591360556
    Encrypted:false
    SSDEEP:1536:8i2JfRAqcbH41gwEOLe7HWaM/o//MRcAZl1p5ihs7EXX6EAD2Opa6:Vce7HWaM/o/7X3kb
    MD5:B6771973DB52616D272E03C57689315D
    SHA1:EF079D7EB28FCA601676F5C285C14F527403D14D
    SHA-256:52D12775FA722CDD769E14C340A1F1595AF1AE57B4616CCE6D93D8AB598865B4
    SHA-512:3C86611C74356FF78293EC87B20F89F617BD8DDFCCAE7095498D65D68D9D469D6C2AEB463F401C323ADB1D1DB609056452CA7E694218FCFA51F8FF121F810B88
    Malicious:false
    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-06-17T15:51:50">.. Build: 16.0.17805.40134-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):0.04616353740967531
    Encrypted:false
    SSDEEP:3:GtlxtjlEMPboqN/ilxtjlEMPboqN/Hll1R9//8l1lvlll1lllwlvlllglbelDblx:GtkMPXKkMPX/X9X01PH4l942wU
    MD5:136DF4E36F153A0A2BA136E8679759AA
    SHA1:F43FB1895C97AD5F180200ECCFB9296FBCB0C5E9
    SHA-256:1A4E67508045CC2769C26277765E1F2FB5E6AC44377F659ECD7811631C16D94B
    SHA-512:8A28275A78E33AA2EBE88706A0B655740B4C179541986EE5CA41BFD22F732BD4D8544A4B8BB1EC53622CB1B07EE5F3903DA828504E2D9F9BA93BE6B2BC87BA9F
    Malicious:false
    Preview:..-........................a&.r.6..">.t.{..X.....-........................a&.r.6..">.t.{..X...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:SQLite Write-Ahead Log, version 3007000
    Category:dropped
    Size (bytes):49472
    Entropy (8bit):0.48371000420131083
    Encrypted:false
    SSDEEP:24:K/p9glQ3zRDcOXUll7DBtDi4kZERDSzqt8VtbDBtDi4kZERDnAen8Bqt8VtbDBtJ:E4Q1FUll7DYMGzO8VFDYM03BO8VFDYML
    MD5:0E70F1BBADB18786633D2C1AFBA9F302
    SHA1:767AE18197C159AA9460A47FEBA695E36E0FA074
    SHA-256:4C1FAA6B75DAF416B90AD6C2661FDD3E23289C665ABEC59776DE87D8C038F4B6
    SHA-512:F13B6CC73FBCC3FADC5EEFD8C32A351000413394433BF3D3F98EE6AF4758F443884D222660DD43CF4EDABCE9E9D94E836C226BD2D6E2A569BB1907987D19725C
    Malicious:false
    Preview:7....-..........6..">.t....Ie1+,........6..">.t.....g..SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986 (002).pdf

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:PDF document, version 1.5, 1 pages
    Category:dropped
    Size (bytes):143912
    Entropy (8bit):7.97517357286046
    Encrypted:false
    SSDEEP:3072:KHqcP0VHS0oAdrYdJaVWHrkCw3+MZ+U6vLWZvXhaViO4r:Qt0VHSFAdrqCOriD+fLCpdO4r
    MD5:08A22B2C46B4FCCDE573EFA8C5E1ED53
    SHA1:A50CB29824CCEF83EB7E743C26AB34F0EDFB6232
    SHA-256:2CA487EA8A63B2475E55C5C2583E171845E5568D68F93B373C525A924F1D01DD
    SHA-512:E4B5CCC6460736FFE0C17C1324CD1D33B7BE07072FD2F7CBC1DCFEBE091075A6909D324EAA13146AAB7B369756A363F0FD01838931E515D7535F31F937CAF7BD
    Malicious:false
    Preview:%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(fr-FR) /StructTreeRoot 24 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 17 0 R/F5 19 0 R/F6 21 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image16 16 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 842.04] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 4115>>..stream..x...ks.6.{f...Q.Y.. .z:..#I}M..v....F..SGt.H..u?...~...HJ...@.<...@.....b...F...?a.~.;.L..M1`......z...E.,.....r..~.`.wE>(F.........".#..:.,bq..R0.D.)6*v^.....8..y.{.Y.f....y..#.Y.T.+.d*L5....^_..z._f......;/~..7v..../.?.x2...|{.z.1...I..=.We9y..9...qs..P.i......:.8H;...].)..;..U.Y......*.......;..0.#..c..N..d..:..la....a.v.tu. ......[..4.Jx.s.....#`.3......q..#/.........%TY......<.D.@.....+ ~b

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986 (002).pdf:Zone.Identifier

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with CRLF line terminators
    Category:modified
    Size (bytes):26
    Entropy (8bit):3.95006375643621
    Encrypted:false
    SSDEEP:3:gAWY3n:qY3n
    MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
    SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
    SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
    SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
    Malicious:false
    Preview:[ZoneTransfer]..ZoneId=3..

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986.pdf

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:PDF document, version 1.5, 1 pages
    Category:dropped
    Size (bytes):143912
    Entropy (8bit):7.97517357286046
    Encrypted:false
    SSDEEP:3072:KHqcP0VHS0oAdrYdJaVWHrkCw3+MZ+U6vLWZvXhaViO4r:Qt0VHSFAdrqCOriD+fLCpdO4r
    MD5:08A22B2C46B4FCCDE573EFA8C5E1ED53
    SHA1:A50CB29824CCEF83EB7E743C26AB34F0EDFB6232
    SHA-256:2CA487EA8A63B2475E55C5C2583E171845E5568D68F93B373C525A924F1D01DD
    SHA-512:E4B5CCC6460736FFE0C17C1324CD1D33B7BE07072FD2F7CBC1DCFEBE091075A6909D324EAA13146AAB7B369756A363F0FD01838931E515D7535F31F937CAF7BD
    Malicious:false
    Preview:%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(fr-FR) /StructTreeRoot 24 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 17 0 R/F5 19 0 R/F6 21 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image16 16 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 842.04] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 4115>>..stream..x...ks.6.{f...Q.Y.. .z:..#I}M..v....F..SGt.H..u?...~...HJ...@.<...@.....b...F...?a.~.;.L..M1`......z...E.,.....r..~.`.wE>(F.........".#..:.,bq..R0.D.)6*v^.....8..y.{.Y.f....y..#.Y.T.+.d*L5....^_..z._f......;/~..7v..../.?.x2...|{.z.1...I..=.We9y..9...qs..P.i......:.8H;...].)..;..U.Y......*.......;..0.#..c..N..d..:..la....a.v.tu. ......[..4.Jx.s.....#`.3......q..#/.........%TY......<.D.@.....+ ~b

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986.pdf:Zone.Identifier

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):26
    Entropy (8bit):3.95006375643621
    Encrypted:false
    SSDEEP:3:gAWY3n:qY3n
    MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
    SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
    SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
    SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
    Malicious:false
    Preview:[ZoneTransfer]..ZoneId=3..

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EF18C7F1-C1BC-4E24-BE04-887A6C43C825}.tmp

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):3436
    Entropy (8bit):3.0860411498091387
    Encrypted:false
    SSDEEP:24:vWjkqnZ7Gaw3VfrZH+KlsFj58X/ds2DFvzWKavLyhlsrk/hPwRRafC0dV2A3PoZ8:acaopXKF9ssGCLyTwHJ6PKfvmqqy
    MD5:33BCDB066A5BE88E4496BFC43A24CAC6
    SHA1:C3C1DF191EE7DD289897724A0490373188C1A245
    SHA-256:88366FF3850FB6310D4D2824FF8027B32A5A3CE2A84143F1BD262535BA6F8A85
    SHA-512:991572E6804E40D28FF8729981F22F71FC9D737BE5453EE511DDF9C1A8EBEDAA1F6E3289061A4AAA1E4107CF3A60E0DB9CC6FAD170B9A0D4E3750641C0854131
    Malicious:false
    Preview:....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................h...j...........................................................................................................................................................................................................................................................................................................................$..$.If....:V.......t.....6......4........4........a.........d....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4........a..

    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1718639507790434800_EA0783F2-C45D-4F9F-B778-8C0388BF34CF.log

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with very long lines (28767), with CRLF line terminators
    Category:dropped
    Size (bytes):20971520
    Entropy (8bit):0.1591090133641745
    Encrypted:false
    SSDEEP:1536:HHdF9EzpyTZCj6qgU/QJrsP8BrCQ0Q7jgRAq+ujABE4:xElycj6jpt7S
    MD5:A0DCCA318EBE27B7C89BCB5834C26DD7
    SHA1:2D25D23924433A212FEDED99BA3DCB8CD657C913
    SHA-256:6A25D482C5470052F32FEA9F196ABB73428382A36359BA227AD9759EF77C268E
    SHA-512:27C257B51034FD527D2E542F1A91B3DABC2D47F0C6945FA39FDEABFE4110118A0F8C61F241B95BCD0CE6E8FD462A8A4DE4035ECB2FA711A21730EA1E6AD30010
    Malicious:false
    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..06/17/2024 15:51:47.840.OUTLOOK (0x1980).0x1218.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-06-17T15:51:47.840Z","Contract":"Office.System.Activity","Activity.CV":"8oMH6l3En0+3eIwDiL80zw.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...06/17/2024 15:51:47.856.OUTLOOK (0x1980).0x1218.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-06-17T15:51:47.856Z","Contract":"Office.System.Activity","Activity.CV":"8oMH6l3En0+3eIwDiL80zw.4.10","Activity.Duration":11159,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1718639507791410500_EA0783F2-C45D-4F9F-B778-8C0388BF34CF.log

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):20971520
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:3::
    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
    Malicious:false
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSIf53f9.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5162684137903053
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dqMlf9:Qw946cPbiOxDlbYnuRKCJ
    MD5:A8FA8CA14F24F4AD99F176639C98A867
    SHA1:98CB15FEFFCC39C38761266D7A32691CE6A60B26
    SHA-256:7FC978E29A36806FCCD46C7917B862100FCB04E5B3D0A81B0127EC0F135DB84A
    SHA-512:809718CA1A2D6439160BC79321E46BF7F60C0BBE329D66E83283092444FBC319C0757024B5CF542FAD36D0025118C8EC09DCE39D47617D3F449D953E5B390F00
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.7./.0.6./.2.0.2.4. . .1.1.:.5.2.:.0.5. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240617T1151470522-6528.etl

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):106496
    Entropy (8bit):4.4794704922790185
    Encrypted:false
    SSDEEP:768:T/kbYS5eL6qi+l+41xa9vXeihE9m0uZQAXvFZa+Ah:q41xa9vXq9HMQAXvSZh
    MD5:F683D97B53D93BFF89BDEEBFD114C76B
    SHA1:F434198E797829094310BFF6095AB7D5B9FBCEEE
    SHA-256:F4A926E87FEB84DC8544F1037BF192A57208439EC5B47EFF0D1216E5F90CEFBA
    SHA-512:7BA1EA1E6990CBC0F526AD2F8FCC96441439E781F279021E398FFE946191C905B7D44CA30468929A0D3E0AFCFF81391970DF1B7909606629E7D80BF6F70058DD
    Malicious:false
    Preview:............................................................................b..............B....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@)L?.Y.............B............v.2._.O.U.T.L.O.O.K.:.1.9.8.0.:.a.8.d.a.a.0.c.2.f.1.6.a.4.4.2.d.b.e.3.2.b.c.2.5.7.d.a.c.5.b.2.5...C.:.\.U.s.e.r.s.\.n.o.r.d.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.6.1.7.T.1.1.5.1.4.7.0.5.2.2.-.6.5.2.8...e.t.l.............P.P............B....................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-17 11-51-59-930.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.352085917943317
    Encrypted:false
    SSDEEP:384:QvbUDndepwY2glOjhQlvt07jGviSggyrKMaAYqu1NGZnGWtDtxtAtoDtBt8tBtwz:x5xP6In+n+/ku
    MD5:E89CDF7025B70E5A72FFC801BADFB345
    SHA1:2C55C26FD5231BEBD6531BDB7962D12BE288A1BB
    SHA-256:2A90DFB97133E5C0219784D1C4A94C0DC45AE4787C40CFE6894A59D94C4FB88C
    SHA-512:22621DFF9C688C4B0BB3237350959B4357C65D1796834FC23E6636B4975BE942A969F7DB05E8FC10102DEBF93ED662BE28FC649B2456EB4B659EC84BF8E93621
    Malicious:false
    Preview:SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):15114
    Entropy (8bit):5.367983245030537
    Encrypted:false
    SSDEEP:384:BWQaDNDzDEDjTD8DdDPDsDlIvT7CLSszimxAnPwIP8fVpj7L+7XkLBcUHVEUbVwy:Jic
    MD5:92219C6EBE98E3703C0B51974E573362
    SHA1:CEBABB6C3AF45C6898BCA769E3E9860A0FF6D6BE
    SHA-256:EB1F54375C95EC3D7794FDCE8B7CDDF366CB40C3D0049E6896DD74830F77B342
    SHA-512:9EC70647D5F64E01183C9A68BCA9CF4713F24D199932886431AEC3310B22C5C471FF5BD61C69AF555BD3E5EE883136118FC3A07274D6AF0A8EBEB4311B903B85
    Malicious:false
    Preview:SessionID=70e08b73-9ac4-4b87-8d2b-638f7bd0098e.1718639519942 Timestamp=2024-06-17T11:51:59:942-0400 ThreadID=5832 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=70e08b73-9ac4-4b87-8d2b-638f7bd0098e.1718639519942 Timestamp=2024-06-17T11:51:59:944-0400 ThreadID=5832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=70e08b73-9ac4-4b87-8d2b-638f7bd0098e.1718639519942 Timestamp=2024-06-17T11:51:59:944-0400 ThreadID=5832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=70e08b73-9ac4-4b87-8d2b-638f7bd0098e.1718639519942 Timestamp=2024-06-17T11:51:59:945-0400 ThreadID=5832 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=70e08b73-9ac4-4b87-8d2b-638f7bd0098e.1718639519942 Timestamp=2024-06-17T11:51:59:945-0400 ThreadID=5832 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):35721
    Entropy (8bit):5.41144506318169
    Encrypted:false
    SSDEEP:192:4cbUI+EcbBcb2Ie4cbhcb4IZfcbtcbGIEScbCcbwIrFcb4cbgIr9cbl:v+ge2ZDEdrkre
    MD5:084D310F63039C2CC960900642211009
    SHA1:B699DEA0D2FF9602763A2B947222E7C28D1CD576
    SHA-256:9CDB040528245331EC5489B3842FCBF36BA24B7C86F03BF9519D106BC17A3538
    SHA-512:16C7A849864A0A262F1FC5486481E76280AA766860F51E6F7DE3EFBB171E3A69B7529ED07F4EA36939D9FF2B696E00EF39AE2B8C638ED0ACF31705D367194ED2
    Malicious:false
    Preview:06-10-2023 12:14:34:.---2---..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 12:14:34:.Closing File..06-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\0b54d45f-2165-4caf-9209-79242d7f9fd4.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
    MD5:774036904FF86EB19FCE18B796528E1E
    SHA1:2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
    SHA-256:D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
    SHA-512:9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
    Malicious:false
    Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

    C:\Users\user\AppData\Local\Temp\acrocef_low\8eebe4b3-bf4f-4e17-b1b4-d5a8d3730ac6.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    C:\Users\user\AppData\Local\Temp\acrocef_low\956de567-bc55-40ff-a489-4d8b70cd467c.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
    MD5:18E3D04537AF72FDBEB3760B2D10C80E
    SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
    SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
    SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\a6889c7f-ea78-49cc-a5ee-700dbc265a3f.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):543911
    Entropy (8bit):7.977303608379539
    Encrypted:false
    SSDEEP:12288:ONh3P6D+Tegs6121bbvHKTJJJJv+9UZd1ybxrr/IxkB1mabFhOXZ/fEa+Q:O3P/egf121bYJJJJm94dMNB1DofjR
    MD5:D0E92BEE373CC487536DA8FBC0B618F1
    SHA1:9CCC0FBE9A08217217C749819D90F4D7D6D62AB8
    SHA-256:827FCE98F251C467B0D5428A0CDB1FA2431DA910283C5F330E9DDCEA9502FC05
    SHA-512:7DE0717216FEA71F10621F229DEF4CC57C15CE42C8913CB0839C32EA0947ECF2CA1F55E3BB23BE938EF76433F1F1330C62D4FEE0E6FBAC02B2B743A4A5E3A9B5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    C:\Users\user\AppData\Local\Temp\acrocef_low\c2cdd934-6c71-4ea4-9180-71fbe43a95c5.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa
    MD5:22B260CB8C51C0D68C6550E4B061E25A
    SHA1:DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
    SHA-256:DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
    SHA-512:503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\olkF930.tmp

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):12840
    Entropy (8bit):7.733328071253101
    Encrypted:false
    SSDEEP:384:76hl/F3HjWXxeCidJJCCLtb+XdbbNdE7vRt3p:evZHjWBeCidJICLtUd3Ct
    MD5:F83E5D26FD48C7B27A57713B1BF02FDA
    SHA1:A1A48E6DED1D2EAB81716A868508E8D0CA1E4F8B
    SHA-256:9D07E8AEA689228922934EBE7B8A5A9D9C9DE08097632F0E3371E3357AA6AB05
    SHA-512:AB10B6BFD423AA1AA405F8B75167A9FB03FD1DD5BF683F5DDDF23D435CE6FF30F28BCBE9C77C6D5F24349AF3D66296CF07543277B5D8D76BC52FFBB258F33B98
    Malicious:false
    Preview:.f41Z.m..F'.....e.5......D#.n$.s....c....`l1....S.9.y.o>6..k..t..Y.V...*d.ZS..k.......Zn....u.&v..'{.=..i..'.S...lQ.L@.B.Q..(*..........P[....QO.B=.z.@=a.>.P...R.>H.. -.t...>.C}...AF....>.. 3.,..>G}..: +.l...C....9.......\..... .{..{^.{>.{~.{..{0.. .....0.......Bs.@s.......m$.6.j[.j[.j[.j[.j...$..K.m4..+.m).mi.m....P.P.rP.........o.....M..M..M..............................l..k..k..k..k..k..k..k..k..k..k..k..k..k.......J..J.......#4..t.3t..t.{hYWhY7hY...;.....'...h..^...>...e}.e..e..e..e....A...!P...a.......Q...8(..(.X(.8(.x.P%(..`.Y>V..a..H6.Ma.l...-`..z....v...wv..g..yv.]g....j.g...:l$/.K.R.,..k.*..o......o...<.O......k...E.s...{..~....9~._..=..?./......i.,..N...R..Pk......Fs.....h|ot7~4~2..#.1..c..`.2~6.......zc...<i.5/...?.G.3..-f.X....a..Y...k.5.i..[..e.*k.].nl7..`...;.h...m....e.%.Y.[.[.[.h..z.B.rB.rA.rC...^y.^y.^..^..^..^.P..P.BP..P/7.+.....*.vc.4,........EA...X.JV.JV.J....$..K(Y4..+(Y)(Yi(Y.(..P..P.rP..P..P..P.o.d..n..=.

    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):30
    Entropy (8bit):1.0370104374629148
    Encrypted:false
    SSDEEP:3:Hlnlj:
    MD5:2237FDC36A84C1AA95DE1A471806E87B
    SHA1:DC00C00C0771DD4C3CAB133C2DF58B99941AE842
    SHA-256:958F60DB132502011FA442182293826F0AF0FF539F7FA1F880FAE07B5D70552C
    SHA-512:F5FC4D03C629DB72AA522DF512784474DA93ED7340C7C888424E228912B7260A2754EF620D36B40361E24B6DFEF456F077CDA0B0DF132085AE02B4B4DAD46040
    Malicious:false
    Preview:..............................

    C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:Microsoft Outlook email folder (>=2003)
    Category:dropped
    Size (bytes):271360
    Entropy (8bit):6.730995579822503
    Encrypted:false
    SSDEEP:3072:eCp9OCtuVaD0kJ3E/jxlPCsxCQ+4Ce9RYeou257IoiJitfwegigM+/bvw2c:eC9XE9Asd+dImeq6Pigvv1
    MD5:B345BD35BF0CC43DF57EEFD509A369F4
    SHA1:CF20EBB9515C7EDD90E2CB7DE2AF64805ADF1E48
    SHA-256:FEDCC519DF29086D0E510EEB432D0A57E4E6AF1B86BFE67DB996361F8E78EE12
    SHA-512:F1584AFBB4518D07FF098E05174F6073B1D0F51A225C2D394AD5810E54C4B1EAFE3B4EC2E12AF84B2626A73BD136CDFB2F0803725662DCF00A85EB701E673119
    Malicious:false
    Preview:!BDNz.~^SM......\.......................f................@...........@...@...................................@...........................................................................$.......D.......P.......................z...............n.............................................................................................................................................................................................................................................................................................+........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):262144
    Entropy (8bit):6.8387904796630545
    Encrypted:false
    SSDEEP:3072:Fp/e4GhtQVwD0oJ3E/7xlrC/0xoQ+6CeoR3eou2S7EoiJrtyTbgigFvyHZL:PCvE1Qc3+vx/LjAsigFvy
    MD5:25A4D24BDFC8246AC53148CDE5D5B769
    SHA1:57ED3F9079179973D7CD74845590748C9CB49A25
    SHA-256:25E6608629B31918A51EAD861C45E3C2FEF046EB635493377563BBAF36C9A963
    SHA-512:AE540EA9B647841249442087A720B9F482442644DAD51483FA0C646C4FB36EABF8ED99FF7598744CA04B873712B2AC67A251306CD2DCC65A89CDDEC70B8D97C1
    Malicious:false
    Preview:.3..0................0yB.........$............#.!BDNz.~^SM......\.......................f................@...........@...@...................................@...........................................................................$.......D.......P.......................z...............n.............................................................................................................................................................................................................................................................................................+....3..0................0yB.........$............#......................................................................................................................................................................................................................................................................................................................................................................................

    Static File Info

    General

    File type:RFC 822 mail, ASCII text, with CRLF line terminators
    Entropy (8bit):6.12905135472819
    TrID:
    • E-Mail message (Var. 5) (54515/1) 100.00%
    File name:49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml
    File size:218'670 bytes
    MD5:ee0f35659eb9bdbac4964768e4d9b987
    SHA1:ba0a9a9d07f955ee459a629d3e8581a8f6aa6ff9
    SHA256:08b95795c7991b93224489b317e5bf39838ca91f0c6cfec01d9eb2589facf8ec
    SHA512:e35cb72db951966d9020355cc9438bd89e8e55b16bfbea537f716d6bd622064d5d26cba1bb126a720bbef9a3af832c52a82bb587f68bd46a91c9670f8a2f776c
    SSDEEP:6144:nuaW2tN6eKGm2MTCXBHF7cxuVaF2uXmREA4vPuJojOWm9Y:nDrtKGm29F7IuaF2uXm/bWmy
    TLSH:462402139FB74C962B6052FFEB1BB6C9B01A3B5647AE49F572D1B235743D2B2A305020
    File Content Preview:Received: from PH0PR06MB8483.namprd06.prod.outlook.com (2603:10b6:510:5a::13).. by CO6PR06MB7155.namprd06.prod.outlook.com with HTTPS; Fri, 14 Jun 2024.. 11:39:21 +0000..Received: from YT4PR01CA0345.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:fc::26).. by PH

    Static Mail

    General

    Subject:401238-5383-211 - Follow-up letter
    From:international@facto.fr
    To:IHassanali@imax.com
    Cc:
    BCC:
    Date:Fri, 14 Jun 2024 13:38:27 +0200
    Communications:
    • Ref : 401238/5383 Please, find herewith a mail regarding your supplier PHENIXDIGITAL with whom we are bound by a factoring agreement *********************************************************************************************** Ce message ZjQcmQRYFpfptBannerStart This Message Is From an Untrusted Sender You have not previously corresponded with this sender. Report Suspicious This Message Is From an Untrusted Sender You have not previously corresponded with this sender. This Message Is From an Untrusted Sender You have not previously corresponded with this sender. Report Suspicious Report Suspicious https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fus-phishalarm-ewt.proofpoint.com%2FEWT%2Fv1%2FCzU9WQTM!Fcro0EH1vs9JYuQi6R-O9CkoFp6JpBuOLRsKL6AVPpXXqt8nWh45sq3W1yPQ7xUANw6_c_6aNrlsjdr7cxXQDm8bbg%24&data=05%7C02%7CIHassanali%40imax.com%7Cfcfc4467196e41d1afd108dc8c668948%7C690377a2597f481ca498b51532ed1e7d%7C0%7C0%7C638539619617652599%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=1IXbMBMSetr6G7rdS3KQIfFWa%2BguFPN%2FiFfrNsySa2E%3D&reserved=0 Report Suspicious ZjQcmQRYFpfptBannerEnd Ref : 401238/5383 Please, find herewith a mail regarding your supplier PHENIXDIGITAL with whom we are bound by a factoring agreement *********************************************************************************************** Ce message et toutes les pices jointes sont confidentiels et tablis l'intention exclusive de son ou ses destinataires. Si vous avez reu ce message par erreur, merci d'en avertir immdiatement l'metteur et de dtruire le message. Toute modification, dition, utilisation ou diffusion non autorise est interdite. L'metteur dcline toute responsabilit au titre de ce message s'il a t modifi, dform, falsifi, infect par un virus ou encore dit ou diffus sans autorisation. *********************************************************************************************** *********************************************************************************************** This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender shall not be liable for this message if it has been modified, altered, falsified, infected by a virus or even edited or disseminated without authorization. *********************************************************************************************** #pfptBanner66539eb { all: revert !important; display: block !important; visibility: visible !important; opacity: 1 !important; background-color: #fee81d !important; max-width: none !important; max-height: none !important } .pfptPrimaryButton66539eb:hover, .pfptPrimaryButton66539eb:focus { background-color: #e5d675 !important; } .pfptPrimaryButton66539eb:active { background-color: #cdc492 !important; } Ref : 401238/5383 Please, find herewith a mail regarding your supplier PHENIXDIGITAL with whom we are bound by a factoring agreement *********************************************************************************************** Ce message et toutes les pices jointes sont confidentiels et tablis l'intention exclusive de son ou ses destinataires. Si vous avez reu ce message par erreur, merci d'en avertir immdiatement l'metteur et de dtruire le message. Toute modification, dition, utilisation ou diffusion non autorise est interdite. L'metteur dcline toute responsabilit au titre de ce message s'il a t modifi, dform, falsifi, infect par un virus ou encore dit ou diffus sans autorisation. *********************************************************************************************** *********************************************************************************************** This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender shall not be liable for this message if it has been modified, altered, falsified, infected by a virus or even edited or disseminated without authorization. *********************************************************************************************** Ref : 401238/5383 Please, find herewith a mail regarding your supplier PHENIXDIGITAL with whom we are bound by a factoring agreement *********************************************************************************************** Ce message et toutes les pices jointes sont confidentiels et tablis l'intention exclusive de son ou ses destinataires. Si vous avez reu ce message par erreur, merci d'en avertir immdiatement l'metteur et de dtruire le message. Toute modification, dition, utilisation ou diffusion non autorise est interdite. L'metteur dcline toute responsabilit au titre de ce message s'il a t modifi, dform, falsifi, infect par un virus ou encore dit ou diffus sans autorisation. *********************************************************************************************** *********************************************************************************************** This message and any attachments are confidential and intended for the named addressee(s) only. If you have received this message in error, please notify immediately the sender, then delete the message. Any unauthorized modification, edition, use or dissemination is prohibited. The sender shall not be liable for this message if it has been modified, altered, falsified, infected by a virus or even edited or disseminated without authorization. ***********************************************************************************************
    Attachments:
    • 401238-5383-211_Follow-up_lett_106986.pdf

    Headers

    Key Value
    Receivedfrom ufactp60.cm-cic.fr (HELO UFACTP60) ([10.45.204.38]) by geimsa02-openrelay.cm-cic.fr with ESMTP; 14 Jun 2024 13:38:28 +0200
    Authentication-Resultsspf=fail (sender IP is 67.231.159.236) smtp.mailfrom=facto.fr; dkim=fail (body hash did not verify) header.d=facto.fr;dmarc=fail action=quarantine header.from=facto.fr;compauth=none reason=451
    Received-SPFFail (protection.outlook.com: domain of facto.fr does not designate 67.231.159.236 as permitted sender) receiver=protection.outlook.com; client-ip=67.231.159.236; helo=mx0c-007a8001.pphosted.com;
    Authentication-Results-Originalppops.net; spf=pass smtp.mailfrom=prvs=888f86086=international@facto.fr; dkim=pass header.d=facto.fr header.s=201706; dmarc=pass header.from=facto.fr
    DKIM-Signaturev=1; a=rsa-sha256; c=simple/simple; d=facto.fr; i=@facto.fr; q=dns/txt; s=201706; t=1718365118; x=1749901118; h=message-id:mime-version:from:to:date:subject; bh=UBpNxf2ze8uuZaiub7NHphXd2PxtrS2cir+1xETyKLQ=; b=wZN4YfNgwCLqU5qyhVUPyW8gylSoR0E4WHb2A/siZsKBOaOP3Z8OYiyu fcytvbDw4ACD4Tsm6Qtx4rmIwci56pWmiDtQEvHFoFuiF8TJA+42oNFCU q07FgmOsPjt23bFvefEdsBxAjeVv6aHe1SOE0C9B6mnFkTRokp6/hl+qw 3MWdU5TM+UvVpVQapyVPeIWYMjDnEJzAg1QZKiy43VwFXFIbilY7TOnVf 66diH0OAO1jiUWG2Lfy6c9CIPY6S16LVd2E/O6qe8naZ1tes51hhI+dgR Rb1RmxQaVCjhSZhUS9Zzq2LeGKNf3/MRT48MNGxzGJUw6+KKxnLLlnig4 Q==;
    X-Disclaimer-EIFR
    X-CONTROL-SENDERinternational@facto.fr####international@facto.fr
    X-IronPort-AVE=Sophos;i="6.08,237,1712613600"; d="pdf'?scan'208";a="440056095"
    IronPort-DataA9a23:+Rfgc6yD1RRvFkxQz1x6t+eTxCrEfRIJ4+MujC+fZmUNrF6WrkUHm GceXWGBP/yLNzagctkjb4+wpEpQvJ7Vy4U3TgU5pC00HyNBpPScCIXCJC8cHc8zwu4v7q5Dx 59DAjUVBJlsFhcwnj/0bv676yMUOZigHtLUEPTDNj16WThqQSIgjQMLs+Mii+aEu/Dha++2k Y20+5231GONgWYubjpKsv7b8XuDgdyq0N8mlg1mDRx0lAKG/5UlJMp3Db28KXL+Xr5VEoaSL woU5Ojklo9x105F5uKNyt4XQGVTKlLhFVHmZk5tZkSXqkEqShreckoMHKF0hU9/011llvgrl YQX7cTYpQ0BZsUgk8xFO/VU/r0X0aBuoNf6zXaDXcO7n2f9WF7LndpXVnpvNNJJ3eBYD3thz KlNQNwNRkjra+Oe/ZySYdVU2JxLwMvDZdtZ5iwml2mFS612KXzAa/2iCdtw3TEsi9pIFOrfY MwQbRJhZR/cZFtBID/7DbpiwL/w2yenImEwRFS9mLYzwEXa7FRN86noIsbJU5+IY9tnkRPNz o7B1yGjav0AD/SW0SKB82ilgcfBlCjnX8QcDtWFGuVCnVOazXALVkVQXl7+qviyzECkMz5CF 3EpFuMVhfBa3CSWohPVBkDmyJJYlnbwg+ZtLtA=
    IronPort-HdrOrdrA9a23:8bnAqq5f4gWsQFmGSQPXwKHXdLJyesId70hD6qkRc3Jom6Oj+/ xG8M5w6faWsl0ssRgb8Li90cK7Lk80m6QZ3bUs
    X-Talos-CUID9a23:0AbnnW59qJLpbveGdtsspGQvMeUCLFLklkyJKhDpLmBGRqe6cArF
    X-Talos-MUID9a23:i5YpJwvl/H/KoZTexs2nuS1mF+phw/ySK1EIg4kakoqGEzJCNGLI
    Message-Id<392cf1$d3le8v@geimsa02-openrelay.cm-cic.fr>
    Frominternational@facto.fr
    ToIHassanali@imax.com
    DateFri, 14 Jun 2024 13:38:27 +0200
    Subject401238-5383-211 - Follow-up letter
    Content-Typemultipart/mixed; boundary="--boundary_6876_4c0ce9ca-ed8e-4f74-90c1-dd0796f45cbf"
    X-Proofpoint-GUIDt0Oj-KMzJCi-YjmAo_3Fu2vWMIbkdkAa
    X-CLX-ShadesMLX
    X-CLX-Response1TFkXGBobEQpMehcaEQpZRBdtRhNCe0VoeBp7aBEKWFgXZ2NZRX5rHhxjfRs RCnhOF2RaYEBefkJmYB18EQp5TBdhRVNFX2FCfhIYWhEKQ0gXBxsTGhEKQ1kXBxgSGxEKQ0kXGg QaGhoRCllNF2dmchEKWUkXGnEaEBp3BhsSG3EbGBMQGncGGBoGGhEKWV4XbGx5EQpJRhdDR0tSS UVYWnVCRVleT04RCklHF3hPTREKQ04XXhplQAdhZ1BgaUMHc0BHa0V1GWxfGFx9Z2NIQU5Ba0sR ClhcFx8EGgQZHBwFGxoEGxsaBBsZHgQZHxAbHhofGhEKXlkXTkVOaEsRCk1cFxgSGxEKTFoXb21 NQWsRCkVZF29raxEKTEYXb2tra2trEQpCTxdhQFxCbFB5T0x8cBEKQ1oXGx4fBBgYHAQZGgQYGR wRCkJeFxsRCkJcFxsRCl5OFxsRCkJLF2RaYEBefkJmYB18EQpCSRdkWmBAXn5CZmAdfBEKQkUXZ 2NZRX5rHhxjfRsRCkJOF2RaYEBefkJmYB18EQpCTBdnY1lFfmseHGN9GxEKQmwXZ2NZRX5rHhxj fRsRCkJAF25naVJ4WGJQXUxaEQpCWBdoc3hAYn5cBVBpGxEKTV4XGxEKWlgXGREKeUMXZVhleEZ DX3xAHV8RCllLFx0YHx4RCnBoF2FGcGFiZlN6G1lTEBkaEQpwaBdpZ0kfcmZ4RnlpUhATHREKcG gXbRlvSHwYfxoZZFIQGRoRCnBoF2hdZlhMSWcFWkZLEBMZEQpwaBduRWNtZn1LRWdwRBAbGBoRC nBoF2FzXHNHS0NABXwFEBsZHREKcGgXa05dQEdPEllCaUMQGxsSEQpwaBdsEk9JYmxkeXhOHxAb Gh4RCnBjF2AYYGgFT3ppGU9wEBkaEQptfhcbEQpYTRdLESA=
    X-Proofpoint-ORIG-GUIDt0Oj-KMzJCi-YjmAo_3Fu2vWMIbkdkAa
    X-Proofpoint-Banner-Triggerunknownsender
    X-Proofpoint-Virus-Versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-06-14_08,2024-06-14_03,2024-05-17_01
    X-Proofpoint-Spam-Detailsrule=inbound_notspam policy=inbound score=0 priorityscore=0 mlxscore=0 phishscore=0 mlxlogscore=951 suspectscore=0 impostorscore=0 lowpriorityscore=0 bulkscore=0 adultscore=0 unknownsenderscore=20 clxscore=201 malwarescore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.21.0-2405170001 definitions=main-2406140080 domainage_hfrom=7254
    Return-Pathprvs=888f86086=international@facto.fr
    X-MS-Exchange-Organization-ExpirationStartTime14 Jun 2024 11:38:39.7562 (UTC)
    X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
    X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
    X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
    X-MS-Exchange-Organization-Network-Message-Id fcfc4467-196e-41d1-afd1-08dc8c668948
    X-EOPAttributedMessage0
    X-EOPTenantAttributedMessage690377a2-597f-481c-a498-b51532ed1e7d:0
    X-MS-Exchange-Organization-MessageDirectionalityIncoming
    X-MS-PublicTrafficTypeEmail
    X-MS-TrafficTypeDiagnostic YT1PEPF00001E8A:EE_|PH0PR06MB8483:EE_|CO6PR06MB7155:EE_
    X-MS-Exchange-Organization-AuthSource YT1PEPF00001E8A.CANPRD01.PROD.OUTLOOK.COM
    X-MS-Exchange-Organization-AuthAsAnonymous
    X-MS-Office365-Filtering-Correlation-Idfcfc4467-196e-41d1-afd1-08dc8c668948
    X-MS-Exchange-AtpMessagePropertiesSA|SL
    X-MS-Exchange-Organization-SCL-1
    X-Microsoft-AntispamBCL:0;ARA:13230037|12012899009|82310400023;
    X-Forefront-Antispam-Report CIP:67.231.159.236;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:NSPM;H:mx0c-007a8001.pphosted.com;PTR:mx0c-007a8001.pphosted.com;CAT:NONE;SFS:(13230037)(12012899009)(82310400023);DIR:INB;
    X-MS-Exchange-CrossTenant-OriginalArrivalTime14 Jun 2024 11:38:39.6625 (UTC)
    X-MS-Exchange-CrossTenant-Network-Message-Idfcfc4467-196e-41d1-afd1-08dc8c668948
    X-MS-Exchange-CrossTenant-Id690377a2-597f-481c-a498-b51532ed1e7d
    X-MS-Exchange-CrossTenant-AuthSource YT1PEPF00001E8A.CANPRD01.PROD.OUTLOOK.COM
    X-MS-Exchange-CrossTenant-AuthAsAnonymous
    X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
    X-MS-Exchange-Transport-CrossTenantHeadersStampedPH0PR06MB8483
    X-MS-Exchange-Transport-EndToEndLatency00:00:41.9424887
    X-MS-Exchange-Processed-By-BccFoldering15.20.7677.008
    X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
    X-Microsoft-Antispam-Message-Info N3gnLzQqAhMCIbUzSR7TDLeDCAzLaUYmo57DCD0PqTIEKKDVqjh2fwQGfpXlyL6jAZWKx1FUIhKcoMZ/WWfZyg9PebD04qIWl3Hue0X9mxzZDb/f/g7SUm4Ce7/p+0s3giNLApL5eeH4FcbJW2PWr6trb41YKrMFS32sLiCMCl6wxwpEz2tMGJKAiOdhEDxxcC7UlT35RhAWc3FP5XAM1gvwlHmTxNDGWNHXYL6/LQYa2iZ46coprh/bA5dmbMEs4NJz7iCQc7PhLbbVOU7fxEJ8bsKe5CUUyJk5HSGhVdU30tSdN5d7QueAGNfhki0JGTM1DxAn1BAxzBFep698U6HCD0tQ6eM0eubCKMpX3qYlNVT8yRB88HLQvZ0je3IaCPx7CBXugfEswPLcmABCFHEG5rnK1hjkW8slvTDYYB6alJyePBhViXMJmQILO6bIZwvNraVCedd8zDAuFn872ftvLmVlvlTzhMspO3LM4XUIArBtOYYwNhWv52RYJ4BPAG+f0XiflEzjFxebhPwTchrhClEhlP4GOuPTfvZjVA9MJRQeZI2VBxWQ2XnDSZ/Hnmkajc6sUXineQ16gihopEt2zRbAQ+E43O5JLrgyOcagqn/R6GeAtkUNfUM3wmPxumfnrMTHbg6UjUJs41xyPetUcT59GGO0EXm0wvO1TLgxH/RAtiWgp05zEsfn1sJfFd4NHCkoNukE+W6OahR1yFK+U9cXahzXUG54+HnCTcJC7DLrTXfQl0PpI2jG3/8JBr//q17o3wr2cjRKAq/48qclAPy5pqdKtFcECwyu6E8weTB4SWT/5Mo1X94m6Sij5ku7ZA+gybUhImuali10IDkLVhJYeeZAsKYh9gjIP+Sld3tJN0BXlJTKYJKxBt706oJVb47KeRJ2LQTXyO5IUpyJ6dFSHwZHVaOyeGLMAjLDm+MH9QzGb/yBvWxYMtlL0PbBr42r2Wad5WNnfMrDERky87M/RUzSmxEGpHGTUYCvxNXvn18mh67j4up9LbRLGUGqUxR4D5ae5R/Ij8+ujTXCQOvVUvKbOxBneBfaQV/o5azzbEyY0fLhqGzy8zWn6wBIZgILZNtpPK9Dyk0QlczQ1RRmEgx6vP1AMsK9pdsC1IEBguQHWK4ncPmscZRKtPyX0RUHbNFxx15kSrmybgbV8jm1EUHnWsnJmGE1UIX2wYXS7zq80LxVWNHKQZHfbD0VIoqgrX/oSxoZxz7gNRmZ+DLqERWmh0cE0OmmfGnhW+6csKcf+e+Lq6+/6hjdQLYNvu2QbGPECGfkR4Gir+Z+UBApbcmXviZKlnpwLymFH2vK67Hv+FyQJXi6Mi84Ah/cLiuqMhsRH3/DVl/rXLkXhrscXMN1A/VAKszaNT/fy4gu9TFhE4rSD6Nb0YNDzSPLzDujUyXc8+nUe6dbp3d6M3zKARWdh6nsKsUifNk/NNPFeZhogML0KAuKkMkmGbvYGYQXlZ3ensTEGhQNbd8gDYWZvogmA/HntIPQ3ZnFpxi/peOphiBy+v+gmY4WhH7/GTed1Im6JHMNVYHTKXB8BHyuWbchdr6iBcx7Dp33Mw5GL4A8Bi45yLoeeS1qkRnT/GpViRQWUsT3SwPk5SqQ5aAO63jenkwPXhmlUgR72cQYOFRfhTIdV5pfiK78Srso6bOfLLZ97Ukmz2u5rRNCr0ztxQ9zbQO/kvvEvm+B1ixHPL1wz451fcRXNNtmNEE5IUAG6PztlRVMTkRBGBtO9/WtRedJtbzbUfZJRJRcMls/QfjeFrB0LYCl6KTCQZC1pr0u6aGq4AdTUN62aY1okbmUNj7cWRz7Sh0l+vP7ZY/l/T41BPDzX1POPNUegpcG13GmX4ReVzJpwLKO+c+wkBUHHLA8TgaMN5XSBy3fh6zFOtIg59Y5DIczZV5q1WT9LFUspm3gt8CVaVS0uyK5xveSaHi0oXJdqM9qVv7B5kCLLLUp5SPP8VY0Yy3u3mxzUy2xxCzHO01af0lYzB7v3x+FgdTRu/6HVB0i7M68NrJ2IgKJ1q98YHI0Og+YCYF3DMqbgcQm0oLMJY3LsbPqDBzuMaI9NM7BcwP2UURyVmWyjIfMdxY7gtYwkJ3OY1cEtxyfiUaL94grRxT/cwG5Oo3ltbdXetckRn33TgMFE6yTa1etNB1GKKrPva/M
    MIME-Version1.0

    File Icon

    Icon Hash:46070c0a8e0c67d6

    Network Behavior

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jun 17, 2024 17:53:38.696331024 CEST1.1.1.1192.168.2.180x5ea7No error (0)windowsupdatebg.s.llnwi.net87.248.204.0A (IP address)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:11:51:47
    Start date:17/06/2024
    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    Wow64 process (32bit):true
    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\49a790ea-b732-4d5f-9f94-3f246fad2b7e.eml"
    Imagebase:0xc50000
    File size:34'446'744 bytes
    MD5 hash:91A5292942864110ED734005B7E005C0
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:false

    General

    Target ID:2
    Start time:11:51:50
    Start date:17/06/2024
    Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "7C44A89B-53EC-409D-8728-588BABF159F0" "2AF9E6BA-0FC6-4D68-BDDC-6AEABD9378A5" "6528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
    Imagebase:0x7ff7a9c70000
    File size:710'048 bytes
    MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:false

    General

    Target ID:4
    Start time:11:51:55
    Start date:17/06/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\1G9QYAY4\401238-5383-211_Follow-up_lett_106986.pdf"
    Imagebase:0x7ff663080000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:false

    General

    Target ID:5
    Start time:11:51:57
    Start date:17/06/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff767b30000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:false

    General

    Target ID:6
    Start time:11:51:57
    Start date:17/06/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2260 --field-trial-handle=1560,i,16432077869950964751,5752443073126241527,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff767b30000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:moderate
    Has exited:false

    Disassembly

    No disassembly