Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
email.eml

Overview

General Information

Sample name:email.eml
Analysis ID:1591057
MD5:0e1867d52d651aa9f84c6a1e8c6eac67
SHA1:59233873e8d89689520a2ee0764f2d550abdf3ad
SHA256:48eab4d2047d217b6153bc4aae279d39f858017334520e9754e2959e892db17b
Infos:

Detection

unknown
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 4892 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6704 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6ECB13A8-964B-47B9-9B8C-DAFEAC77297D" "9DC175DF-564E-4B6F-AF59-E89239262159" "4892" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 6920 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HUK830QF\Pdf.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 1316 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6324 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1560,i,738451172511970122,14636823245648274190,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4892, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HUK830QF\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4892, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected suspicious elements in Email content
Source: EmailJoe Sandbox AI: Detected potential phishing email: Email has no subject line, which is suspicious for legitimate business communication. Sender email appears to be a personal Gmail account attempting to contact a business address. Contains only an external sender warning with no actual message content, suggesting potential malicious intent
AI detected suspicious elements in Email header
Source: EmailJoe Sandbox AI: Detected suspicious elements in Email header: IP address 91.207.212.148 is sending from GB but claiming to be Gmail, which is suspicious. SPF SoftFail indicates the sending IP is not authorized for gmail.com domain. Mismatch between PTR record (pphosted.com) and claimed Gmail origin. Despite DKIM pass, the combination of unauthorized IP and geographical mismatch suggests potential spoofing. The message appears to be routed through Proofpoint (pphosted.com) which is unusual for legitimate Gmail traffic. The return-path contains a personal Gmail address but the authentication is for gmail.com domain. Multiple authentication anomalies suggest this could be a sophisticated phishing attempt
Source: EmailClassification: unknown
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: classification engineClassification label: mal48.winEML@20/34@1/104
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250114T1051350008-4892.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6ECB13A8-964B-47B9-9B8C-DAFEAC77297D" "9DC175DF-564E-4B6F-AF59-E89239262159" "4892" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HUK830QF\Pdf.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1560,i,738451172511970122,14636823245648274190,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 48150301B5EF6ED75828C3F1D6D0FAB9
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6ECB13A8-964B-47B9-9B8C-DAFEAC77297D" "9DC175DF-564E-4B6F-AF59-E89239262159" "4892" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\HUK830QF\Pdf.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1560,i,738451172511970122,14636823245648274190,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      52.113.194.132
      		unknownUnited States
      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      52.22.41.97
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      2.16.168.119
      		unknownEuropean Union
      		20940AKAMAI-ASN1EUfalse
      23.209.209.135
      		unknownUnited States
      		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
      52.109.28.47
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      52.109.68.130
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      199.232.214.172
      		bg.microsoft.map.fastly.netUnited States
      		54113FASTLYUSfalse
      2.23.240.205
      		unknownEuropean Union
      		8781QA-ISPQAfalse
      13.89.179.9
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      172.64.41.3
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse

      General Information

      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1591057
      Start date and time:2025-01-14 16:51:00 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:18
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      Analysis Mode:stream
      Analysis stop reason:Timeout
      Sample name:email.eml
      Detection:MAL
      Classification:mal48.winEML@20/34@1/104
      Cookbook Comments:
      • Found application associated with file extension: .eml

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 184.28.90.27, 52.113.194.132, 52.109.28.47, 2.16.168.119, 2.16.168.101
      • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, fs.microsoft.com, prod.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, uks-azsc-000.roaming.officeapps.live.com, s-0005.s-msedge.net, e16604.g.akamaiedge.net, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, omex.cdn.office.net.akamaized.net, a1864.dscd.akamai.net
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtQueryAttributesFile calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtSetValueKey calls found.

      Created / dropped Files

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\74a11ff8-74e0-4a80-a22d-8c4b715355f1.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:modified
      Size (bytes):403
      Entropy (8bit):4.953858338552356
      Encrypted:false
      SSDEEP:
      MD5:4C313FE514B5F4E7E89329630909F8DC
      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:4C313FE514B5F4E7E89329630909F8DC
      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF69d2b2.TMP (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:4C313FE514B5F4E7E89329630909F8DC
      SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
      SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
      SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b2021e8f-3023-4cc9-a306-461c10fed5b9.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):403
      Entropy (8bit):4.987133548314681
      Encrypted:false
      SSDEEP:
      MD5:0D50B07FDFC046C34AC051DC8337FA7B
      SHA1:FE373B9FD5CF880FF791371F93D7D4E376DA8215
      SHA-256:B99E93DFDFB210B07FABCC2229390E4FF5E31DA53277546432D52D37EBA7D7D0
      SHA-512:F0BAFA9E9198976454B525E7D2FE8157FD20D3854EF4554B99633CE19DDCE41F1C5A62CBB4DDCF855A2C2D0C153325ACEC8554D840BB7BD7EC8B155A89DBFA65
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381429907603774","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":131617},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250114155145Z-172.bmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
      Category:dropped
      Size (bytes):71190
      Entropy (8bit):2.5620731284928295
      Encrypted:false
      SSDEEP:
      MD5:C1D7491C5F7198FE65CF98133E30269F
      SHA1:A0799BADD3BDD5BD525F915D9ED8391B0BD38AD4
      SHA-256:B37F783959102D3FBAB60F7EE552A564787B3AF3123650D0F74CFB7ED3BC0E5B
      SHA-512:4CBB56B6E6FC1D27CDFEE6149B3C5F19C5FD1355020C061FD068539C66B14A927D38CD70DA95F945165EACD57D185C35AE364D52B66B48B70B42398D15694BF9
      Malicious:false
      Reputation:unknown
      Preview:BM........6...(...u...h..... .........................G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<6.G<

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
      Category:dropped
      Size (bytes):57344
      Entropy (8bit):3.291927920232006
      Encrypted:false
      SSDEEP:
      MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
      SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
      SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
      SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):16928
      Entropy (8bit):1.2156217198413612
      Encrypted:false
      SSDEEP:
      MD5:C92C65DC26BD3E4CE86B9CF82EDB026E
      SHA1:1AD8ED45A3B2B9CFFDEA386885A2227C7F8985C7
      SHA-256:33AE6C15C632E5F1EBA7A03289D4DF1AA2F41E1870C3DFC190B07B7B63BA488D
      SHA-512:DCE86AA9781CF4415804A66FD944EC3266D07E2722AEE31CC404DB69B793BD8B0EE1247381D127A86DCD335F66568AF3E9EE6F0C0DBB57364B595C228041C596
      Malicious:false
      Reputation:unknown
      Preview:.... .c.......2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Certificate, Version=3
      Category:dropped
      Size (bytes):1391
      Entropy (8bit):7.705940075877404
      Encrypted:false
      SSDEEP:
      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
      Malicious:false
      Reputation:unknown
      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
      Category:dropped
      Size (bytes):71954
      Entropy (8bit):7.996617769952133
      Encrypted:true
      SSDEEP:
      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
      Malicious:false
      Reputation:unknown
      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):192
      Entropy (8bit):2.6956966256494677
      Encrypted:false
      SSDEEP:
      MD5:AFEE3600899DB46DA6E59E4EA5F3C843
      SHA1:4860B998B7AA1DEB8CE232D2A3F3CE9CFB0F3358
      SHA-256:74F59D97A6DD762255893AE8AF1423E2228DFA88CF71B9B97434ED3D70D53C31
      SHA-512:E1E1D7EDA40C5ED23830F68DF3AF1D998EC9F0251997A5813A8E76F1B91D9699DE9765E93466FF429E3B241322AD07222FDA9F711767F219E093EE163DC0033A
      Malicious:false
      Reputation:unknown
      Preview:p...... .........6.;.f..(....................................................... ..........W.....F..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:modified
      Size (bytes):328
      Entropy (8bit):3.2401865105070087
      Encrypted:false
      SSDEEP:
      MD5:38D8FBD6D1492C63CB6EE01C4A2928C3
      SHA1:1E1FFEE41253AF03BF617A462B1FD39E99F69C4F
      SHA-256:3785E45F07FC6EDAFBEE83AE4FC2ADF2E7DDC8436C2269AA340B794A6922BE5D
      SHA-512:DF55A201E7A5E28791D53BD124D1F87A02E0B506E2348265AE77E152B08AD3A6B72654A9131A4DD14152B8286C19167CF04E7E39D86234B4D41DB44DEB6CA506
      Malicious:false
      Reputation:unknown
      Preview:p...... ........a.$N.f..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):295
      Entropy (8bit):5.3749555070360335
      Encrypted:false
      SSDEEP:
      MD5:271C69D508846BCC8DA283D87AFB23D3
      SHA1:6E74909AC7EAF75DA9E99121B93F0967BFA80D33
      SHA-256:B4B62ECB2C6DF591D39E12DD5B35238E039E84FD0BEA3BBB9A8A0705536C3BCB
      SHA-512:5DAAB1FD1A2163D2DBD427339C670D6AA17CCE2AB7D144DD3590D3E0671F3E67AEFED2FF2C5E8DC4D472C20F058C16C0BF2F4248F387560811B2F81764F995BF
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.326065944764747
      Encrypted:false
      SSDEEP:
      MD5:F6068961EF3B66B2AA9F8139C485B85C
      SHA1:83818B0B27C8CF7BC9EBE70B1B3EC0D04F362E75
      SHA-256:24FF1B2FF6D0ED0B84E4C76BF8F59900FAD3BCCE8A09D3472CC860131CC139C7
      SHA-512:1135DCB1353938F9D36A7C47CA7365B83F8ED82F91B414A6B771FC9832513BF358FE37848C6CB537CE05ACDB2DD222D19BC14A9CF922D456DE9075F5FE1D17F9
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.302880490948877
      Encrypted:false
      SSDEEP:
      MD5:B6EE4BC08B7255B2F77CF8935CDD09B5
      SHA1:2F5FDA28DE394EE06FB06508C84C207858395903
      SHA-256:EC643A6E0A4D081B8BDDF313E9892DBB0037A1DAA3E4EBD58A7FA456E986B96E
      SHA-512:AA09EBE545A7CD3B116CCB85DD095128CDA56B1B4A5EC7F82D050CAA04DE881247D01B3C63C614DE88C776ED1DB54CD73DAA419303CD230AD7A39B397D6E04D9
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):285
      Entropy (8bit):5.363742436854884
      Encrypted:false
      SSDEEP:
      MD5:7A54FEF4450428F94C9307C11F97070A
      SHA1:3864A896EF713E25FB3253D54FF982EE497861CC
      SHA-256:101359570E446E699884887BC4334A00CFF5A4D4BAB9E4D58739D5FFA2338EF2
      SHA-512:B154769C55EB2B7CEBBE58DD57DC1F01B1E731AC8F99CAEBE09C8039CCA3246D3B5A81CF041CCF2F120B3CE01403DC5304D6524599A3106AA01419D340F62C5E
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1123
      Entropy (8bit):5.685282528839834
      Encrypted:false
      SSDEEP:
      MD5:85F1071D0B0D9019DD2E975E3C2684FD
      SHA1:428AE74B6A8A9C1F8F81A2143725E9620DBA6A8A
      SHA-256:F4199E141CFD1946947405CBBF1C7D3A42296D010A22D648B7E105B50E11CC14
      SHA-512:BB2364771315E0970222FE46553D696EA08BF714FCF3451378C433AA0A22B1687DB5E413076563E38FD101F24AE69DEB59F13AA35EE4D6CCFA7ECA56E0362738
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.3113872451949256
      Encrypted:false
      SSDEEP:
      MD5:9FEDAFF8E086EDE474F2D6CA6100F244
      SHA1:3964192BDCC5C62B31E07E4F6FD274366156E696
      SHA-256:F0626D4AA01EB22E19423FFDE0F7FF9999707920E66616EA8DC8E989CCD4BA2D
      SHA-512:79BAF78A791B8FA7DD84F230D6265EA2642C22C48514F9FCF0B9900FD7DCACED36954DCA35C1259902252C91EF26F14E1501006C2B26B8AB7734A97732F5387F
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):292
      Entropy (8bit):5.314522301869427
      Encrypted:false
      SSDEEP:
      MD5:8BA7D918936DFAF81CCAF50BD02B83A5
      SHA1:A84FD78E446D0A0B4EB7AD2C196B9487DB33B4EF
      SHA-256:18CE115E34A7B3E4C4E88DF4509451EC72DD039994688156AD37949205FE871A
      SHA-512:5853EBD63A71D6E86BD7EF8576F11519EF25ACEBAC6E3DABCB6DEF8F73EFA6F5FC0F697746B6C6B876D7424EBBC5153D6A32F08D92C6C5E2A0111877341833A2
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.321945643151421
      Encrypted:false
      SSDEEP:
      MD5:057D5367F5EAC0219F699941D288F319
      SHA1:AFCF69D09091FBE397C6ADECBAD6BC0159A13AB6
      SHA-256:E071AD2A5AC6C991F99FDB7F9AF89540907A44E29829A9620F18381157E8669B
      SHA-512:8A0349C27775657D62470B66BB401A810647C4183765B8E24F3EC264741CC1AADE2D75F2CFB691EB394F11720E077F855E1FE407E9F80A7B2D402C8AAA08F8CB
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):295
      Entropy (8bit):5.338498261265989
      Encrypted:false
      SSDEEP:
      MD5:BB13ACD2215C6EB7778240107F1170EF
      SHA1:BE5C70312217BDFD6EE510F8DC25762AD8595AAA
      SHA-256:163879CC7097323264A244A263F3EC7C5E143326C2C996EC37EC7E38D772103E
      SHA-512:FA1C2EBCC199DEFD40808CDA861A8758CDFECC1112A9DFE9834888923DE7790086766BBA7CAFC23BDA8162EBC19B4D3D37EC0D3170C019FB02861EFC1BA26F83
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.319539263008827
      Encrypted:false
      SSDEEP:
      MD5:8874C83169DEAD2313CF93F030BBCE69
      SHA1:3F79B8B5182409D63261990A796E88515657D0A9
      SHA-256:4E6D14270BC668C675B7E5F2887539EE444EF05A503C3E23E2E81C28E3C03DF6
      SHA-512:6BA8EB9ADD0996A59EF1FAECCC25EDC478EBC028FDB03A62184F675FCB9A461A52028A523F808B2B250E39EF2BCB2B498FED70B457674DCDC96C851E0F49111D
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):284
      Entropy (8bit):5.30561593540797
      Encrypted:false
      SSDEEP:
      MD5:65DA780E53880D71A778CDCF2EF22149
      SHA1:346A3BB1195A8E080D52CF1FD95139F1DF09065A
      SHA-256:DE48F8667A2CC0D02893102EB373CE52ECB5514E5C25A2BCA68EC2F4A2C4EAE8
      SHA-512:B425180722B91ED26DE55B346524E330B546B32324CC173DC7CD70B3D7AC9C1B00598B1BDF25D52B761C5C5F07ED1F70B8BD3606FF023B78F5B3F6D1AEE1891B
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):291
      Entropy (8bit):5.302952070215275
      Encrypted:false
      SSDEEP:
      MD5:104882305CEC49D365C43691ED529D81
      SHA1:D8F41431226850B41334213245754556512556AE
      SHA-256:2655EC5DFD094839403E3E7EEBA0FF62C096AD3A4FE63AAE65EF4F1EA31C3A95
      SHA-512:08BFDB84F14765627905FCDC48B3147306FA26B4D3FC0DA24785E979D7825CE4A6F02865A735611CAE1501119678ABCB8372EDFF131F7806033D47C9B6D15BEC
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):287
      Entropy (8bit):5.306603843107826
      Encrypted:false
      SSDEEP:
      MD5:03462AD97325611EFD9E586D5CD440CC
      SHA1:FAFC5008E6A7401359EE73102BCCE5F208F661E2
      SHA-256:1CA3C712F87615605780FF5C559C350F40DFD6330810C70B04FD79DA97077F25
      SHA-512:E78D2FE7B24D07124B5886A31A589863D60B8AFDDA26A1AA835C0EA9B91D3F0CC9457905DD4CABA72221AFD99B71C89912B0808E6504A7F9098DE9E468DCD4CC
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1090
      Entropy (8bit):5.659779959607865
      Encrypted:false
      SSDEEP:
      MD5:58E0FBE8CA1E58376EA452F648F59FBE
      SHA1:00F29B52660C7AF5FF6666F3E4FF91ACFFB57A94
      SHA-256:8AC2E6AB6253DF1B25BF895DB7E2FDCEAC8310587D503C1BD3D0522386A44064
      SHA-512:A7451BE0810483A33E3C00CAF98AC45FCBE4BEA3C34729E47005630CA9C0F47C481234EF647E113E46171942C8A70796D000DAD7E1C20A9FBC9BC5ACEBC4D886
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):286
      Entropy (8bit):5.281697163332981
      Encrypted:false
      SSDEEP:
      MD5:E91D5D22B320248F7C2B730C61E37169
      SHA1:5B82CAC5E116FD9AC3DEE1E40AC28E710F614E49
      SHA-256:5DAD220DC60EBDF3886E29A6F21515122766E0909DB999B7A650455B52F77A18
      SHA-512:EE5EB9650F85AA289030603C85E6B1C6F248DFDAF1EE7A07B9E7605EE20B18C8E9A2E37903E864483F3B2C7921D7FF4040F4D03CCF1F6DB97D3578B1E8A731EE
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):282
      Entropy (8bit):5.293192829127791
      Encrypted:false
      SSDEEP:
      MD5:C57976DB17E2C727C5A35A006C4FCF73
      SHA1:4E81C9C6B05EEE9FF73CDCA5D0784BCB617FEB69
      SHA-256:EC7E23EB224F95E7A097AA854E0ED02BEB9671EAAD78140F6699AC05D69471BF
      SHA-512:2FEE4746971559559FE77BA5BE364EC6C82ED735B64FF87893821B76541820D584521D60584C5199BB978EA053B2FB5E999A042369CAD4D207291EBEF397535C
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"639bb491-b1c0-4cd8-a631-d79ccc3485ba","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737043607321,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):4
      Entropy (8bit):0.8112781244591328
      Encrypted:false
      SSDEEP:
      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
      Malicious:false
      Reputation:unknown
      Preview:....

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):2814
      Entropy (8bit):5.1376647053968405
      Encrypted:false
      SSDEEP:
      MD5:6763B7F3E1B5ECE6154364C7F97AA896
      SHA1:CF46B9067E013773E0E22577C6D9BF0DB29DFC28
      SHA-256:54AB3DCE5EED83FB3C321B3A344242ABD3B587B1E80C22C4A8EBFC1C629F1737
      SHA-512:81CF9E5D40941B1E7492C87EB094511B73E780BDE69AAA68F97CE00396A37C9948A5BA5B736EFFC72FA179AE0F5927E3F2758C3381F3C826B7C9EF02CC5F627E
      Malicious:false
      Reputation:unknown
      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3a65b3578db9a1ef24226c7ea9bff6b3","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1736869907000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"1790b0e6941cf257241139a90333a28c","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1736869906000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fb157135b5f4c1c4b83a8810cbb9e2f0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1736869906000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"513b2504bce67caff3a55ae54df9a28f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1736869906000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"8d4e0cfd17bd5f53b01e24264e0ad47f","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1736869906000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"dd5581df20007e756ee34960ef3746f0","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
      Category:dropped
      Size (bytes):12288
      Entropy (8bit):0.9877735454994163
      Encrypted:false
      SSDEEP:
      MD5:5DB9238DC055EA6706E44A7362DAD44E
      SHA1:541945524B11D56F8E666894AE868E95A926335A
      SHA-256:96F977A69674BC87BE41885DBD64D2A5DDFA623FD6836B6E55E33ED0BE2B1B9C
      SHA-512:E387CEDB8C90FC8720CB522C42ED3B4BF6B362EA7495F8A235FF96D0C6AAF5104E11C5FA5E5D4DACEDF2D18F359E64ED0705F1BAEC8F71FDE05B87D067DB346E
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):8720
      Entropy (8bit):1.3436289391455847
      Encrypted:false
      SSDEEP:
      MD5:A9C4C1C218D1859044056ABF19433BBA
      SHA1:11F2AD00418373FA99FCFA7A5F2C23D217A8811B
      SHA-256:9992AEDFC1F895A0A4E65D492DC970A1AEFEC34F131133D665C00B5FABC04594
      SHA-512:093883944BEC1008EC6A3212807B84321D49B6D832D7017F3CB3E5870903638011135F72643056F44FAEEAAF2E956002205928E72D14895EAA6A98D13BFA0F98
      Malicious:false
      Reputation:unknown
      Preview:.... .c......l.L......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):66726
      Entropy (8bit):5.392739213842091
      Encrypted:false
      SSDEEP:
      MD5:19D00D310B9F7DBC427CC40BCBD09C3C
      SHA1:7F54C1E6946D99A7FAAB252FD61033E4C7BB505C
      SHA-256:8C12E4E779560C9E0024F3A4687A031DE085667F58282BB4F365C225CF2669C0
      SHA-512:73AF6652B0E680A845F396B48411860E7C133CD8905681CFB2C8F6875609ED20ABAF7689688F3EA4951257801D227E65754CBE56F95A65B7797163E867A599E0
      Malicious:false
      Reputation:unknown
      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

      C:\Users\user\AppData\Local\Temp\MSI8c5c7.LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
      Category:dropped
      Size (bytes):246
      Entropy (8bit):3.5136057226030957
      Encrypted:false
      SSDEEP:
      MD5:8A4AF1DB9E1392D38FC787E4A6F2887A
      SHA1:227DEFCBC38C1ACF76550FF7DEBF1D04F61B6EC4
      SHA-256:7FAA81592E215EC69E9130E8ECC05D788B4959777DE505F9616F248842EC9726
      SHA-512:83D4144A486F4B2E558557ECA14D644F9088C62CA0EC296732BFE974D028A08649BD0BDE5E1C9F2B7AE8D4CD1C54577751F8407C4D5B4671C958CC0F7561C91C
      Malicious:false
      Reputation:unknown
      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.4./.0.1./.2.0.2.5. . .1.0.:.5.1.:.4.8. .=.=.=.....

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-14 10-51-43-461.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with very long lines (393)
      Category:dropped
      Size (bytes):16525
      Entropy (8bit):5.353642815103214
      Encrypted:false
      SSDEEP:
      MD5:91F06491552FC977E9E8AF47786EE7C1
      SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
      SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
      SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
      Malicious:false
      Reputation:unknown
      Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):29752
      Entropy (8bit):5.418405995702232
      Encrypted:false
      SSDEEP:
      MD5:FBC43C412DE366F61BF94E3AB185AF28
      SHA1:BF7101815F31E69DC8FF03A202BAD73A1476907C
      SHA-256:6F80BBBD136A584435895CAC91FD3AD7DB195EE191DB4A940C71892907782A3C
      SHA-512:4E4580E99B20C74D31BD674F0BA0035B4C418842A1ECA8A965E40A0612B9D8B96947E65B7FC4CCF649E44D97E68E4F67613356197D1FF1ED9F8DA611C7566FBB
      Malicious:false
      Reputation:unknown
      Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

      C:\Users\user\AppData\Local\Temp\olkF70D.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):578133
      Entropy (8bit):7.989703478093413
      Encrypted:false
      SSDEEP:
      MD5:63414F8E8BFC6CCCB773560B73619F94
      SHA1:1F63E3ACD86C5E6B12A66102D686DA635AFC7C41
      SHA-256:D013E31A9CC14F205E618D1B758F35408095287961270AF5491424046A600219
      SHA-512:1F4EABE94BBBE14A44812347C1A0F9A4A06FB55B8AB15824720434C25A9E344E656712B35336947ECD057E1BDB7736D0EF8602B21B35AC72E51ED3B20E416135
      Malicious:false
      Reputation:unknown
      Preview:./..]...r.M...J.L...k...S..=.<.y..z.=.FR}>."ER.z...#...zk.=K.Uz7...>.......).Y..=..K"..V........u..+P.{...9._..o.M$=..u.YQ......<:.......R....Q^.!.H.V.........Jh...F......xG...RwC;K.....@3w...sX..[.........,..w.....[sw.....-...*..7|;m.....c......G.:..'X.n..5..k.Z'..._..m. ./..4..V.....r.Y......&...-%6.B..U....=...M...%..y.>...G..[.q[.ic..k/...VH.:V:........ll...).V..c...y..'Wib.|....6.l..^..h.....4.KE...w..1Y...m.3/nNE.&..I.g+G.o..9.UZ.....k.s.Ri.q..l..b...#..J..9..)..SKr_..F.X.g..K)...\.%.'.OU..Y.'..h...Jk:...L.cv}.|y..^...=...yc.{cLNy..w.g.$..I....-.}!...I.&...A3].i..E.CR.I.d..Di.E.....:..-..v..g,n..;...]..,.#.sc.PQ...`........8...n*..._.q.7*.W.z...q.ZU............K..R%..NI.ES.\i......[y.H.a....i(..y+.34f(.<n..{Zy...r.l..X..G.xY......W......j.Z2. .9..e;6z...4!...Y3..V*......a:".....[._].F...yV...\....z.)a.-0;....o.?...N.l..@bJ............+C~NR?q...6q.w..._.o..U..|.......DG..u.7.sx#...H../.u.Qx......f..;:..J.....Ui..1....e.T

      Static File Info

      General

      File type:RFC 822 mail, ASCII text, with CRLF line terminators
      Entropy (8bit):6.057356462291763
      TrID:
      • E-Mail message (Var. 5) (54515/1) 100.00%
      File name:email.eml
      File size:984'547 bytes
      MD5:0e1867d52d651aa9f84c6a1e8c6eac67
      SHA1:59233873e8d89689520a2ee0764f2d550abdf3ad
      SHA256:48eab4d2047d217b6153bc4aae279d39f858017334520e9754e2959e892db17b
      SHA512:ad853b2e456326ad825d2850cd5c0f9ec65bd650b06e191401a8fee33493c961c57652ea54cf0b5e6e6e85abd643303c05bcb061bda4d59e6a220c61acfbe8b7
      SSDEEP:12288:7l0Gf6Z44RfFNMhUmIxwIR/w//8///4/5yfLJ2HY+mwvnicRb+clOXUCRiADEmYA:7lz6ZRRdnqIGyT84+mw6aAUqpYma7nnC
      TLSH:87252233DC5B31DB47414237A32BFC256D570F4B58924B5662F892E621AD3B38A36C2B
      File Content Preview:Received: from AS8PR03MB8003.eurprd03.prod.outlook.com (::1) by.. VI1PR03MB10063.eurprd03.prod.outlook.com with HTTPS; Wed, 18 Dec 2024.. 19:16:36 +0000..Received: from AS4PR09CA0023.eurprd09.prod.outlook.com (2603:10a6:20b:5d4::13).. by AS8PR03MB8003.eur

      Static Mail

      General

      Subject:
      From:rabie benmoussa <rabiebenmoussa69@gmail.com>
      To:jessie.deleenheer@socotec.com
      Cc:
      BCC:
      Date:Wed, 18 Dec 2024 21:13:06 +0100
      Communications:
      • EXTERNAL SENDER: Do not click any links or open any attachments unless you trust the sender and know the content is safe. EXPEDITEUR EXTERNE: Ne cliquez sur aucun lien et n'ouvrez aucune piece jointe a moins qu'ils ne proviennent d'un expediteur fiable, ou que vous ayez l'assurance que le contenu provient d'une source sure.
      Attachments:
      • Pdf

      Headers

      Key Value
      Receivedby mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-725e71a11f7so912503b3a.1 for <jessie.deleenheer@socotec.com>; Wed, 18 Dec 2024 11:13:32 -0800 (PST)
      Authentication-Resultsspf=softfail (sender IP is 91.207.212.148) smtp.mailfrom=gmail.com; dkim=pass (signature was verified) header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass reason=100
      Received-SPFSoftFail (protection.outlook.com: domain of transitioning gmail.com discourages use of 91.207.212.148 as permitted sender)
      Authentication-Results-Originalppops.net; spf=pass smtp.mailfrom=rabiebenmoussa69@gmail.com
      DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734549209; x=1735154009; darn=socotec.com; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=zGsHF/H8EzcMzUCVJUKFTgJDPj/h0A4zdAv5Fn7tPbE=; b=D/R7dhbcmZstxVXPrCnjrwER3cdn6TvTfKMGJncfHTO5/0+Z/nOQF6EgzeyguWNM30 ScqcmyAsSP8Dq8HY0tJgExNiYIBgR0oOeMYh27UPoFxoGJxrERfkuM9e8VyRaNTdoUTL hppqF26OSgQt1rEFiSF/etJFU1575fGa733M2ao0I16lpXBLvaFvrsRpgojTSRtrs+xi /XQh2dvMa8ODapBWG0rSnKGKlL2ijxmN6TToyMqf+WLMYArTDENdULtTaO/xpcBrHXAw 72T9GxbzJIPLz2kyPH35aH42kqUpNDJdxqy6EiP+rVNfxzo6luOS3uR2aXcpQIcl6PN2 5qsA==
      X-Google-DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734549209; x=1735154009; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=zGsHF/H8EzcMzUCVJUKFTgJDPj/h0A4zdAv5Fn7tPbE=; b=qG3mWT3dq+7nH7yrB2GRXpfTY8G/1gyP7cdquYwBnr1kk082a6MZubDLiuTJ795QBE x7Zp2IdvQJs3HjBOeUOxXMoBZYyAh1KNSkvlRj/Z/fU1Iw9hRCgJ9TFcZtLEabqoRWqH bCGtJnnUTQexIhTLsu+3HlYbM+aDClPL6pVOanrZD5gdYLCT3EUx/Z7ksPcEkfZzD3xV ZMbDlGJicEc2dX8bBuDAsBqLtBJ1OgS6M1EYpxdLdPH3jy9yh1fxPA/MWrKD8x0etBLI 0A9mMoTX3MpoThGt6rCvdgDBxITBh77Gt/u3eBUc4yZmhtPIHXKTU0E6o5zhjL4ZXuL0 uD1Q==
      X-Gm-Message-StateAOJu0YzG+nubvmr5LYBUl5eNoP1h3DKmPCjERhDrp28f1DULo9wntoub pTxB3ZqMZZh152lwm6Wavn1y8rN8+qHyEIlfhWgbdNaujMY6cRg/mJYDMbT0mtam6lqzQk67DxV W/AkAmqy7IBc9o2bd0L4oHGW8aLklOw==
      X-Gm-GgASbGncsAm1Yxp0b42fXoJnfytQieQo0m4gaaF3giTjF3uPU21CVsfuhCIysmhisgiLC 7/5++SFwceg0NChwrESJuuwckUILVj1ehGsKh
      X-Google-Smtp-SourceAGHT+IF87SL365LlI6IgFDqO9h8KZDNySTUoSAgRc76wgTVDYSzcHeZ81UH2S1dgq4pij24IvhSG/eW3OCXPwXcQs/8=
      X-Receivedby 2002:a17:90b:3bcb:b0:2f2:a974:1e45 with SMTP id 98e67ed59e1d1-2f443660e2dmr652221a91.16.1734549208353; Wed, 18 Dec 2024 11:13:28 -0800 (PST)
      Fromrabie benmoussa <rabiebenmoussa69@gmail.com>
      DateWed, 18 Dec 2024 21:13:06 +0100
      X-Gm-FeaturesAbW1kvYRBZZhdHzhRKrm0PyhQoF8p-xxdInBVFbrvBZ6gHDyVK00owo5ez5kkJ8
      Message-ID<CAGBgsZHywzuPe_pAjLim9909xJrRxbzoxZbuDoRer7U7qharjg@mail.gmail.com>
      Subject
      Tojessie.deleenheer@socotec.com
      Content-Typemultipart/mixed; boundary="00000000000069060806299035b2"
      X-Proofpoint-GUIDPM6vKdd7lCj-C8vBJuNL_rig7YAwvpgl
      X-Proofpoint-ORIG-GUID5-Ar_yeFyHCU2ApDsJbs4ytr5RnuIteJ
      X-CLX-Response1TFkXGBEKTHoXHx4aEQpZRBdrUBl8cFpDZnpfcxEKWFgXZE9Scl5iSBp8WGI RCnhOF2NTY2t7E1h+Gl9eEQp5TBdpfxNdTGVvYE5ZTREKQ0gXEhEKQ1kXBxgeEQpDSRcaBBoaGh EKWU0XZ2ZyEQpfWRcbGBEKX00XZ2ZyEQpZSRcScRsGGx93Bh0fBhwTQhoGBxgfQAYHHxoGGnEaE Bp3BhoGBx8aBhoGBxsfBhoGGnEaEBp3BhoRClleF2hueREKSUYXWUVJRV5PSXVCRVleT04RCklH F3hPTREKQ04XHwdrWHVTT2xTYml/GGtabllgSFkeU15YH3hEX2NeT2ARClhcFx8EGgQZEhwFGxo EEhoEGxkeBBkfEBseGh8aEQpeWRdPR2d7ThEKTVwXBxgZEhEKTFoXf2lNeG8RCkVZF2gRCkxfF3 oFBQUFBQUFBQVSEQpNThdpaxEKQk8XYmdbH1AZU2B7HBMRCkNaFxgaEwQSHwQYGxoEGx0cEQpCX hcbEQpCRRdobUUcZEtFU1oZExEKQk4XY1Nja3sTWH4aX14RCkJMF2RPUnJeYkgafFhiEQpCbBdr f0dbUh19WntafREKQlgXYn4SXEBAGU5IS2kRCk1eFwcbEQpaWBcZEQpZSxcbGh0YGhEKcGgXbG9 /b2RnUhgBaF8QHBMRCnBrF2haHGhHeH1hElNfEAcZGhEKcEsXZ3NlTV0ZYXBIcFsQBxkaEQpwbB dsWFt5H1llRUtsehAHGRoRCm1+FwcbEQpYTRdLESA=
      X-CLX-ShadesMLX
      X-Proofpoint-SPF-Resultpass
      X-Proofpoint-SPF-Recordv=spf1 redirect=_spf.google.com
      X-Proofpoint-Virus-Versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2024-12-18_06,2024-12-18_02,2024-11-22_01
      X-Proofpoint-Spam-Detailsrule=inbound_notspam policy=inbound score=0 spamscore=0 mlxscore=0 adultscore=0 clxscore=2 phishscore=0 suspectscore=0 impostorscore=0 mlxlogscore=483 priorityscore=540 lowpriorityscore=0 unknownsenderscore=20 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=2 engine=8.21.0-2411120000 definitions=main-2412180149 domainage_hfrom=10720
      Return-Pathrabiebenmoussa69@gmail.com
      X-MS-Exchange-Organization-ExpirationStartTime18 Dec 2024 19:16:18.6569 (UTC)
      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
      X-MS-Exchange-Organization-Network-Message-Id ddb330dc-5642-4537-a966-08dd1f98734f
      X-EOPAttributedMessage0
      X-EOPTenantAttributedMessage33135fa5-f5a7-4d5c-8632-9a17d4acfa5b:0
      X-MS-Exchange-Organization-MessageDirectionalityIncoming
      X-MS-Exchange-SkipListedInternetSender ip=[209.85.210.176];domain=mail-pf1-f176.google.com
      X-MS-PublicTrafficTypeEmail
      X-MS-TrafficTypeDiagnostic AMS0EPF000001A2:EE_|AS8PR03MB8003:EE_|VI1PR03MB10063:EE_
      X-MS-Exchange-Organization-AuthSource AMS0EPF000001A2.eurprd05.prod.outlook.com
      X-MS-Exchange-Organization-AuthAsAnonymous
      X-MS-Office365-Filtering-Correlation-Idddb330dc-5642-4537-a966-08dd1f98734f
      X-MS-Exchange-AtpMessagePropertiesSA|SL
      X-MS-Exchange-Organization-SCL1
      X-Microsoft-AntispamBCL:0;ARA:13230040|7093399012|82310400026|8096899003;
      X-Forefront-Antispam-Report CIP:91.207.212.148;CTRY:GB;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mx07-001ef801.pphosted.com;PTR:mx08-001ef801.pphosted.com;CAT:NONE;SFS:(13230040)(7093399012)(82310400026)(8096899003);DIR:INB;
      X-MS-Exchange-CrossTenant-OriginalArrivalTime18 Dec 2024 19:16:18.6100 (UTC)
      X-MS-Exchange-CrossTenant-Network-Message-Idddb330dc-5642-4537-a966-08dd1f98734f
      X-MS-Exchange-CrossTenant-Id33135fa5-f5a7-4d5c-8632-9a17d4acfa5b
      X-MS-Exchange-CrossTenant-AuthSource AMS0EPF000001A2.eurprd05.prod.outlook.com
      X-MS-Exchange-CrossTenant-AuthAsAnonymous
      X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
      X-MS-Exchange-Transport-CrossTenantHeadersStampedAS8PR03MB8003
      X-MS-Exchange-Transport-EndToEndLatency00:00:17.5588460
      X-MS-Exchange-Processed-By-BccFoldering15.20.8272.000
      X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
      X-Microsoft-Antispam-Message-Info Gbu8fB4gto4q3mSrZF44DTpCHRuezw6/lZ3/2qi1st5rjR1SQSLcX2YcM5X4CZ5UBwshRrQUatOB4piTGvwcxceNc0e23F6yMLi63V6D9TI8roOj/BchHTXEwZfIxO9vR3mawGlGRBgBLfEtYEKcI/Q4fzAG6r4LcHPshpVUAyUzgBSJ1DVT2rqxznVmwa6KHw42uJTtMzJq+MEMpFf1+b/WQPHb9MUXKw3Uqvu99/WRABmjesbkCsjjrKE1DkSjqSdUUyUfw6Grqa502Plg1JgcnnMs2SxVvZYBTms/ZGaZWGk++Pf5Pe3e2wmcwV0qq5lt4uKf3qZyRb5w5NUke78lVfHSI/ksPfgp7ApvmTtcgGeEfeJpbB3Xd4h+wrmy7hxQB/8cLBPrTwExoQYApPxHM4tY54E5FVB1xmGsxxD6bfDidWhX4pNvla7Vaelv7X/ZL/QIrCupHNsNiqnSf1R4VFQKrBFL7Bpr2vPQlWHA9/zne4nt6jMF93KnzHiruxtInayRLeL8HINgDB4ejtBGSyzsEH1UtsMK8riynyiYBaa14MQkoi0eqlsXZWL7gbJ5OmGga1l/NQLI8XjK9R6FKImmVFBM7V1xgk4Nenv/pkYdxW4+brjYxQoYAJLDtfTmIYOL6WgIjxoIVKyiHeRdsDKkL41HLaEuHY4XqhmWLB2/kjAz+p+7vkQUXLGOqDioAcjaQpdBdyNOs1y7ta1Cwkwt2Em50JrRlD8EwAw95c8d5zmFVYlwQUv5AXXGBWwcnxWK/v5OCtwFW4KpMamfgJTbJpacGT7t3863U5BPO8/nydOFs664Y15ITrjAUT9WJ3aXmTQ0gTwE0gVqPmOJnICJRZR+CV/Xaor6A0esZCNtrxM9+WlPE+OVfgkVOjxo7iKwzbbIKTKF8pT9wFcuxXqYiKTXhBQsSwrWm2QgO+tcCBlGGpfJUbV6Ko1x4hPBEPdzXAK3LbgcpUsbSILWSqbbymhCQOQ9uwgaJBflRCIJgT3mYUImpUl7jmPzd3gfYVr00gzElrTjHrqvAluaz/v3W8MVS90TeP4rLnUYeN57VzlCN8qJ74Yv8MHtmQyo84nb0WNDln50VXBM4hFw8hTboIQpSFiIh4wdOokCz4h4Eb1VpPLjjhQP/PPfl10sMHaQNT38gzqAEhELembpGoV15De0VYw1yN8xFSiymCuvw+hbiIdU4QpZcQa0nS5lnC8YoNts+KwIIP9duvt4kFGQBIKdlth9XXK4Pxy600YiKxNUjYYXDaQlreV+Q7+0OPN0eogbVsC9c7pF/Uwmqixbi32Imrcq23WgQCncN2l2qhpJZSjb4a1/k+u4g+OcI+rEgLOVG9UAW/t7S22Mw6ot0tImq36RN3lcULSKxOxuJwgdFKze5axV7860ZeQ4c5kqHzgMj4BYYNhyJIraVr2GXEgOMQS+1aCFZ/TuhAqT91fY5B0UzBJMHJq5ilgqgceOV+Fsvm4zQ1CjpYnddn++RxQQbjlW485ZTZauxcA/cLam8SiaS+rmqbjuks/3yzZZQnpwi6HZ74yMjrFwjpH53cuokMaMlmtorLZns1wT7JWg0Lf6Ui37ICW2+lYjvJM8INralf1HT3NsgnKLSwjnDcGeC8uSNU97O7cfwmH/qn0Fmn52g2to/ZpCPqc7tv6wkIymcJijNDkKCX1TJxwwkl1e8D6HdBa2gpI05lJpxP+dx3bCoCrjQxaSCs9qlrpkoaqXtYTM+ncVSISihATrWT/RuHvzY819loeWPsiWYGrv8Qcy0UWZSZblPvz2w656grr0ch87owFi1BATMN07I+o2FyXwnQ/aDRJj6umOA4ZVTpw1d8nX/D0SX5LzWiW20F7OjOynSxYfF3VqGc1T0MkZZM6OdTH7xHxOSXNzZHPplV7xweoKg6ierMLs0TheAsE3nzmynCctLvFHTlaGzYW1qh/IcZevzyA8iUFBPACefmB5xZbmDxyV
      MIME-Version1.0

      File Icon

      Icon Hash:46070c0a8e0c67d6