Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
email.eml

Overview

General Information

Sample name:email.eml
Analysis ID:1652708
MD5:4f4f36405e8095c2525562aa30cf6786
SHA1:6701810da96da864155601c59ac0c48265fb9159
SHA256:bb092b96f3091526443ba5da96ee9568fbfed94adbdaa21c9aeb55285239369e
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6916 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6256 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8359C3C5-DEF4-4E22-8B59-36BD574866D0" "C96CF80C-3A53-44C9-9397-6F4213EDAC78" "6916" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 6440 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\MIY8VJYR\e0473.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 1568 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 2908 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1596,i,6278006168505738505,14116349858813074931,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6916, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\MIY8VJYR\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6916, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: EmailJoe Sandbox AI: Detected potential phishing email: Email sent to 'Undisclosed recipients' which is a red flag for mass phishing. Sender email domain (udec.cl) doesn't match with content about rent payment (appel de loyer). Contains suspicious attachment and mixing French content with Spanish name sender
Source: EmailJoe Sandbox AI: Detected suspicious elements in Email header: High SCL (Spam Confidence Level) of 5 indicating significant spam characteristics. Email categorized as PHISH in the Forefront antispam report. Suspicious routing through Netherlands (CTRY:NL) with potential IP mismatch. Multiple spam detection signatures in Forefront report (SFS codes). Proofpoint headers present but showing suspicious routing patterns. Mismatch between return-path (udec.cl) and actual routing through outlook.com. Presence of extensive Microsoft antispam info suggesting triggered security checks. Multiple security product detections indicated in headers
Source: EmailClassification: Invoice Scam
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: classification engineClassification label: mal48.winEML@21/42@3/18
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250331T0606360510-6916.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8359C3C5-DEF4-4E22-8B59-36BD574866D0" "C96CF80C-3A53-44C9-9397-6F4213EDAC78" "6916" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\MIY8VJYR\e0473.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1596,i,6278006168505738505,14116349858813074931,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 4388C2D4421AF03240C3267A426E1064
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8359C3C5-DEF4-4E22-8B59-36BD574866D0" "C96CF80C-3A53-44C9-9397-6F4213EDAC78" "6916" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\MIY8VJYR\e0473.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1596,i,6278006168505738505,14116349858813074931,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media2
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
e8652.dscx.akamaiedge.net
23.197.253.105
truefalse
    		high
    s-0005.dual-s-msedge.net
    		52.123.129.14
    		truefalse
      		high
      pki-goog.l.google.com
      		142.251.40.163
      		truefalse
        		high
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high
          c.pki.goog
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://x1.i.lencr.org/false
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              23.51.56.185
              		unknownUnited States
              		4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
              54.224.241.105
              		unknownUnited States
              		14618AMAZON-AESUSfalse
              23.47.168.24
              		unknownUnited States
              		16625AKAMAI-ASUSfalse
              23.210.92.197
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              23.197.253.105
              		e8652.dscx.akamaiedge.netUnited States
              		16625AKAMAI-ASUSfalse
              52.109.16.112
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              52.168.112.66
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              23.209.72.172
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              52.109.6.53
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              52.123.129.14
              		s-0005.dual-s-msedge.netUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              52.111.227.28
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              172.64.41.3
              		unknownUnited States
              		13335CLOUDFLARENETUSfalse

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1652708
              Start date and time:2025-03-31 12:06:03 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:18
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Analysis stop reason:Timeout
              Sample name:email.eml
              Detection:MAL
              Classification:mal48.winEML@21/42@3/18
              Cookbook Comments:
              • Found application associated with file extension: .eml
              • Exclude process from analysis (whitelisted): RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 52.109.6.53, 52.109.16.112, 23.209.72.172, 23.209.72.141, 23.210.92.197, 23.210.73.5, 20.190.190.132, 20.190.190.196, 40.126.62.130, 20.190.190.131, 40.126.62.129, 40.126.62.132, 20.190.190.193, 20.190.190.129, 52.111.227.28, 52.123.129.14
              • Excluded domains from analysis (whitelisted): omex.cdn.office.net, us1.odcsm1.live.com.akadns.net, odc.officeapps.live.com, www.tm.lg.prod.aadmsa.akadns.net, a767.dspw65.akamai.net, osiprod-ncus-buff-azsc-000.northcentralus.cloudapp.azure.com, ncus-azsc-000.roaming.officeapps.live.com, roaming.officeapps.live.com, dual-s-0005-office.config.skype.com, login.live.com, eus2-azsc-config.officeapps.live.com, officeclient.microsoft.com, wu-b-net.trafficmanager.net, osiprod-cus-bronze-azsc-000.centralus.cloudapp.azure.com, a1864.dscd.akamai.net, ecs.office.com, prdv4a.aadg.msidentity.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, cus-azsc-000.odc.officeapps.live.com, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, us1.roaming1.live.com.akadns.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, ecs.office.trafficmanager.net, omex.cdn.office.net.aka
              • Report size getting too big, too many NtQueryAttributesFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtSetValueKey calls found.

              Created / dropped Files

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):290
              Entropy (8bit):5.214100514366906
              Encrypted:false
              SSDEEP:
              MD5:E964B09C813F8BCD463D288941288EAB
              SHA1:4C902AC9C32001D79059AD0F416CA047EEEBF9B2
              SHA-256:45150072451541C8B9C94ECF2337B6CF303D543DCF8F9A8E2E8C1316323D2F28
              SHA-512:2E1A558927BF6D2B7CEDD8282E6072A2AAB2954F138D8F8696CCEC60FA56E36DE4C69F32755AE93D3BBFA8342E15BD051B14FCB8450A7E56945544527D28A106
              Malicious:false
              Reputation:unknown
              Preview:2025/03/31-06:06:44.929 1a38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/31-06:06:44.932 1a38 Recovering log #3.2025/03/31-06:06:44.932 1a38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):331
              Entropy (8bit):5.2165366384468195
              Encrypted:false
              SSDEEP:
              MD5:2233710878B7B3B3EB0CA1D8B8AF48B8
              SHA1:7F22D5C53D0467D38533F42345C452E67CF7CF00
              SHA-256:E20784D26070A9E2133E2B92EEC0327EE6E835700541D03102E5ADA9D6CA5808
              SHA-512:49760E95EA5E047E5A4426E2602BAC605F2407ACD62C7A1DDA6626787C66B31BD0BC38510C6A2E18FC53B9E310DC11824712A29B7A6A3A481D11F2D6A787BD65
              Malicious:false
              Reputation:unknown
              Preview:2025/03/31-06:06:44.795 5bc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/31-06:06:44.798 5bc Recovering log #3.2025/03/31-06:06:44.798 5bc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):4099
              Entropy (8bit):5.2258571335585025
              Encrypted:false
              SSDEEP:
              MD5:17092DDC6E91684E58648593C4EBB488
              SHA1:AA96E15D9CB290B81493F916580FA094F68C0D1F
              SHA-256:CED9583FC4A4D3FCF97475E46BC435E997DA69DE6F0202852521073938EBFD5B
              SHA-512:7AFEED93C45C2E430E96855C73405D3E2EB7206A275B33863DEE93C3AE99F1316250E5F3617E2E337308496A7B30418BBF9C077C59A616675F3D35A0BA3CA454
              Malicious:false
              Reputation:unknown
              Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:ASCII text
              Category:dropped
              Size (bytes):319
              Entropy (8bit):5.19831870730964
              Encrypted:false
              SSDEEP:
              MD5:7EF458D795289017FF4386D428809FBA
              SHA1:D267C8F51C6E50921457BF19B8C5EDEB48DC16B3
              SHA-256:6732CFE219885985F4E8B9455C27B478E95DD5C91F23ACBA6ED2C65124E82C84
              SHA-512:90CB4413A82079A73697A475779C8374792D22BECAFB0665AF3E8F4A0376E61C753F0128848D282FD3478AD367F3729A4C1287FE08DDD2D5E5A35E68769C17AC
              Malicious:false
              Reputation:unknown
              Preview:2025/03/31-06:06:44.997 5bc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/31-06:06:44.999 5bc Recovering log #3.2025/03/31-06:06:45.002 5bc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250331100648Z-174.bmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
              Category:dropped
              Size (bytes):65110
              Entropy (8bit):0.8428577196316418
              Encrypted:false
              SSDEEP:
              MD5:F7A2EACDF6D5C79441FC6CE27F8B2B5D
              SHA1:0D15EAA08C6EA6B0DEFDBBA4B19A753570940C65
              SHA-256:8A1ABD7BE39F723BD62D99B2F558FF105D2BF3627DD22F47F02F3B198BE04247
              SHA-512:71C0F8B1637F92A4AE60D65629B5EFA3E236E33E0336F04841426525DCC3B838368E0AAFBCEBFD2A3DF32820EAD31D8034D76FFB1116626FC13E807252695CBE
              Malicious:false
              Reputation:unknown
              Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
              Category:dropped
              Size (bytes):57344
              Entropy (8bit):3.291927920232006
              Encrypted:false
              SSDEEP:
              MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
              SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
              SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
              SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):16928
              Entropy (8bit):1.215418054617577
              Encrypted:false
              SSDEEP:
              MD5:B692800E0B62EACCEC8397B64573BF9E
              SHA1:E2AC157124E742C62A48E5309C99829B9A1A08AF
              SHA-256:A1C2A8FF0FCEC0857B56C4EB3411FD2DEA20DF50AABE1AB5BD8A18B84DB13ABA
              SHA-512:94278630BE2AF0E308ED31267EDEE0500FFF6E152FDB0634687B652A7B1DEE2DD6AA80801DD6C1606C2CEF286671D5BE7CE9808B70113CF2F268400B46C9B39C
              Malicious:false
              Reputation:unknown
              Preview:.... .c.......j.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Certificate, Version=3
              Category:dropped
              Size (bytes):1391
              Entropy (8bit):7.705940075877404
              Encrypted:false
              SSDEEP:
              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
              Malicious:false
              Reputation:unknown
              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
              Category:dropped
              Size (bytes):73305
              Entropy (8bit):7.996028107841645
              Encrypted:true
              SSDEEP:
              MD5:83142242E97B8953C386F988AA694E4A
              SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
              SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
              SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
              Malicious:false
              Reputation:unknown
              Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:dropped
              Size (bytes):192
              Entropy (8bit):2.746484906506307
              Encrypted:false
              SSDEEP:
              MD5:41BBC699335000FD244AC4E3A86D0293
              SHA1:A96E1CE153E0039944040CEC0FC405963521A956
              SHA-256:1C050A33C7866659A0FA3593381DE0B0F841A5FC55EB49C0DB1F6B12B1F1CC02
              SHA-512:EC8EE4DE89AE8F32707768F65E504463AF9E6EE5AEA18A7C70D53D7962AAA84D4F9179400B7E9E47A5A66EF49A8A7AFF630366FBD6A55DCF878BEF68E1B21DDC
              Malicious:false
              Reputation:unknown
              Preview:p...... .........+W.$...(....................................................... ..........W....Rb..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:data
              Category:modified
              Size (bytes):330
              Entropy (8bit):3.1775909548973056
              Encrypted:false
              SSDEEP:
              MD5:97ABA28AF28F88C4E01858C31F33C27F
              SHA1:B264C1A7F3AF77AB77C4B326F2011A9BD8271F9A
              SHA-256:7B62C789CB3029B83B0E9C94BCF08DD50442FD849304F1447FFDFF985D159DD7
              SHA-512:BA613B9BB8BC24D7FD002A9B3DAAFBDA39A26A277AC0303D76C257E418B55A13A50FA6BB238DA4C9BD5FA6F2C25BAFF626931409C725BEC1B5C37E82E1E83632
              Malicious:false
              Reputation:unknown
              Preview:p...... ............$...(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6564

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PostScript document text
              Category:dropped
              Size (bytes):185099
              Entropy (8bit):5.182478651346149
              Encrypted:false
              SSDEEP:
              MD5:94185C5850C26B3C6FC24ABC385CDA58
              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
              Malicious:false
              Reputation:unknown
              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:PostScript document text
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:94185C5850C26B3C6FC24ABC385CDA58
              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
              Malicious:false
              Reputation:unknown
              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):295
              Entropy (8bit):5.390117458689603
              Encrypted:false
              SSDEEP:
              MD5:08333AA82C69407A93F698D9732BBBD5
              SHA1:2F991A4A8EAF8A5C0302A6582166DA3D554D15A3
              SHA-256:53B693D3C8066681BAE753FA3EBC898C679A9DC471B7E3A86CF1DA246C137B1F
              SHA-512:29AFB5CCC790B33F88D150FD6DDE57EFFCD550E304AB282C03939190E77030AB829261A96D064551EB7D41BA2158580C8D32627EC733090F84728C504008AD36
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.340516939893924
              Encrypted:false
              SSDEEP:
              MD5:E7CB95F32CA2BB5785992F6938D70C91
              SHA1:6BE5F99F2A0E95D993C6FAB4A2E54A9E52D9CEC5
              SHA-256:082842FE9E297A4391710817C9BB76C8CD3C4D9ABD3E15D3746286EA2A668431
              SHA-512:737070632FBC5D9ACA32CB8CD1064429BE6B4AC5D51B894B950F4F3969CBFF4577FCEE6035272517291095743023A5A7D9433BBDDA18BAD9E85F190902569D51
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):294
              Entropy (8bit):5.318060138112546
              Encrypted:false
              SSDEEP:
              MD5:3788697D42AA58DCDCFCC09D7CE34691
              SHA1:3530FECAA7582AD303BC50680B0F731A84AC1862
              SHA-256:BDEFFE9A0425DC40F4C4452A285712320BA63916BD00975F8E0FC00A052D1031
              SHA-512:3FBD1D3B76AD834525F2FA895D093E405EE5EE1327879D5CD007F398F774F4C3679B332E88E1BE6BD58F4D48BD95C950D1AFB352C7BA1795A9D74C65ABCC8FAF
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):285
              Entropy (8bit):5.3794363868120865
              Encrypted:false
              SSDEEP:
              MD5:C37B9E3FF34B4C35088634478ECAB80A
              SHA1:D7340245EB7068EBBA376BDF5D0507788B2111EB
              SHA-256:000D33A67954AA93AE90C761C6E4594FCFCA3D7068C467B603F004571C607620
              SHA-512:A5CD5C22F56B49BC735159A47B95BF9C371D16993BF9FB349FBBF44EC48414FF2036CCC696BE8D6E0BED3674CA1ECD3EB87954B840D9A0166A49A39DE26C287C
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2129
              Entropy (8bit):5.843993944252459
              Encrypted:false
              SSDEEP:
              MD5:F89F0F98A715D435E3A7CE3F2DB45868
              SHA1:6E165A47D5C1F59A79601DB7EF6AF1F003CB5DB2
              SHA-256:737137CD12F07B52334C52C85F43E2549B01A2C3D595B4B85D69C9AC5394B2CF
              SHA-512:F73DD4DD2F8AC7F48397BA228A00E54801633DD2243584C1A5F76C3E1940FC9241C15AE247392FDD820D8CF295F99A6A79B9C2891F515AE5F01D1CFF2AC6B6B3
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.330261365792041
              Encrypted:false
              SSDEEP:
              MD5:0C27233C2F7EC70443F113DE71953DE3
              SHA1:EBDB2C9AC1D821BC245C3B4DD1365A23F6736F90
              SHA-256:FA2653CFC160DFDA5AB47BB8539FFF2F41722A9791A9EE3DA707D202410011AD
              SHA-512:48230DF2E38DE49D85C6687B13AAFF628391A64712100C9D8898D10ABFAB5C3158EF8D10709B885FB90CF9592FDAC8622C4097BBD9874EEA1552DFD1A00E4E1D
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):292
              Entropy (8bit):5.332563886035976
              Encrypted:false
              SSDEEP:
              MD5:7C3D915AC4642F9F696B3397B6B3E3DC
              SHA1:B04D9C3B9DD3F80B460277EFF591186721C944D6
              SHA-256:1274BE8EB064D2D7A8353E7F79298216B15B152327639021871CC1FB3F9B24D7
              SHA-512:6F6CA898B520FB2F9D04ED69590CA8EA0431631DE280FBBCE751B86B06DC6CF41CD8A112F5C86E5F48CB4582EEF70CF9281E9C14B2695FE47C71EB1C6F951B1E
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2080
              Entropy (8bit):5.830190901213531
              Encrypted:false
              SSDEEP:
              MD5:E2B6F2B630675ED43B59F0E6D2CBE792
              SHA1:0E3159AD24975FA9CE9864742A7ADB48888AEB65
              SHA-256:4717A76650765058268A2B1B12D5E73FB8B9E870EE980B85B563BDF8272C3B78
              SHA-512:626E8DC64190839FD0D0ECD88CDE41E3E18A3FE83024B1281B6E7C3E7ED47A2BCAF724DE7C3FD8159997FFAA2BD8F875281147DB3DBD0C6EE2B0F4B5F02DCC48
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):295
              Entropy (8bit):5.356797621069621
              Encrypted:false
              SSDEEP:
              MD5:BFD6B94FFDF13286A3CDBDBA0F25651F
              SHA1:AD85D996F3AAEBA02F2940BA12731EDC4E7E37FD
              SHA-256:88906E28C771ED04F8D5D2FF8D49E9C6540E7B746DD79D42F228D8109570D5E4
              SHA-512:EF55C14247DAE086C96FCCC4B2319844134EC41A1AF2EB6B14873323473663A90840C6FDA3A75A92A51DA8D8A29C38AD867774591E963CBBB18061096A66795E
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):289
              Entropy (8bit):5.337612517276086
              Encrypted:false
              SSDEEP:
              MD5:C62A54BA2DFE9AEF63DA37B2F9C25B23
              SHA1:397C2A395308EC381AE49EF148EC113F0A9D7F5A
              SHA-256:638D4F0D5E986D631ED6A920D81F2E1740DDC5102E143ED3376552E2D11112B6
              SHA-512:956CB2358032FE281B9DFF7505B49B0C2E957A12E2E0ACAE5B2CF931F707A922837F95396E617B80B894DAB96C1FA348F1AB03A0E6B5AA91073743321B61414C
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):284
              Entropy (8bit):5.324007380771484
              Encrypted:false
              SSDEEP:
              MD5:CB9338EF6683DB39DD93E0CEBEEDDC45
              SHA1:EC878FA35A02FC652E40233E76EB9DC34A3269CB
              SHA-256:4CED42575A7493874978D6D884B7F0A2572C3AFCF9FFC148DFE9A18237F67410
              SHA-512:78AB53389D4745C6A9DD8ADF14718C2FD8AE3B952123778A38E11E691FB5662EB2ECEC85F6952F27F9B16DAA62AAF85DB42CE088CDE0D33E4996069ACB26D2B4
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):291
              Entropy (8bit):5.320901109676575
              Encrypted:false
              SSDEEP:
              MD5:93EE4773DD57A899252E1D42B5DD075B
              SHA1:96923432E7986198B9FBBA04D985A8A1C640056C
              SHA-256:71E63F6E5DC72BE46FEEC124AF03B3944177854A60964E14E66F843C49AB5B98
              SHA-512:306E946F1082D5663BEF2930C4912324840DA771BAA413BADF5B142A3C1A02C17DF77BBF9D4BC6E4330812E4DB1823D92B8ABA4E0FBE9E4FF3D868900370F406
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):287
              Entropy (8bit):5.324153293307489
              Encrypted:false
              SSDEEP:
              MD5:A812C8A0CCB323C7F53099508C777D90
              SHA1:5DFCD7341CFDA79E3DBAC017D17CE94BB96E3E09
              SHA-256:D19439EBF58C5EF58F051F93BEF94F408515E6C0B3A469C1E11248E79F1ABA77
              SHA-512:C583EC00A0F06390CEE5EC3DEF1019D48392F578590BAB958517EF565D6863ED4459DF2D6F3250852BB28CC281574793A8FB0C70F0FEF6863746AD6E748B7436
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2028
              Entropy (8bit):5.843912594196456
              Encrypted:false
              SSDEEP:
              MD5:87E0A214667080FDEF460300879A1E69
              SHA1:8E1B8C3E632E0954EDAD822571E4B80F9210281B
              SHA-256:C581D2BEE185A25E890080D60A1A8AC6C517CBC74D605836DBCD0D147DA36B6F
              SHA-512:7ADB3C7DD426B7B9878B87F2D178B6573E8EF1BEEE42376A495BA4EDAB2539C9A642D6C13C2D7B06CA939237BD02495218666D56246B5108B0A2527B06EC2A76
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):286
              Entropy (8bit):5.300975710671061
              Encrypted:false
              SSDEEP:
              MD5:E976F4938030BFFFE380A5AC8C0F93CE
              SHA1:10DE04E3E10E9D3F82C18739CDEA53EDB2D3E325
              SHA-256:FE94332F1AD03A89A1C1CB85B16C01056BA94AFCA83B1B3CF0F02F5CA54A7F45
              SHA-512:29432677A776A20FF5A57455498521173DF9700E667E2950C962F3AB21F4A8BAF740A6C2C760E8D4ECB703F0C94B0A3DD65FC2F38453A824E5AD7B1123641E26
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):282
              Entropy (8bit):5.311557169924597
              Encrypted:false
              SSDEEP:
              MD5:A779BAB58B463C80343B178456A04018
              SHA1:2642D6F6A07C71307361898010F3C73E16F6FEF8
              SHA-256:98EAE96861882B093BE01B053A51D269F64A0C0BEB77ADD38E20B30EE473A3FE
              SHA-512:243ACA61B6C1C867C8FAA3494142389E9133FFFB2B7F044BA161D2D0D986AF68E3E556F8176AD495E82E9F8975574AE70E1A785EFDFF6F86E12F3D2D91AE02BE
              Malicious:false
              Reputation:unknown
              Preview:{"analyticsData":{"responseGUID":"f4c464b7-58d0-4438-849c-b9120c3f389b","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743595463718,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:data
              Category:dropped
              Size (bytes):4
              Entropy (8bit):0.8112781244591328
              Encrypted:false
              SSDEEP:
              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
              Malicious:false
              Reputation:unknown
              Preview:....

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):2815
              Entropy (8bit):5.139521605145859
              Encrypted:false
              SSDEEP:
              MD5:8DD9CB97F29755C0A783FC6C462D1D59
              SHA1:DDF072447B44ADCCF0C4C064EE0D81F17AC05A83
              SHA-256:E88BA0C4C86FD2170D27980D8446EBBF4C00E81FC981462BB084F7961BE95B6F
              SHA-512:B2D4DFD058949FA5C8CA657A9DC9639883EB12FEDE7975F11995ED0E63E07C91B31B0D390F85FB29068454D360B86B928B116056A92430201828361A250B3415
              Malicious:false
              Reputation:unknown
              Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"033f556d3ba89bd35beb1f63ad17d559","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1743415613000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9f73f3619ebf2bcbf15b451749aec1e8","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1743415613000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"5276e92eeb60061048846ae21d4547e3","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1743415613000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"1f8db6ae867bbe1b6e9c2b882b1b10cb","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1743415613000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b2bb6c568ae108ebf7366f39b59535dc","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1743415613000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"b19e5c1eacc0d3e0f685e20b9a5ddf75","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
              Category:dropped
              Size (bytes):12288
              Entropy (8bit):0.9870028878154626
              Encrypted:false
              SSDEEP:
              MD5:897DD26D636FE98D5813BC7CF6C2DDAE
              SHA1:DCC21413C73703BAD2E15F97E85B7E8FCE6371D2
              SHA-256:F8F99EFF7E1B91E8D2B90A7BBF4E864525476ED92E8F2C7D9CA943114CBCE3E5
              SHA-512:94328B6C48AA10CCBC9B1941172FC8C5633FE54E06951A11F74F4FBFBDA7E7D4886518518F95F79E0BD9A2C7B2333C2245EA63940F1A03971744A16B8BEFED3C
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):8720
              Entropy (8bit):1.343873912774059
              Encrypted:false
              SSDEEP:
              MD5:86154E98DD5BC3B5E6D7AB27CBED54D9
              SHA1:A25421D9BDF9570C06C0CD002DBB735273C13ED1
              SHA-256:E19E20165524DBA65AA203E8281D8CCAFF2ADF0C01CDC624AB3EBEE661BA8BC4
              SHA-512:7B009CBCB6904837C3F707C854CF413D32B0B59035DF63564694A1E1DDF1B9DD6513FCBE6EFD64E5C9850DB4490CECE1B3BDC1BC5C3F557F7C0E81B36D7D2DCA
              Malicious:false
              Reputation:unknown
              Preview:.... .c......g........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\MSI45146.LOG

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):246
              Entropy (8bit):3.5248044522866877
              Encrypted:false
              SSDEEP:
              MD5:365C0BE52820AAE7FF9F54539CABFC1D
              SHA1:5493BAD8CAAB3C439BCEF0DAFE8AB2AAD37D1E40
              SHA-256:6A640CCC87C2A9EF3028B13F60C897E8AD6C48C74609E27ECE7B95A31FBA23F4
              SHA-512:F595F5627FF9960DDAD282B515B184854B81EC6238A5A01D2D28C73CECA5F55AF5C62E8F7A827A50EA5881D4F88673B47E9002E3080AB9D977BF082D334A637B
              Malicious:false
              Reputation:unknown
              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.1./.0.3./.2.0.2.5. . .0.6.:.0.6.:.5.3. .=.=.=.....

              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250331T0606360510-6916.etl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, userbration: offset 128.000000, slope 144370274773499904.000000
              Category:modified
              Size (bytes):200704
              Entropy (8bit):4.873454796855963
              Encrypted:false
              SSDEEP:
              MD5:CBDB9DAA16A7D324691DECBBF51606DE
              SHA1:F552F1AF83FCA67C5A4189C90B0B2735E8C63EF1
              SHA-256:3EA7FD4111B849B38C1664CB24FF619656CAF070708FC25B08345251CD4FB294
              SHA-512:4DAC3B1A1BD28D1164F6ACEA594E7CEAB2A37781DBBE946E6F9E01F2C882F6AB042D4F4FD359930853ED34C8455F74B6D539D8D3B859CBA6594E9D81CB27FC3E
              Malicious:false
              Reputation:unknown
              Preview:............................................................................`...............$...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`.\.2...............$...........v.2._.O.U.T.L.O.O.K.:.1.b.0.4.:.0.f.6.3.8.2.7.7.0.9.7.d.4.3.a.4.9.f.a.0.7.c.7.f.d.4.c.0.a.5.4.a...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.3.3.1.T.0.6.0.6.3.6.0.5.1.0.-.6.9.1.6...e.t.l.......P.P.............$...........................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-31 06-06-48-399.log

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with very long lines (393)
              Category:dropped
              Size (bytes):16525
              Entropy (8bit):5.353642815103214
              Encrypted:false
              SSDEEP:
              MD5:91F06491552FC977E9E8AF47786EE7C1
              SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
              SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
              SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
              Malicious:false
              Reputation:unknown
              Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):29752
              Entropy (8bit):5.422404659464444
              Encrypted:false
              SSDEEP:
              MD5:FA9126444702FD73494ED597F4EF67E2
              SHA1:EA07E88BC1B34B10FD619EDB2631CE36360718FB
              SHA-256:2C32805234050DFBFBDF068817486F97926C28A8C875B0B41FA5FD1D40C487C3
              SHA-512:A1A963C108C842BCE76DCE8B7D1B7F77B4ACD721C6788C6A8B66991774EA9541A346BE7A972F59F9697254988522210A5EFDF879DE741F7CFCA305AAEA512369
              Malicious:false
              Reputation:unknown
              Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

              C:\Users\user\AppData\Local\Temp\acrocef_low\3509e87d-bbae-438a-87aa-ba78521515df.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
              Category:dropped
              Size (bytes):1407294
              Entropy (8bit):7.97605879016224
              Encrypted:false
              SSDEEP:
              MD5:1D64D25345DD73F100517644279994E6
              SHA1:DE807F82098D469302955DCBE1A963CD6E887737
              SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
              SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
              Malicious:false
              Reputation:unknown
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              C:\Users\user\AppData\Local\Temp\acrocef_low\59e9bb8c-dc20-4c11-9da2-94dc1d544201.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
              Category:dropped
              Size (bytes):386528
              Entropy (8bit):7.9736851559892425
              Encrypted:false
              SSDEEP:
              MD5:5C48B0AD2FEF800949466AE872E1F1E2
              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
              Malicious:false
              Reputation:unknown
              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

              C:\Users\user\AppData\Local\Temp\acrocef_low\5bd53fd5-fec9-4685-a3a2-68cef5585aab.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
              Category:dropped
              Size (bytes):1419751
              Entropy (8bit):7.976496077007677
              Encrypted:false
              SSDEEP:
              MD5:FFA982D6F2F9B46A1DECDD28BF3EF0E1
              SHA1:B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8
              SHA-256:93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B
              SHA-512:BF2931508F2039FFF4A74EC9B2FF2706FCF05DC5D56E22CA9C74B7C4AF9E8B4173419791DE648FD77AE7C4B441734E7C70C964A2B91C816FC98C9BA78BEB7879
              Malicious:false
              Reputation:unknown
              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

              C:\Users\user\AppData\Local\Temp\acrocef_low\8e134b36-b010-4ba9-9847-8f4914135308.tmp

              Download File
              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
              Category:dropped
              Size (bytes):758601
              Entropy (8bit):7.98639316555857
              Encrypted:false
              SSDEEP:
              MD5:3A49135134665364308390AC398006F1
              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
              Malicious:false
              Reputation:unknown
              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:Microsoft Outlook email folder (>=2003)
              Category:dropped
              Size (bytes):271360
              Entropy (8bit):3.428094818294148
              Encrypted:false
              SSDEEP:
              MD5:08431E6636097064ECD7BAFF456DBDFC
              SHA1:1AAAF3FE614D9CC499E0125DCA7F974E8F808FA7
              SHA-256:28B634245791DF22184F0B8B8853A2392282F0C8505351ED763765C852E4E950
              SHA-512:16860F488303CB2DDC0B4ABF8812B806AA0784437131D933EFCD358D4FE5AE1575E703BF703DEF22C2166DAA3CAC0C50D6DA8598EAB260B20E1927EB5A285BDA
              Malicious:true
              Reputation:unknown
              Preview:!BDN^V.fSM......\...3...........].......G................@...........@...@...................................@...........................................................................$.......D......................U...............\.....................................................................................................................................................................................................................................................................................................T........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):131072
              Entropy (8bit):4.98403839491686
              Encrypted:false
              SSDEEP:
              MD5:B7556A4F4D12B5F9182FCD7180D44536
              SHA1:F96D1C4FDDF97E1B1F3F5F1BD2FE55894D7B842C
              SHA-256:CBDCB79308D6CF5A86CAFD87790E7F0BDA0F600D07051155C59DB92896A4C9F5
              SHA-512:666D738DA39995AB80A188FEC02EB1CF5FB4CBC7180636CC110E4DB68FB0283B109AECD27E0FD113A4C75E635E756250801B7B63593EF0E1E2E105323AB3FADF
              Malicious:true
              Reputation:unknown
              Preview:....0...6.............`.$........4............#.!.......................q.......................&"......................o................P.............................O............................................../.......................h................R.................................................................................................................................................................................................................................................................................................0.8.+.........u.0...7.............`.$.....................#./.......L.......................#.......................".......&.............................b'...............................0...............................C......................."....c..F.............................aG.......D....................c..P.......x....................c..c.......d..............."....c..f.............................ag.......@....................c..p.......

              Static File Info

              General

              File type:RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
              Entropy (8bit):6.183446031397393
              TrID:
              • E-Mail message (Var. 5) (54515/1) 100.00%
              File name:email.eml
              File size:52'413 bytes
              MD5:4f4f36405e8095c2525562aa30cf6786
              SHA1:6701810da96da864155601c59ac0c48265fb9159
              SHA256:bb092b96f3091526443ba5da96ee9568fbfed94adbdaa21c9aeb55285239369e
              SHA512:27e026eea1b73e83b6f98641bec69e39d50de1f3609ba548af53325674c0309af4e8241c4519a969e99e3456b7cfbe755a3780bbab5997abccba933b71d7e903
              SSDEEP:1536:MZ5w4fguZ3+US7sURzdiGFdDUvjoOeH+q97vgR:MZXgsYnRRdDUvcOzQ7IR
              TLSH:C233D203EA1718B057B2225FCB67FD4691422B50D5A38CF03764A157AECE7730799ACE
              File Content Preview:Received: from PAXPR03MB7609.eurprd03.prod.outlook.com (::1) by.. PR2PR03MB5212.eurprd03.prod.outlook.com with HTTPS; Fri, 28 Mar 2025 14:42:36.. +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=fail;.. b=eXcJSzJ1XrW8FnN4//nAsu7

              Static Mail

              General

              Subject:Appel de loyer
              From:Pablo Vicente Antonio Lara Soto <pablara2023@udec.cl>
              To:Undisclosed recipients:;
              Cc:
              BCC:
              Date:Fri, 28 Mar 2025 14:42:27 +0000
              Communications:
              • Bonjour, Vous trouverez en pice jointe votre appel de loyer pour ce mois. Nhsitez pas revenir vers nous ds que possible afin de rgulariser la situation et viter tout dsagrment. Merci davance pour votre ractivit. Cordialement, Outlook para iOS<https://urldefense.com/v3/__https://aka.ms/o0ukef__;!!PWAseTJI!_tKeDED8kkeFQaeiNd1SVBULiaWDrmclwLbE0mm3HP15Cwdx2t8tFuFe_TAKL-c_9vmtWCR8gWxw0m2xlwHlZ8_joaI$ >
              Attachments:
              • e0473.pdf
              Key Value
              Receivedfrom CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM ([fe80::7c97:226:f0b5:ec47]) by CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM ([fe80::7c97:226:f0b5:ec47%3]) with mapi id 15.20.8534.043; Fri, 28 Mar 2025 14:42:27 +0000
              ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GNJVhrgiDX+EmV3FQyQr8sSZBg43vZwZpHpgA/bWilACttdLuN7QOZ5dqcCNIMgtGSjULfkc9QAu4oONPCMhIXalpx+XWO1qXU4JB2RRF90PBnXej3uBhD4nzJB2GIIfh+SvhoNE5+aBDJxdRdsGHbrNwJXxc8uYvy45sgtgaDr50csOLpa7vGKUwqyZ41/qIoB8WOma653WJ9uhuV3iCcT4lgE0u+d3wQaAlhSJ3QHV5SF5Gd0x6mKDfwErMsTl1R9STzS44f2OVgqt6xF80MdjXl5CTD0RZZjXvlH+iUIr+MDlkYmHFrmuP+vbeC+ARll7njtXZrUqUVWZaldY5Q==
              ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p2OSy3chJOsNyAIK4cEfmXEB4CrEIxCnov70ZS4rr+o=; b=GbY49dhGlyERZey58xAI1RE0muLylfm5n7zqi4dEJxP38+nCCXoliTwvWpQDwzpEPOrXBuyl5VQXoolmjJ9SDe6a+9RHPO1D6IXJM09Ya2ZcIsm/4i01NO2Q2Rqz9DpRFugGOlI1k5EPKmt6zogV3wVwuKO/ZeV3XA//w+sntj6BTlupZyScGVXhEfBtbzDHLNxdx5YYdJO3+N7CycqKq6OdvJ293flGV/Zy9pkJc2FxPfYnp5mk1+uOX2KGXkOubn17UEe/YhP3NwBBok4bu4ZaENtnzGpQu2WnUWI4MkUi6VzDJLbH20Ahlc8FRxsBtNAhMKiUEbHMsm67VqbHfA==
              ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=udec.cl; dmarc=pass action=none header.from=udec.cl; dkim=pass header.d=udec.cl; arc=none
              Authentication-Resultsspf=fail (sender IP is 185.132.182.158) smtp.mailfrom=udec.cl; dkim=fail (body hash did not verify) header.d=udeconce.onmicrosoft.com;dmarc=fail action=none header.from=udec.cl;compauth=none reason=405
              Received-SPFFail (protection.outlook.com: domain of udec.cl does not designate 185.132.182.158 as permitted sender) receiver=protection.outlook.com; client-ip=185.132.182.158; helo=mx07-001ef801.pphosted.com;
              Authentication-Results-Originalppops.net; spf=pass smtp.mailfrom=pablara2023@udec.cl
              DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=udeconce.onmicrosoft.com; s=selector2-udeconce-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p2OSy3chJOsNyAIK4cEfmXEB4CrEIxCnov70ZS4rr+o=; b=S6oDsVFkCXgBpqvRa/mU65pTFQZcjgxRtzkQQ5Q+Hwi7RBaHRFcd+Ca+nC7Hs2MgqImzoodJfK7ZcgPKBS89cNGgabVwlGIw5kuh6CrU6tMnofjpkLjOAwRKpLlxlne3uz4XeAoE17v7LdZXI8KnVeKvTDSu/k6+XbD2n6YcATg=
              FromPablo Vicente Antonio Lara Soto <pablara2023@udec.cl>
              SubjectAppel de loyer
              Thread-TopicAppel de loyer
              Thread-IndexAQHbn+7kzZvPD0a19kGXWSFqfW3DjbOIngV7gAABScQ=
              DateFri, 28 Mar 2025 14:42:27 +0000
              Message-ID<CPWP152MB7426CE57D01A8DE7BEAE9248A2A02@CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM>
              References<1087192101.284.1710507819614.JavaMail.jboss@jboss-sa2.udec.cl> <CPWP152MB7426AA01BE0F156FD86A43B6A2282@CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM> <CPWP152MB74261BD2E0DAD6A6490EB82CA2A02@CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM> <CPWP152MB74265CA8CD45095605C701A2A2A02@CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM> <CPWP152MB7426B1F6A84AD6C6C4674285A2A02@CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM> <CPWP152MB7426BDF5E169DD99F8135FC2A2A02@CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM> <CPWP152MB742652563A06FA0952FD593BA2A02@CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM> <CPWP152MB74268B44B0103564E6BE750AA2A02@CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM>
              In-Reply-To<CPWP152MB74268B44B0103564E6BE750AA2A02@CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM>
              Accept-Languagees-ES, en-US
              Content-Languagees-ES
              X-MS-Has-Attachyes
              X-MS-TNEF-Correlator
              msip_labels
              x-ms-traffictypediagnosticCPWP152MB7426:EE_|CPWP152MB4613:EE_|AM4PEPF00027A66:EE_|PAXPR03MB7609:EE_|PR2PR03MB5212:EE_
              X-MS-Office365-Filtering-Correlation-Idd6aa2cfa-fabd-4352-466c-08dd6e06c6dc
              x-ms-exchange-senderadcheck1
              x-ms-exchange-antispam-relay0
              X-Microsoft-Antispam-UntrustedBCL:0;ARA:13230040|376014|7416014|41320700013|366016|1800799024|41110700001|4053099003|8096899003|27013499003|38070700018|41080700001|41090700025;
              X-Microsoft-Antispam-Message-Info-OriginalPZMBiqiz+lEIw7ndGBjEr2Kx+LGTZsfk7yVkomwGANtkzKCV1nouYYyiEkDMeHUamYDwikLfv6EcKTDfDUyz56LRz+3uM+99Ny6w9siPlSyycbq1XkrVBidqc+n3jH/UmSLJ807RC0xzuLGUUREqwpGNH1QFygf9zkrDgprdq8ZHcLn6yOwyNuQz0Am9bAORZQ29U5xjPufn5t3HqDFw1smcIPGnydJMNnGh7MtzMzFzex+iWfg5YO+u2hrhGqNtiIa7GKu3roQbPhQDeDQvggQRwzZt3JRJaNhKjnTH10YKoKlEZuvmm2zAnnKuMvhgVTMil0+jcwQ1H/vRDEVtuHjb6b6gHGON+j/vgn7qnIvZH5aQHaKgh2+mOrPRPW9JntB2lqTFA2Qg6nnll1FjftWVwU1kqb4e5OCQEvb17/tNMkhc5CpFka3rClEjjplS9K13GsF9QlAp24V9XRrkTTFLU3cglUeXPaaAK7m9NiSNX80XjrzwtTUDV6gqOBQhVCK4H7rPcQ0OMIeLRJRUdfKnYgGcsG6bwBcCPxyNry2TPpTMBYZF8e1ENUupJNVhT+TAEq2U/OS1VOtxHM4pUI+J0Zlq5UjzkPWBax4ZVCi+EXmpcdwB58k3a1SDyyrGDn+TNJf37/kBlwdVcdF6nbSgu6r/bYAgyMmlRMaliYOxoCZmft+0ttvGVfIasc+rPh4vJRs28gUVrJnnnwvBErzSrLbpFgW1pt/MGjhfUX2OiEaqTFS0WB47ROKim7rnfB/lVDDjbI2ViS01ibIx1O3KCKHJoIyxGD9XZ8drpHvmNaPMDEvJj8t1C6OlJaEqM9zt/FWU6GVAXbnXgE6xp3SwgJUrSDZBXsgzwZHntThCTGZyH3PUDliWkVFfNdEHiDyyTYAEKUMA2VG4vYTOpcPv5Q36L1sE4882pDqdqpS/o4dY9Pmp8gLVjY4b5MbZXAWVgJVjZcA92AjuDq2NcQ+tzltB6Jz7hD5uHM8QRplAsRRF+t6TLygvFmTAgi/M9VVo2J4VDJ7YReJuuWFcZnDsg5PtUXiDNjOxkDPtOMR035OP1PCJbwICmDkks8BCl50gUnZWkCMFCzKqVddA41mOFdOgzomNHZgT1otvIExQRtqY9X5TRUdmVzwAJ/nK9E+UkRVnsYOTueBTCvCDErKdHVW9ys0BR8UKOASQ9cPyQTvS5/IgH9S+GOOZlzwrAgM6VOWJdyMHBP2tWf0ehTS6koa/o2Dcri4pAgy+fUelobAASPuy73RLnS7Uw+3UkNTMrrgwThBocsBN8AjYKo+WGlJ4Zzeq9QzWHMPDRxUnlSLkdQ/ErFm1DZqiXjcXIgXas66DhK9v9BYawmZE/htkEfsCLnbrnEDi7Y+qx9cpK4vznRFWnj1M2F8h+OFEbbm13zEUhjBRhH4y80+AngiFvdXZC5mKJQEDeqUUJ2FknQwEC9ZISsE8YaCDfmNV+JUbdQAFLmSew7tF1qU8Lue7SewIvLN08/w56GCME7k=
              X-Forefront-Antispam-Report-UntrustedCIP:255.255.255.255;CTRY:;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CPWP152MB7426.LAMP152.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(7416014)(41320700013)(366016)(1800799024)(41110700001)(4053099003)(8096899003)(27013499003)(38070700018)(41080700001)(41090700025);DIR:OUT;SFP:1501;
              Content-Typemultipart/mixed; boundary="_004_CPWP152MB7426CE57D01A8DE7BEAE9248A2A02CPWP152MB7426LAMP_"
              X-MS-Exchange-Transport-CrossTenantHeadersStampedPAXPR03MB7609
              X-Proofpoint-GUIDj6YzYKi4cn7Jey9cQU_HuSMArufekPnv
              X-CLX-Response1TFkXHBEKTHoXGRoRCllEF2hFH0xva39MZm8ZEQpYWBdrGnhaXUZlbRN8fxE KeE4XbmdPTl5IXR9fXhMRCnlMF2t8ZVp7RGFtZEZ5EQpDSBcHGRkRCkNZFwcbGBsRCkNJFxoEGh oaEQpZTRdnZnIRCl9ZFxkeEQpfTRdnZnIRCllJFxsYcRsGGB53BgceBhMSQhsGGgYYEgYacRoQG ncGGgYHHxoGGgYHHxoGGgYacRoQGncGGhEKWV4XY255EQpJRhdZRUlFXk9JdUJFWV5PThEKSUcX eE9NEQpDThdAHHNQc2FDHklEHWBPUxNJe391Yl95Z2tYX0xPQXpEXBEKWFwXHwQaBBkTHAUbGgQ SGgQbGR4EGR8QGx4aHxoRCl5ZF0xibEQaEQpNXBcfHREKTFoXf2lNc2sRCkVZF00RCkxfF3oFBQ UFBQUFBQVlEQpMRhdva2tjbGtrEQpCTxd6XnNBEk8baRxGcxEKQ1oXHxgEGxoaBBscHwQYGh4RC kJeFxsRCkReFxoRCkJFF3pOfU8BTVtMXlwZEQpCThduZ09OXkhdH19eExEKQkwXaxp4Wl1GZW0T fH8RCkJsF2JOcAFie1JOXx0bEQpCQBdjGmBsQlxEZ2VZQxEKQlgXbmVrfn16ZXkZQUMRCk1eFwc bEQpaWBcfEQp5QxdoZx5OeGgBekhmRxEKWUsXGxoZHBkRCnBoF2ZhSXBcXktYfntCEAccGhEKcG gXYEMBbk5YXV9aWEwQEx8RCnBoF2RQGB9wQ09jZXNHEB0ZEQpwaBdrUGR4bWthHWVDXhAHHBoRC nBoF2xiGHJLGXAcUF54EB8TEQpwaBdhGH9ef09PQHp6HxAHGRoRCnBoF2RQYR1AfhwYSEJdEBIZ EQpwaBduT3JIf0Z4UFtYQhAHGRoRCnB9F2IcY1MTTFxoZGZsEBIcEQpwaxdtRgUbfW0SH2tPXxA HGRoRCnBLF2wfGB17eU0BHVtjEAcZGhEKcH8XbxtCEkVMbxhGWR8QEhIRCnBfF2xpSGJ/fW8TGH IcEBIcEQpwbBdjXFlyZhNwSRgeQRAHGRoRCm1+FwcbEQpYTRdLESA=
              X-Proofpoint-ORIG-GUIDj6YzYKi4cn7Jey9cQU_HuSMArufekPnv
              X-CLX-ShadesMLX
              X-Authority-Analysisv=2.4 cv=GbMXnRXL c=1 sm=1 tr=0 ts=67e6b559 cx=c_pps a=K4r+d10M9ivu/9FymBrmDQ==:117 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=9cW_t1CCXrUA:10 a=xqWC_Br6kY4A:10 a=Vs1iUdzkB0EA:10 a=H5OGdu5hBBwA:10 a=j87LhjyBj0kA:10 a=_EeEMxcBAAAA:8 a=ie4XaecYBNMj1GKIMh8A:9 a=pILNOxqGKmIA:10 a=5UeK9suJl1gA:10 a=apDBYZpXVNUA:10 a=9nvfmjjiQmTxO0D5:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=xbvzYdH4KuyevRmjcyIA:9 a=n3BslyFRqc0A:10 a=_wj_7G6mGMcA:10 a=rls1ZAiwvL0A:10 a=NS8LN-2OhQ8ALpj9Sv3F:22 a=weQ1dj0rVkb08AT6C4Ip:22 a=Lcw6dl7kLhG240Z2xKZo:22
              X-Proofpoint-SPF-Resultpass
              X-Proofpoint-SPF-Recordv=spf1 mx ip4:152.74.16.0/24 ip4:152.74.217.2 include:spf.protection.outlook.com include:fidelizador.org -all
              X-Proofpoint-Virus-Versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1095,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-03-28_07,2025-03-27_02,2024-11-22_01
              X-Proofpoint-Spam-Detailsrule=inbound_notspam policy=inbound score=0 priorityscore=30 suspectscore=0 spamscore=0 impostorscore=0 phishscore=0 bulkscore=0 lowpriorityscore=0 mlxlogscore=659 clxscore=6 mlxscore=0 adultscore=0 malwarescore=0 classifier=spam authscore=0 authtc=n/a authcc= route=internal adjust=0 reason=mlx scancount=1 engine=8.21.0-2502280000 definitions=main-2503280102 domainage_hfrom=10363
              ToUndisclosed recipients:;
              Return-Pathpablara2023@udec.cl
              X-MS-Exchange-Organization-ExpirationStartTime28 Mar 2025 14:42:34.1662 (UTC)
              X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
              X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
              X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
              X-MS-Exchange-Organization-Network-Message-Idd6aa2cfa-fabd-4352-466c-08dd6e06c6dc
              X-EOPAttributedMessage0
              X-EOPTenantAttributedMessage33135fa5-f5a7-4d5c-8632-9a17d4acfa5b:0
              X-MS-Exchange-Organization-MessageDirectionalityIncoming
              X-MS-Exchange-SkipListedInternetSenderip=[52.100.165.204];domain=nam12-bn8-obe.outbound.protection.outlook.com
              X-MS-Exchange-Transport-CrossTenantHeadersStrippedAM4PEPF00027A66.eurprd04.prod.outlook.com
              X-MS-PublicTrafficTypeEmail
              X-MS-Exchange-Organization-AuthSourceAM4PEPF00027A66.eurprd04.prod.outlook.com
              X-MS-Exchange-Organization-AuthAsAnonymous
              X-MS-Office365-Filtering-Correlation-Id-Prvs24a18ae5-e24a-47c2-6851-08dd6e06c2e4
              X-MS-Exchange-AtpMessagePropertiesSA|SL
              X-MS-Exchange-Organization-SCL5
              X-FOSE-spamThis message appears to be spam.
              X-Forefront-Antispam-ReportCIP:185.132.182.158;CTRY:NL;LANG:fr;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mx07-001ef801.pphosted.com;PTR:mx07-001ef801.pphosted.com;CAT:PHISH;SFS:(13230040)(82310400026)(31052699007)(39142699007)(35042699022)(8096899003)(4053099003)(13003099007);DIR:INB;
              X-Microsoft-AntispamBCL:0;ARA:13230040|82310400026|31052699007|39142699007|35042699022|8096899003|4053099003|13003099007;
              X-MS-Exchange-CrossTenant-OriginalArrivalTime28 Mar 2025 14:42:34.0881 (UTC)
              X-MS-Exchange-CrossTenant-Network-Message-Idd6aa2cfa-fabd-4352-466c-08dd6e06c6dc
              X-MS-Exchange-CrossTenant-Id33135fa5-f5a7-4d5c-8632-9a17d4acfa5b
              X-MS-Exchange-CrossTenant-AuthSourceAM4PEPF00027A66.eurprd04.prod.outlook.com
              X-MS-Exchange-CrossTenant-AuthAsAnonymous
              X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
              X-MS-Exchange-Transport-EndToEndLatency00:00:02.3155824
              X-MS-Exchange-Processed-By-BccFoldering15.20.8534.029
              X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(910005)(944506478)(944626604)(4710137)(4715020)(4999040)(920097)(930097)(3100021)(140003)(1420198);RF:JunkEmail;
              X-Microsoft-Antispam-Message-Info BQtG2FwnbkwgEgEi2ZjFgk8Pgp1/iP/16SU6Dj4u6008s15n0auTDi9J9P8BQv58xkl4dOV5vzsUr2sT/zgOz06t4kBHTc6NigFIBdYdd7/jyHIvTYUZERgsxvefUx36UiEz5/vZKMtWiUZsYPGFe4uiuDlkDTgx2OlH3SnRMH445oPXTPPAWJphFB3+vMUoVnFj6OgwabapWpGoyh70l2LdjdZ2BNnIPgx7QV0A+YDnwy8+w/rPGf2/Sszjyrrq27lsftZKDh2aZfs7d9e5qMraiqiUWFxeHyy5FwxDeRO4GO2IjjWC7ggnsJBkj7Q4P9yCqH3CndQ7RIs4fBeNsc/+dP3Y6JTRhO++p3G+W0ILN/9mUTcddRAoP5LL5GAnW8NlmUN7zHdsiet+s1dq3eZ5ZNR1BqvcYpDcRtA4zocNslIAWCtCDVq8mtzXi0yDqDQGpvHOQGULQc9L9uIHwvOhbWgatbBHbDBGahQ7Dyy1xi+dMRCHc0EsZ3H6ki0YmzZbQrecUOcL7YBN4mecl88rbdNItvBi9yJzusx7w2XpiJLQXHoJHDqjJstZaQPsEinjffa8cfBNu8eeyDQSEZ8lJKkOcjtbz9vwF/3E6g1F9fNRO+bjWsjj0qlpyWmJJd1QH1P+0M5kjpZqfq77ZFnVEFAnGTRLHd/inEl7mRUIHOTwI46LKTSImc+9M7fveSTWKDzuZ5nwS2DH6kqII/mhye5ejZ8GfGz8RLblo0TKJHVwykbsaIdWihNV2ews83OC3AibrobTRunYgkGFBKMHGKNckyOCAk9bel50gRBDduDDgmyC9Gx1MZtP1KdqwQ6tMS6df+6HDVGnyX8zyKYxzYlr56kDtz7kZVjskjvVP37mfkRaYPsJhBuC1eNGHktJSr/Cu8ZxE3lrnNAwDJ5a7FLzkyUcx4j4XvaIdI5DeMCjS+JCajwsBpK6VJGUdcvaFxGUy0WoxZB0P1MJA8NI/9/InM76TCnxcJgTt3OUCMmkRcv+42JSUPM/laxJV3+ON9d6Z1j3WH7CQintfHZGo+GjqVByuEv6V+NFngp95VXbs5FfOwJZs6qOWiCnvD7LJ8bUS3gVJ/CvLxUz652z+767vaUEjJbR/qZdnxkh2ogOOcCukxOfmJ1UuSB+XFkAY5lKzFWfaY4JxODEt2V+BpO0jJ5mjfuhLqXfu8Tjmh6Yg0lVV7J5oJyvL4rNWyCjTW3DlTmE1q0P7OQdoE9vkHqhVOzS9Oyz3Rj+9HbInSUYFfpWhW4H4k36EgxuLTMHzj1hE9FCJECQBNF/iJZW6PcG6hLqfeigEiVy60gGbCdEPTfICM9QAR+3SZSGovDYMA3F0zSIOV85F9jt8wB4L9MfjYMmMF5v9YFnabPg3iFLng7vttqNDTfWoBC3iDvJ+b2twKio3FjNqWK9d2WKK0ICbDJ7TegShrFQn21z1nuv+26gcVnmV++S7YqDUSRYUcGZMmyACFqF20G7hLFit9Fp/EBgAaGcZQg862plMDkmbwThW947INkmQgTRhjZWzaZVm8uBfVdRevAvYHCwhelAFyvIW3b6vlvHVxYpxe/KYd85vL+H31lu2ULHZj8TUJegsvGbQxMmFuknwkkuwLlSGSPpXWjEIHtV4mwnto5W2HmJtJ4joa0pNBBY++r8ihrtoV3Yx7jZoEVTLnHRMZQtJ26j8rJbX+ANA4ryR94kaNaurAgs1UVdDY/3PA9VakSTmd+V8vvq/j4+l93WtiZBW2Sg2ItCr1VWFbMJKvxGDvMItxvsUr5kKbo8rweCfUAcY/C4PwS1SaJZA9g4uTUcBDIaIqj0z0N1NL/zlFG9plKN4oIa2928ySG18oiBljrAIFJGBwMRrrTYpcaeNdK6N26oaJZxEywvsFWFNgykGV9gTr38bnCgdZNO/n26lJrl32HGM8NrWCJ1vay/Dkwrb+xvvw5p7Kr8ZR9roHMkRP56Ut5LvJpuF6K2zgYN6i7Sj1CODNIyAO+AkswWpwv9NvKT0ZQ+3JqzNWJQupEH+5Ixw7DUaz/v46fGILDQ0BjI4ZuAPEG5PIJ09oI0dAm3Hp7EHbEtIeJRFH7AZ1iSVsPPs5/cw3MN6CVSj+thuMWeeaSJmauzWkQpYMY1qMRPaxMSFqOOGhn6qDMquPtYUROk2wJ0qDtKNSBo4yEzlwe1WK87pkXVnqj+c1sFiQVN258Tx5pcak//m7tj3e7xEo7XNEQo0/LLSZosyk/5p4MxHgnvFvmdS3KCCj7sRxChCKRHiYF4+j16+/kpTj/CFYH5k7HIvqqZGXadDAEjIm+iZqW9vONqWCHUcHqzfKIovXlfQWhYUqh9o0j66fuCMOizme96WeaCpzzhB5W/WM2swZUPVyTpvPteVpu7A68K4grBuP0EBIViSMygmHUvYI6OE5UH0+xXX+HZexTH5m/3Ir+VOdg2AuDI7nMEYuZRLADhuQCCQ/fsGwb9jogzvZccXiuWY0y4r3DXx0Ff7vlO6x3YzlBQgU3LlRFxjj1DXUnMUOnYskHERRmT7MIkNMekBQOlE1rheHZ033lLJfWuZZ3xXWoPJI7Evzi+WDh414wqjOCeVv93Va3547jwaC/2oTaAR29tbNA8b3r/1Yp6GmOVeZ9OhMk2hQ==
              MIME-Version1.0

              File Icon

              Icon Hash:46070c0a8e0c67d6