Windows
Analysis Report
s1TlFBQj.eml
Overview
General Information
Sample name: | s1TlFBQj.emlrenamed because original name is a hash value |
Original sample name: | abx_CloudMessage_WzMzMTgsICI4M2JhYTdkZC1hMTQ1LTQzZDUtYmQ3MC0xODFkNTc5ZDczMTJAZmM1YzY4ZjYtOTdmMy00ZWZlLWI2ODktZWI1YzEyMzRmODIxIiwgIkFBa0FMZ0FBQUFBQUhZUURFYXBtRWMyYnlBQ3FBQy1FV2cwQTQ0UUxHVnhNRkVHUTMtOE1rZ0s1TlFBQj.eml |
Analysis ID: | 1430411 |
MD5: | 95c17f3ada77d7b70fd103503afb65c3 |
SHA1: | 890d743a7924df81bbcd08882d1fb2cf77a17b74 |
SHA256: | 388fadb8c6b92e2c62f3218e90fb5ec2b1c2a6e0777009859a8439e6d32ffb0f |
Infos: | |
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- OUTLOOK.EXE (PID: 2960 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\s1Tl FBQj.eml" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 1856 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "850 F2285-132C -4041-86C8 -A7FCAFCBC 6A8" "E2F1 5479-65A2- 46C7-AC1D- 7CEED2590D 36" "2960" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | ML Model on OCR Text: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Window created: | Jump to behavior |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Clipboard Data | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 12 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430411 |
Start date and time: | 2024-04-23 16:25:56 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | s1TlFBQj.emlrenamed because original name is a hash value |
Original Sample Name: | abx_CloudMessage_WzMzMTgsICI4M2JhYTdkZC1hMTQ1LTQzZDUtYmQ3MC0xODFkNTc5ZDczMTJAZmM1YzY4ZjYtOTdmMy00ZWZlLWI2ODktZWI1YzEyMzRmODIxIiwgIkFBa0FMZ0FBQUFBQUhZUURFYXBtRWMyYnlBQ3FBQy1FV2cwQTQ0UUxHVnhNRkVHUTMtOE1rZ0s1TlFBQj.eml |
Detection: | CLEAN |
Classification: | clean2.winEML@3/23@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, TextInputHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.6.63, 23.193.106.147, 23.193.106.182, 20.189.173.25
- Excluded domains from analysis (whitelisted): www.bing.com, ecs.office.com, omex.cdn.office.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eus2-azsc-000.roaming.officeapps.live.com, osiprod-eus2-buff-azsc-000.eastus2.cloudapp.azure.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, us1.roaming1.live.com.akadns.net, login.live.com, s-0005.s-msedge.net, evoke-windowsservices-tas.msedge.net, onedscolprdwus20.westus.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, mobile.events.data.trafficmanager.net, a1864.dscd.akamai.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: s1TlFBQj.eml
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.393149266578248 |
Encrypted: | false |
SSDEEP: | 1536:DsYLkmgszmlHFIsvpgsiQCNcAz79ysQqt2VOW+qoQEPrcm0FvW57yMtr8kamWgPb:bBgnG+g/miGu2wqoQYrt0FvpKe4CCIbq |
MD5: | DA5EDAEB4EC13DA0881A23409BCB2466 |
SHA1: | 43C8A86F1F506BACE0E1E20796E99C3AAD6ADAAF |
SHA-256: | 40D5701E53FE758819C491E800A78514A962ED69B7BC3D4A82DE5ECB7316FE51 |
SHA-512: | 2E95AAB5E96320FFE41C6AE2ADBF9C42ACD034D77D283FE6A1E873B2C52DC36280211EB78B369D28250C682DCB82D9D7C972C14CE15D4BEA43DA0C60F3933D9D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | 6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.4464393446710155 |
Encrypted: | false |
SSDEEP: | 3:LHin:G |
MD5: | D8C41D2EE04E494C640D9EF1FD6E7ABC |
SHA1: | 40A04C4B1ACA4C109EF948B151A3139B0134D26E |
SHA-256: | 3BEF3E7D6AACD6E14B82675CC8DC0E6913C8F8035158C561DD99EACD8DEC4944 |
SHA-512: | 47E6FAA2E3D929E46E1B87D5246B45AFE49986EC8AD21DE5CA914E0C6D5660CA9F40F01FC771E085995B73B5B7EBE164ACE50BAD8684F4C0CEB39EAEA4F23104 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.CampaignStates.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1573 |
Entropy (8bit): | 5.1878472686410255 |
Encrypted: | false |
SSDEEP: | 48:YZVtmf/x1REziQQf/x16r6MzXeUmf/x1eAgEzx:Pfp1REzafp1s6Mzunfp1qEzx |
MD5: | A36130221DA97AFF81D0929C64210C16 |
SHA1: | BA565A88EC843C7599917BE470D666454BC27D8B |
SHA-256: | 926B249AD4AF94A7835D553F07AFF99659157F10FCC26B4091A0B5EC015143A9 |
SHA-512: | 543713495DD25E07BA648DCA1452A0012A1720695643D712F1D06A2A8F18C118C6D22C208FBCB1897A951925FEEDDDB989BAF2E300733B0066076A1F68886E2B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.GovernedChannelStates.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 740 |
Entropy (8bit): | 4.578658879460996 |
Encrypted: | false |
SSDEEP: | 12:Ym6dnG20cYIyJG20c6IfG20c6IGG20cDIZG20cdI2ayG20cgaIbnG20cIQPIKG2X:YddnUcYIyJUc6IfUc6IGUcDIZUcdIFy0 |
MD5: | 439A34DE8DA5C04AF25AADB84A2120D4 |
SHA1: | F12F9FF6E03A5762BD03061557029446680B1DAE |
SHA-256: | 32B560C75C25C6F56C0439F67A3FA7D4F271F07B435EE41575A3D82C6C612880 |
SHA-512: | BE704CD0DF8041945D16B8103135650B33D5E97D6F7C202E9C9499C3AE57E33855C2CC3A8F73B578DB482F47026C756F1FAA411A2CC58B5E53CE23CD24229834 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 87 |
Entropy (8bit): | 4.576828956814449 |
Encrypted: | false |
SSDEEP: | 3:Y2NKbNCOAqui32B0fkWbSpgLGwHY:Y2YZOUU0ffogaw4 |
MD5: | E4E83F8123E9740B8AA3C3DFA77C1C04 |
SHA1: | 5281EAE96EFDE7B0E16A1D977F005F0D3BD7AAD0 |
SHA-256: | 6034F27B0823B2A6A76FE296E851939FD05324D0AF9D55F249C79AF118B0EB31 |
SHA-512: | BD6B33FD2BBCE4A46991BC0D877695D16F7E60B1959A0DEFC79B627E569E5C6CAC7B4AD4E3E1D8389A08584602A51CF84D44CF247F03BEB95F7D307FBBA12BB9 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyEventActivityStats.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 110 |
Entropy (8bit): | 5.0204155958877905 |
Encrypted: | false |
SSDEEP: | 3:Y2Qt6eHgMgWIdiQKRB2RVVMXE9A/f392zJexGLlWrY1n:Y2Qt6eHlgliRn2RsXIA/fYwQZWM1 |
MD5: | 4A6F413FBD153870C88C37524EE1C347 |
SHA1: | 789D597E0020384A58DDFA7DD3B3B3FE42AC0C43 |
SHA-256: | 59C05768D407F353CE6281C5B295DBBD6A1A4ED7FF33FFA0F00CAEA99D227BA1 |
SHA-512: | 95D0B5DEAC8010B07CA30CBC874D99F62D8F05C5DE00F907D1C85F1DA6604FD49C4AA81DEE65DAFF80E63CE549E2C666C92AEDA60D06E71BE3785B73B0201843 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyHistoryStats.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.378783493486176 |
Encrypted: | false |
SSDEEP: | 3:Y2Qt6eYYn:Y2Qt6eYYn |
MD5: | 6CA4960355E4951C72AA5F6364E459D5 |
SHA1: | 2FD90B4EC32804DFF7A41B6E63C8B0A40B592113 |
SHA-256: | 88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3 |
SHA-512: | 8544CD778717788B7484FAF2001F463320A357DB63CB72715C1395EF19D32EEC4278BAB07F15DE3F4FED6AF7E4F96C41908A0C45BE94D5CDD8121877ECCF310D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.09304735440217722 |
Encrypted: | false |
SSDEEP: | 3:lSWFN3l/klslpEl9Xll:l9F8E+9 |
MD5: | D0DE7DB24F7B0C0FE636B34E253F1562 |
SHA1: | 6EF2957FDEDDC3EB84974F136C22E39553287B80 |
SHA-256: | B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED |
SHA-512: | 42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.13784977103055013 |
Encrypted: | false |
SSDEEP: | 3:7FEG2l+wN4/FllkpMRgSWbNFl/sl+ltlslN04l9XllE:7+/lPig9bNFlEs1E39s |
MD5: | CDFFC5BFF4DB0E1A02EB2B4DAE244166 |
SHA1: | 9BAD1C1B8C2DE7DFEEF6DEBEA39B93BEFB7FB737 |
SHA-256: | 7BD4480CA96CBCF65BDC8C007D83E7980CE168E81CB918C1D6938E2FB8398C7B |
SHA-512: | 965FC98A5A60749003D63D8844ADBD27EAF64086FE1D4810475BB57F400EA6976D8305A4B70CBE7331B089C322E8855F8E65A7B47CDC7BB72964BCBEE0347945 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.0447824104283491 |
Encrypted: | false |
SSDEEP: | 3:G4l2YppGIYAl2YppGCmlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2Ypp4Al2YppcL9XXPH4l942U |
MD5: | DE6BB4AE80364C1963348BC95FB2944F |
SHA1: | 490DEB13F31A6D17E6D5EED16CF01FE3F9DF2CDF |
SHA-256: | B539905F3DE823EF24D2D0BA8994186E685FB9D0B84665ED942099D1629016EE |
SHA-512: | 44E5367F0506D07184B33E3E63B2C7F681F16C2438EA84A5CDC39FF6964421FBBBC71A368430D657B2648DA85D97B752082FFAED855BF1A09BBDFE22E8853E9A |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 45352 |
Entropy (8bit): | 0.3938560967185485 |
Encrypted: | false |
SSDEEP: | 24:KldlQMIzRDnnill7DBtDi4kZERD+xqt8VtbDBtDi4kZERDW:Y7Qjbill7DYMKxO8VFDYMC |
MD5: | D4C8BB5FCCE59319B1CCEFA4EEDF8F90 |
SHA1: | 0BA43D1C9F3D56151B55BF4439A2D062DD6F0952 |
SHA-256: | EB571A382BC8DEF7120D78EE449B5BA13D521218E98D99F58D91DA99D711D4E9 |
SHA-512: | BB560FFD61A76E7BBECAF28B7511AB98722B8F6D0E6FC40FB00C8385F0491938F85B08CF1A32001EF460C735B59591B75697BCDFF985214736DF055A43EDA420 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CDE2BE2F-EEA3-4F83-9DB8-DCFC83489BF8}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4984 |
Entropy (8bit): | 3.11204952773412 |
Encrypted: | false |
SSDEEP: | 48:FyAL2V2ofsj5QkV8XnVX/lXX+YNZpk80yW5v1hlYNuyVsqwQCLnTKfhn2jqUqzHL:FwV2ofy5QaMGfb7lYQsreU2WzB |
MD5: | A792797F56D03C1AAF0CB2EFEAA0376B |
SHA1: | D4D396A19240BC244DAAC1CA9865819D7C69D55E |
SHA-256: | 597FB14A61BE00110ADB3D6989A84D85AFA817ED49A6D58AE66F313F295A5D5E |
SHA-512: | 871DE1A910B379420DDF9327C3170E8E8BFA5222B82116573C53D688C24274DDAF07DD928C9F7E8DEAA71F53E6ADC6F0E7949DABAAADF45FA20E85177AEA9055 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713882390416905100_34A70147-A98F-4998-A87C-C559FFD0A449.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.15953698542021888 |
Encrypted: | false |
SSDEEP: | 1536:fg4ucLPRXRTXFq0g8nKP9GQzkSYmy8x/j0QLsyJXkBB:RLZh5q03MyU |
MD5: | 7EE6E196E37709FCDDD22CA2C8EE2396 |
SHA1: | CC217637C41D795DD698FD0B673BBB8E7A58527F |
SHA-256: | 685EEF76E1301C195E800B52246B243A5E0A4753F82BE8DE7656B2F2841AC401 |
SHA-512: | 0FED1A71F65971AD598253348AFA9B61484284F21A3028F4070D2F2A38C762AD04837D0A40AC4A41ED8AC9E37FAA160EB764AD55DE6F0D76D4A68A5A10E18405 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713882390417706400_34A70147-A98F-4998-A87C-C559FFD0A449.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240423T1626300189-2960.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 4.476593497099553 |
Encrypted: | false |
SSDEEP: | 768:cVz9TExulb8smOyC4mQ9QGJa1F/DHXw37WXWVW7:qL4mQ9QGEX7X1 |
MD5: | 7F10C1D6BA4AF740396A877110CC6005 |
SHA1: | 4418A1AE443481CEC51970795974E4EA1D27BBAA |
SHA-256: | CBE0E3A06C9E8BA25A38813D03C5603F15D100066DFF656F57EC624B4C5A3C20 |
SHA-512: | 81F7158B9655419654FA4C49F212A4CA4DF8BC5433970A3A64D64412F72741F69874B17535F244728AE7C577AB35B396EF4D2101E523CA23DFD595266599A087 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | 3:Idlllt:Id/l |
MD5: | DB910C699AFF690E15DB903A9B96EC07 |
SHA1: | EE33CE911FE0CC4A7F6A874D40A1DE0624ACE1CB |
SHA-256: | A6761E53355EA4C61353B2CF51DACAFC05B55D68D11B2D29E668E213E49498FF |
SHA-512: | D465E5EA5AFE349318239557A8E8FD47CAD23932DD89C345A6D08904688F822FD0261509EF83D65232B4A47B3B2C217A297A5A93B8B7F5B7369EB44A4BD503A0 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 2.0193739623516174 |
Encrypted: | false |
SSDEEP: | 12:rl3baFWrsqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCop:rJmnq1Py961op |
MD5: | 4F51744671E48758EBBA5FC8557322AF |
SHA1: | 4F69FFA9229D997BD46F69D92DD3D02AAA25860B |
SHA-256: | C400A96A6A9EDFF1F8DEFA75ADAC8D2A65566EF93D5F6E328AA439251E76D7FC |
SHA-512: | 74DAB9634B486B923553ABB4A55A77274DCD3BF4191E6C13A77ADE6D1B3F43A62383B50329CAC17064A1D32690E27E8C8DCA37CC65717064A9A6B54E71C7D557 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 19613 |
Entropy (8bit): | 7.478815940344003 |
Encrypted: | false |
SSDEEP: | 384:Jrt+xRLymSajsvu73BlCw/vhYz3NsbA6PW1VMBAFTcU:VywGaGWwBYz2bA6+1ezU |
MD5: | 7C602A129996131DB78AEEE972FBE8BE |
SHA1: | 5E2D4B2F8703EE6B96DF23E678937A0017D1CDBB |
SHA-256: | E49594906CC696C040F8237720159368251AC593C4EED71FF9C3023352AF1252 |
SHA-512: | 8F50C094AA1D50906E7E9D5234046BA61E1CE9DA1722F3759ED5978D00F7290710BBF3BB8B8DD63941AB87BD40FCAAF68D0C72164B0DA93C56840C5A3C93DED7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 162 |
Entropy (8bit): | 3.7561370880485208 |
Encrypted: | false |
SSDEEP: | 3:4HAGl/lSlJ/oPg+pv9fVGClldc+Ov9I9ZPToYlttq5o1H:4Ll/gl6o+B3Gv+Ov9AyYltYWd |
MD5: | 8EF658FC4A8952EC95BC138936925D9B |
SHA1: | ECB5BF8E5EC6FAF60C8818705698E186A60FB747 |
SHA-256: | 317F32B3B66ADD39A9F799586894919273B93F2ADFF5467E49DCD357BD2115D7 |
SHA-512: | 8375C093C8927E7E2F2060882E3A49DE3AC84F5E49272EC01476DC6D19A151133C99E58ADFD9BB42E6879BCBE18453AD252FE68539DE941FC9090A9C3DA10A88 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 19613 |
Entropy (8bit): | 7.478815940344003 |
Encrypted: | false |
SSDEEP: | 384:Jrt+xRLymSajsvu73BlCw/vhYz3NsbA6PW1VMBAFTcU:VywGaGWwBYz2bA6+1ezU |
MD5: | 7C602A129996131DB78AEEE972FBE8BE |
SHA1: | 5E2D4B2F8703EE6B96DF23E678937A0017D1CDBB |
SHA-256: | E49594906CC696C040F8237720159368251AC593C4EED71FF9C3023352AF1252 |
SHA-512: | 8F50C094AA1D50906E7E9D5234046BA61E1CE9DA1722F3759ED5978D00F7290710BBF3BB8B8DD63941AB87BD40FCAAF68D0C72164B0DA93C56840C5A3C93DED7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 4.417405407314774 |
Encrypted: | false |
SSDEEP: | 1536:TT/fg/OxuVvkXwGl6BvTOdZfj8G6Ir49SoxrNDNQm5KoynXgSKuSWuiKMW1DDwWR://fPulbfTOS11rNiQSKuxcM2yp96 |
MD5: | 68C3BE72035B62F13CE202A65B96B309 |
SHA1: | E361110AA8358A49C2B9DC59EE7A684E2F63102B |
SHA-256: | 9B9237EB4AA06FBB4CBEFA6511CFFAFD3AFC941FA0432DEE4EEF747977A27346 |
SHA-512: | 3C82C2FAF20AC9B8E2C685911FB9FAC16DB7AF6032A0040B1F31956FAE45141824916A086F9F3CFCF3AD2015C62ACEC2AAA238A0B46B6BBADF0B45E91FBD8F69 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 6.613812382892589 |
Encrypted: | false |
SSDEEP: | 1536:4YXgSTuSLuiKMckXfGl6fvTOpZfj8G/Ir492oxrNjzVW53jEpEHP4qQ10PAwrcTC:4vSTuocMcIhTO71xrN3jp9Pzu |
MD5: | 152338B3F323F05B77FEB35E9DE47F05 |
SHA1: | 8DFF91F377189B374C48AECD256013BD492A7F68 |
SHA-256: | 570DAF9E8C2B0191CB0EFFBE40E2E226D1E64FF5D406B1B4D235D9CE23C24626 |
SHA-512: | DE248CA70347C44D9B75404B848FC312D9ED3BBC5A2178635B18248994F002FBF20EBA0A1B6EC3004676221E76EEF07E8F21B97149D163EC1FC49AD71E90429A |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.147595534907486 |
TrID: | |
File name: | s1TlFBQj.eml |
File size: | 96'181 bytes |
MD5: | 95c17f3ada77d7b70fd103503afb65c3 |
SHA1: | 890d743a7924df81bbcd08882d1fb2cf77a17b74 |
SHA256: | 388fadb8c6b92e2c62f3218e90fb5ec2b1c2a6e0777009859a8439e6d32ffb0f |
SHA512: | aaa79ed8d98e0bbb45ef868246b5853f3db82d2d751c799362e80bbce99f61f7c20664e1121120c87c04ec75ee1356fa8ad394a82981104ef6edb2bcbaa5d17a |
SSDEEP: | 1536:qLcXMJjbH3kuTGQrVv6YAtFD2IR5TKUivmaiF6e29yTPiHMXNArXP3IVRXrUkG05:GcXMJP3kYnVwyIRauaiEhvsurfIVRXYk |
TLSH: | 3993E16A5D4324679A34A35FE39D180012BC7B8D83D3D8F0B71E95A417ED233572D963 |
File Content Preview: | authentication-results: spf=pass (sender IP is 209.85.166.47).. smtp.mailfrom=gmail.com; dkim=pass (signature was verified).. header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass.. reason=100..cc: "Restaurante Paisa" <restaurantee |
Subject: | EXTERNAL: Re: SOLICITUD FACTURA ELECTRONICA |
From: | EL FRIJOLIN SAS <contabilidadfrijolin@gmail.com> |
To: | Liz Karen Hernandez Galindo <LHernan2@hycite.com> |
Cc: | Restaurante Paisa <restauranteelfrijolin@gmail.com> |
BCC: | Restaurante Paisa <restauranteelfrijolin@gmail.com> |
Date: | Fri, 19 Apr 2024 10:09:07 -0500 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
authentication-results | spf=pass (sender IP is 209.85.166.47) smtp.mailfrom=gmail.com; dkim=pass (signature was verified) header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass reason=100 |
cc | Restaurante Paisa <restauranteelfrijolin@gmail.com> |
date | Fri, 19 Apr 2024 10:09:07 -0500 |
dkim-signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713539359; x=1714144159; darn=hycite.com; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=CcUZC6tp6AlITmhz8wJsSO7wBPE3i2hic1wTJPkhPVM=; b=Jca+2xu3OuW751Vd8w0X20G2n4Gikirm1QHIUTWSs3UsXdLZaiXpp0cuSC7/1S023B nxhjcGeJ3mG9QyaI9lfq+SbmeudEada8PUeWe5weqShmxlU1dE0N3RwOEKQgU1+BhH54 dEOmMr2WrIEJlEoB2uPoPBnHsJ/5ZXuw7xK3SyclNqnMTKhO66K9BMSYooFmKE1BwLfc UPMWaJirnevVh7v2jH94R8j3p6jmBTrlgwwu2hhdh/+EbXY1yDBchfUmJT8knYmt1jhu 2DJytgXIXeHQuvrmw6DFltHk4dPz5AReHstzErproXQvPTyTdHp1UCzvldfflD/a9Ldi eG5A== |
from | EL FRIJOLIN SAS <contabilidadfrijolin@gmail.com> |
in-reply-to | <CACUVw6iFT1aH0sCi=AMiWgPLFhk+XTexvOi3O4RVBuwPwt+6sQ@mail.gmail.com> |
message-id | <CACVF+P0tGjaUaTr2iKjPM=Z_6SmpH70CTV6r7VyjQAjwMDup5g@mail.gmail.com> |
mime-version | 1.0 |
received | from CH0PR16MB5275.namprd16.prod.outlook.com (2603:10b6:610:18c::18) by LV3PR16MB6147.namprd16.prod.outlook.com with HTTPS; Fri, 19 Apr 2024 15:09:45 +0000, from CH2PR11CA0008.namprd11.prod.outlook.com (2603:10b6:610:54::18) by CH0PR16MB5275.namprd16.prod.outlook.com (2603:10b6:610:18c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.43; Fri, 19 Apr 2024 15:09:19 +0000, from CH2PEPF0000013D.namprd02.prod.outlook.com (2603:10b6:610:54:cafe::d1) by CH2PR11CA0008.outlook.office365.com (2603:10b6:610:54::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7495.30 via Frontend Transport; Fri, 19 Apr 2024 15:09:19 +0000, from mail-io1-f47.google.com (209.85.166.47) by CH2PEPF0000013D.mail.protection.outlook.com (10.167.244.69) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.7452.22 via Frontend Transport; Fri, 19 Apr 2024 15:09:19 +0000, by mail-io1-f47.google.com with SMTP id ca18e2360f4ac-7da37436e36so61220639f.0 for <LHernan2@hycite.com>; Fri, 19 Apr 2024 08:09:19 -0700 (PDT) |
received-spf | Pass (protection.outlook.com: domain of gmail.com designates 209.85.166.47 as permitted sender) receiver=protection.outlook.com; client-ip=209.85.166.47; helo=mail-io1-f47.google.com; pr=C |
references | <CY5PR12MB655215369525CDEFD10186A1FC3D2@CY5PR12MB6552.namprd12.prod.outlook.com> <BYAPR16MB2694B218DA5A5CC674F44A7AE63D2@BYAPR16MB2694.namprd16.prod.outlook.com> <CACUVw6iFT1aH0sCi=AMiWgPLFhk+XTexvOi3O4RVBuwPwt+6sQ@mail.gmail.com> |
return-path | contabilidadfrijolin@gmail.com |
subject | EXTERNAL: Re: SOLICITUD FACTURA ELECTRONICA |
to | Liz Karen Hernandez Galindo <LHernan2@hycite.com> |
x-eopattributedmessage | 0 |
x-eoptenantattributedmessage | fc5c68f6-97f3-4efe-b689-eb5c1234f821:0 |
x-forefront-antispam-report | CIP:209.85.166.47;CTRY:US;LANG:es;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail-io1-f47.google.com;PTR:mail-io1-f47.google.com;CAT:NONE;SFTY:9.25;SFS:(13230031)(7093399003);DIR:INB;SFTY:9.25; |
x-gm-message-state | AOJu0YzTQQAx7gWFWPfLksJhaQuwV2Vr+pOACn3Fj01JbvuLzGtClKU4 NtrtfnIsewcLFWfOw4jQ6f181CnR3UfjCGwl30TN7vL7BgmN6atPCCJ2bXI+zo40/MsqVnzgUYp y7CPa8Hp9+IMDt0a32DrDuFGhOzbl1PRe |
x-google-dkim-signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713539359; x=1714144159; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CcUZC6tp6AlITmhz8wJsSO7wBPE3i2hic1wTJPkhPVM=; b=vX5sDMs4CpjLrD36fbfHikeYnhb9JitI2/1T9EQjbBgExvRgU6Sp3XqNAEnD/vEr86 QaNI2O2kH7F8Ek53xtghuUdEkhVqNViM1yul7G2wJps/wKvSN5R7axlIHnc238Ol8/pw O+NNShhdiJh+kea5Q9YEbVKlwv8ZKA3PGx5lFRwK+UsjbEG/XI6Bh2v4vrjk6P6jTU7p mp1yxwIyrMURZBt98kMPY4kF240uhlPA/On1X9wQBCstSQ6rfUgEuvrKP7IV7KLVFSO1 oWTt8atEMwecu3FnGSs8OGx3hngBLeGLkKttv+fmvJseFqfHr/fBmpsH0dWo0wIPtN/E saGw== |
x-google-smtp-source | AGHT+IHMKnmsL/r6oKBIG+llX5Oq826OadpFCf1zDc3c4wHHD2t7Dx4gRkfDNw8VI0IJrjcgYMR6MJuHjigaSJmHLgk= |
x-microsoft-antispam | BCL:0; |
x-microsoft-antispam-mailbox-delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198); |
x-microsoft-antispam-message-info | ATKUXcL+YUd0UIRT5oig+mOGONCjQ5EfYJ5B7sN3+OqQ2131FSrBt8CbdjogsLmyQj3J5iAjSnyvJcBliBR99xrTBi5hQIPIBGmBfG29ZXsgAIGQ8d2ey3kskubO+uRBaELyvGMt70E9IBCbUw2aJaJ4x6w6NACykHRduMSMBoIgqLpB2XHi/8ckQr+uj1dGD13/TnSix7gK8jMCJNtbLWDuYuYwf/dAPAA0TVT2cAp5+Twlq+S89AooQLUVGr0pWwaS5CVGpnj/TYvins5/gTCpT8GIK4TCHdmZk0Xy27ahFLt4ijSeQhk2v70Jn8FhhnmViPoXSv7oumH2vFclhQvvLxwSTiu8YJL4ICzDhEzj9X/d40wxFkHLjSt9Hg43GtvcSH/iZ4KPvV0ixcy2ZveTFbmEabobDJp8rvOL/Q8oSyVmd+FZZ1izkzF5CmbKtA2UOvP7T8wB6x9hkq95i4EX6Ydmfj4ipCPwYl/8g/pQDclxJKiXakwyDXr5uaJEdsRH90h7qW4dexij2ho9YxQumt8oFr3DOFPy32Vr+kICtDr58Q6j7DhZzEShnvg8/eEgM+JpUM2RULQYWhd1gvKZnF/OiH2yLTNF+NCe0nHBsBfNkRv00e+gD9YFx/b9zdbFE0S+L0YfBpfuFVvadRAN0sT33uAGDGALWqjXmocSnqvLeAFreCAGk0wl+aKIblQ/9tf87cRTAgCrbBUjU3VBefPkeyDS8MrjBz+zTxxdnbR6KrXNHH57aJGPazENjgxZNeFUR8Vid+8o2XMrHlEFqFrwFw1atX2db1iUDrI9uUXJ6gJGZEcc3SQowGZV+37I7hmLzpseaXtkcfaAQ0/XH4ImpICiKsM60s5Egg2OGdHyYd6EwWkUxuT/LndI2KxKhBAwhMoPKJcU9EhkEqBYLYboTPd0Eb/Xm3o8l/pzdEemWiuNCzxeHEALVB/41AZSOhDukhlLJeVHNLiW59poejm0m922YMJ6gmM0i7/wQZuU0fF7vjClDUatyarOE9UhFuc41mJT+epmdwAx6lGBmOZr4GiBWXNWcZ7gftdzaSsmeRd7sQfF+nqIyNy3TXHdSqp1TDTbZiCaO5rhAVYjDbj/IjQuuGWSu1rORyJQgAVrQSX21VTTj1B5KGCaacRWLBpmjnJLAZzLytXmyfFCZlRgxC8gi1saHFkTmcBsPAsI8im0rneG5ROOebj2X8TnhL7BdTnIaxTTpnZ2SSIR4bEzjVOgHxVk0bVnIGdBKX0U1GW3sB0KIDjTR+fNk6kzgoSZPY6f+2VuXoKbrAbrsp2SFaYNyUDjm1kuzyO8WiX3G1VpUBfabCSc2lDLiBReHRZJSEMT/cFsZRNTe76hAR4N33z814FvhD1K8HKsvJzDU8IGLW3G9Q4S8E/rzSQyfsC8LPiva8gXw2meM3YKVu5ThJavNMMO6+C2wbK9KR+5WocgGI0+4aAYSKJQ+Z+4xcwljZmsjFWu5pQ25zeemPv82wCE7Y8fXLgAy1MAexBnhKWiuHNoHLWnJ4xF1kG3xJpJF9kqcGPS2LMyHec984OdvMMTkBKqbtazKThkCeWcCQApRYDR01OUWCj40S7qVL4OOat1msbZjwmTG8M5R/47rGlOVJxwqrU8hfnomTSk+QZOxCLDWNwkxh/4eMm+Vma/og8GRsTZPubJ9ukj1FlYQBc7rQROpJ/8RYjbiyepR0xfayevpQZUE3swnVuWBX+zDN7FnhZ0qlM5X9yjQl3w4j7FIeIU3DAedZqKc+AI0AunBVhbAufiDuXTfZw+uhdKh634jDoScRJFCvl62zemqZCj+/F1RUh4H13rAIHI4y06zyz3+6g4hB0dX7bGYV8NLCGmhG96avDfG4k8S7Iq8G8yPvI+bK/agJhylKTSNXPJny1cus/cPQ49f9yhv1T60zqN3OY1JXVQd1s8RazDb3fW3ML52aRCJHjhEmuYIu0kapYVxcG4q5U3zty1JmQ36O2at849lSFfXk94S9Y6tjYzkcwqzNs1fn71RODejY7K5eRoOxb+OaZZxYXCg9u8PoK1F7rW93tX3Qy0gAAaSzqUj+kGJJOpdTvROEtqDAXoJZ3sSizzG1t6lbIHc1eupmd0FUmUl7h1/MlGqheBXo7T6PDI2sEwi20= |
x-ms-exchange-atpmessageproperties | SA|SL |
x-ms-exchange-crosstenant-authas | Anonymous |
x-ms-exchange-crosstenant-authsource | CH2PEPF0000013D.namprd02.prod.outlook.com |
x-ms-exchange-crosstenant-fromentityheader | Internet |
x-ms-exchange-crosstenant-id | fc5c68f6-97f3-4efe-b689-eb5c1234f821 |
x-ms-exchange-crosstenant-network-message-id | b6ae3e6d-8484-4130-511e-08dc6082b004 |
x-ms-exchange-crosstenant-originalarrivaltime | 19 Apr 2024 15:09:19.4543 (UTC) |
x-ms-exchange-organization-authas | Anonymous |
x-ms-exchange-organization-authsource | CH2PEPF0000013D.namprd02.prod.outlook.com |
x-ms-exchange-organization-expirationinterval | 1:00:00:00.0000000 |
x-ms-exchange-organization-expirationintervalreason | OriginalSubmit |
x-ms-exchange-organization-expirationstarttime | 19 Apr 2024 15:09:19.4855 (UTC) |
x-ms-exchange-organization-expirationstarttimereason | OriginalSubmit |
x-ms-exchange-organization-messagedirectionality | Incoming |
x-ms-exchange-organization-network-message-id | b6ae3e6d-8484-4130-511e-08dc6082b004 |
x-ms-exchange-organization-scl | 1 |
x-ms-exchange-processed-by-bccfoldering | 15.20.7472.035 |
x-ms-exchange-transport-crosstenantheadersstamped | CH0PR16MB5275 |
x-ms-exchange-transport-endtoendlatency | 00:00:26.4600170 |
x-ms-office365-filtering-correlation-id | b6ae3e6d-8484-4130-511e-08dc6082b004 |
x-ms-publictraffictype | |
x-ms-traffictypediagnostic | CH2PEPF0000013D:EE_|CH0PR16MB5275:EE_|LV3PR16MB6147:EE_ |
x-received | by 2002:a05:6602:6587:b0:7d3:4b31:7ecf with SMTP id gv7-20020a056602658700b007d34b317ecfmr2564631iob.15.1713539358672; Fri, 19 Apr 2024 08:09:18 -0700 (PDT) |
Content-Type | multipart/mixed; boundary="===============2474558484073483961==" |
Icon Hash: | 46070c0a8e0c67d6 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:26:30 |
Start date: | 23/04/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x730000 |
File size: | 34'446'744 bytes |
MD5 hash: | 91A5292942864110ED734005B7E005C0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 2 |
Start time: | 16:26:31 |
Start date: | 23/04/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff63fb40000 |
File size: | 710'048 bytes |
MD5 hash: | EC652BEDD90E089D9406AFED89A8A8BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |