Edit tour

Windows Analysis Report
Trust Mail Check - Email verification (st_bb0d267f8fedcd_ed).msg

Overview

General Information

Sample name:	Trust Mail Check - Email verification (st_bb0d267f8fedcd_ed).msg
Analysis ID:	1375651
MD5:	26abfdb8d0436c3014cb3539a2c6433e
SHA1:	41fd6aa7ea6398bc065ddaa03421979663729b3f
SHA256:	7e0e3e8db8839b91c7a738f58f00ab887809db76ac8fef24e517a54261847473

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

×

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 4308 cmdline: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Trust Mail Check - Email verification (st_bb0d267f8fedcd_ed).msg MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6992 cmdline: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9D15F092-D9C8-4F92-82E8-E5446F3FE18D" "FE48E96C-92F7-4983-A51C-87505C53077E" "4308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx MD5: EC652BEDD90E089D9406AFED89A8A8BD)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• System Summary
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winMSG@3/10@0/29

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240116T2034050593-4308.etl

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Trust Mail Check - Email verification (st_bb0d267f8fedcd_ed).msg
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9D15F092-D9C8-4F92-82E8-E5446F3FE18D" "FE48E96C-92F7-4983-A51C-87505C53077E" "4308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9D15F092-D9C8-4F92-82E8-E5446F3FE18D" "FE48E96C-92F7-4983-A51C-87505C53077E" "4308" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
52.113.194.132	unknown	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.109.8.89	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.55.243.200	unknown	United States		20940	AKAMAI-ASN1EU	false
23.51.58.94	unknown	United States		4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
20.42.65.88	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1375651
Start date and time:	2024-01-16 20:33:40 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Trust Mail Check - Email verification (st_bb0d267f8fedcd_ed).msg
Detection:	CLEAN
Classification:	clean0.winMSG@3/10@0/29
Cookbook Comments:	Found application associated with file extension: .msg

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.109.8.89, 52.113.194.132, 23.51.58.94, 23.55.243.200, 23.55.243.204
Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, s-0005-office.config.skype.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, e16604.g.akamaiedge.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, omex.cdn.office.net.akamaized.net, a1864.dscd.akamai.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: Trust Mail Check - Email verification (st_bb0d267f8fedcd_ed).msg

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.381832736664361
Encrypted:	false
SSDEEP:
MD5:	9A0722174263A2DEA2444BA358623B61
SHA1:	D6D2A2E2349950DF07EF07B126A0215ABDB30F16
SHA-256:	D28CC54532862FBE3E3CF653BBF59A167106C55E226ACF17A78223053D70ADFA
SHA-512:	A142CE63EF13F282F6155924FD806CFE4706B65FCB173CFDAA9D150F3294106451FFFA4A91BE351B49B170D6F4F0567C877A5006CB7EC5BFE96CFC76A2591609
Malicious:	false
Reputation:	low
Preview:	TH02...... ....H......SM01X...,.....u.H..........IPM.Activity...........h...............h............H..h........s.....h........@...H..h\cal ...pDat...h.R..0..........h..e............h........_`.j...h'.e.@...I..w...h....H...8..j...0....T...............d.........2h...............kb.............!h.............. h.G............#h....8.........$h@.......8....."h.=.......:....'h..............1h..e.<.........0h....4....j../h....h......jH..h....p.........-h .......<.....+hc.e........................ ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
Category:	dropped
Size (bytes):	1869
Entropy (8bit):	5.085606739440919
Encrypted:	false
SSDEEP:
MD5:	39AF6B0EC8AC0BA18F560D01C9714254
SHA1:	9F8D3542553476F1A87B00D4E82B6F3C3364F9F5
SHA-256:	18C4BCBEE7634F3202D04E0FD699A2DA051C07C5762EE4044CDFF073330BC75A
SHA-512:	874E8D97D63638A7C0BEAECA5AD417851B9C9DE0F81AEFAAB91538533C115056A98AF08FE46BE8531AAE90A398306704A76A707A4CE28C0D869446BF60E06744
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-01-16T19:34:06Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2024-01-16T19:34:06Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2024-01-16T19:34:06Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2024-01-16T19:34:06Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2024-01-16T19:34:06Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2024-01-16T19:34:06Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	JSON data
Category:	dropped
Size (bytes):	520128
Entropy (8bit):	4.90769541415434
Encrypted:	false
SSDEEP:
MD5:	3B91B07226DA43AA3096B72358BFB5E0
SHA1:	92D98CB137664D5943790FD725495B3B2DF74CD1
SHA-256:	31E98819C6C7183E67326D60DFD074BD54CD670D8A6D3E283BBD4CB12E047723
SHA-512:	105D2B3522DD64DE3A7D4642347F5684FEC33A4C329601A6BED191BF594DC170AEF457098CA5817E371FC998E0F6AE5A8BB7210488A1E4B31ACA89F3302BD77F
Malicious:	false
Reputation:	low
Preview:	{"MajorVersion":4,"MinorVersion":38,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_38.ttf

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_38RegularVersion 4.38;O365
Category:	dropped
Size (bytes):	767532
Entropy (8bit):	6.559134031163703
Encrypted:	false
SSDEEP:
MD5:	CBF459234D8EDB73A82FDF3DBAA457E4
SHA1:	B249128952BCDD90CB21414E12E51DE0AE601595
SHA-256:	5C008CE19DEAFA53AB1594FA7F048FDC822BCF44589E24A16429D95BD046F5F9
SHA-512:	946468D7608BD513F42B915B79E67D9B39385AB705F0E9E41C72DADD8AB117337E6AC3862E9EAA1B32B0D47BF8FCCD671E5F72A65C8811CE3E71E9BAE0C6CA5C
Malicious:	false
Reputation:	low
Preview:	........... OS/29....(...`cmap.s.(.......pglyf..&?...\....head1.R........6hheaE.@r.......$hmtxr..........0loca.+.....(...4maxp........... name.W+.........post...<....... .........0.._.<...........<............Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N.........!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................l......$A...,.......g...&...=.......X..&..............&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q..................{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...p..

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	322260
Entropy (8bit):	4.000299760592446
Encrypted:	false
SSDEEP:
MD5:	CC90D669144261B198DEAD45AA266572
SHA1:	EF164048A8BC8BD3A015CF63E78BDAC720071305
SHA-256:	89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
SHA-512:	16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
Malicious:	false
Reputation:	low
Preview:	51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	ASCII text, with no line terminators
Category:	modified
Size (bytes):	10
Entropy (8bit):	2.9219280948873623
Encrypted:	false
SSDEEP:
MD5:	B14C7472DACC95731D2B8E5FAB04E958
SHA1:	1A4E12A9051361C517D4A2C2B26704B2B3A5EA1E
SHA-256:	B8C54CB4E53EF3BFF847B8AD4C8A85F7C82F647C1D2D2925668C0D3D3C0CC191
SHA-512:	E2068FDEE8BBBF0D6BD8AE1DB972141E9FF7294870A524C24B02E749EC8E0C8C29D072389D4EC0B88BBC0E41AD2BB96A4569380265A274D731B5C0F7C85F05B6
Malicious:	false
Reputation:	low
Preview:	1705433648

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\420A7575-E02A-43AA-ADD6-83A2660F5F5A

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	164166
Entropy (8bit):	5.342513137578752
Encrypted:	false
SSDEEP:
MD5:	711CFE607EBCD79A1DB8BA7F0745CA12
SHA1:	7A26A441735949DACE2338FCDF088342BD3C3B6B
SHA-256:	01871539414A33A91509E40E49C720235FDBF868ADBA35D51A10028E06879325
SHA-512:	7394C95E7AB423883F2F88E0BE37A89491AFFACA16D245390C82F0B091BCD1A9CFB99F64DCB6748239C2C8DF26DD2F48359C5ECF65CF18E81C08A405A96D0889
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-01-16T19:34:08">.. Build: 16.0.17306.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	4616
Entropy (8bit):	0.13784977103055013
Encrypted:	false
SSDEEP:
MD5:	DC68E6707577CB331485F8331A886F32
SHA1:	B28445BDA6B674FA958D3A6A5657AB82458B8E3E
SHA-256:	69ECEEFD443EDAC3F2418525367D923F171336B9E75CA56139A55D3C5A358D4B
SHA-512:	5DA6FCFB86C9B690AE9369CAE5AFCDDE62AB2CCF6BA68BF03CF01E37B5B23B4FE731D2C69B1F4CA24B87E8B5317E5E33BAC8C24FD804A0F32EE1A3945D186BE2
Malicious:	false
Reputation:	low
Preview:	.... .c.....;A.S....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	538803
Entropy (8bit):	5.985800955238432
Encrypted:	false
SSDEEP:
MD5:	11263CDCCB83EC9CD13D0682D7938A98
SHA1:	E0B5B7F51007085E0948399D245F77F590F0D9E1
SHA-256:	766E876389CD4A101162B97D5842A2141F8B22CFC4092544104A8B90E4B6940D
SHA-512:	9A43D0D233F6BA5C7BE652EEEE3211E60DD985850B79A867AE1E771866A18C44060AB37AF77AA48C86DC8E62BB5EF33AC5DA7A6E0E30E2B0A90F0C1E97D1B3F4
Malicious:	false
Reputation:	low
Preview:	RNWPREP...A..<.l........p8.......`0-..`9og.5..~.n..N.s.vd.i..@...P.Q.....uY\|X8.......$S.,..`......L`.....$S...`VY.....L`.....M.Rb.................c.@........... ...D..Qb........gk..`......Qb.@+R....Ba..`......Qb..zM....qk..`......Qb.@.+....QA..`.....D..Qb........Ma..`~.....Qb".......rw..`.....D..Qb2.H.....BT..`H....D..QbV..\|....Xc..`P.....QbZ@......rS..`T....D..Qb~..M....qg..`.....D..Qb.@......YT..`.....D..Qb...-....Hd..`@....D..Qb........S_..`F....D..Qb.@.3....Tn..`......Qb.@.\....Nv..`.....D..Qb..Z.....c_..`.....D..Qb.N`....yT..`:.....Qb.@.R....Jf..`.....D..Qb..".....Ac..`.....D..Qb......zd..`B.....Qb.@.....qb..`.....D..Qb.@.T....Cp..`......Qb.@GO....fo..`.....D..Qb".......Zt..`V.....Qb".......Ip..`......Qb&.u\|....Xw..`J.....Qb"..z....mf..`......D..QbV.......Oa..`......QbV.l.....W_..`.....D..Qbb.xK....rs..`.....D..QbzA......Kn..`.....D..Qb.A6.....nR..`......Qb.A......tc..`......D..Qb..P"....nS..`R....D..Qb.A.O....fS..`.....D..Qb.s.....Fu..`6....D..Qb.Aob....nI..`B.....Qb.A.

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	30
Entropy (8bit):	1.2389205950315936
Encrypted:	false
SSDEEP:
MD5:	53F45C5C62ADA508C6FA1095CB94F99C
SHA1:	801FF4829E5EF2346466686C31EE8ABB748FD4E8
SHA-256:	76D2C868C2D001AE0D399D19D5B25CDCE822F8F8A3219F387E1AF690491CB312
SHA-512:	6C4F0DF9AF6D3E07AF44AC2361A8664E4188E83D8105C60B56F4EE0258FDB23C85D285C8ABC822A82E6D77BCBE4A1CDF626148C3EBAEF598C20B0FB2C24BECC7
Malicious:	false
Reputation:	low
Preview:	..............................

Static File Info

General

File type:	CDFV2 Microsoft Outlook Message
Entropy (8bit):	3.6858402168317617
TrID:	Outlook Message (71009/1) 58.92% Outlook Form Template (41509/1) 34.44% Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:	Trust Mail Check - Email verification (st_bb0d267f8fedcd_ed).msg
File size:	94'208 bytes
MD5:	26abfdb8d0436c3014cb3539a2c6433e
SHA1:	41fd6aa7ea6398bc065ddaa03421979663729b3f
SHA256:	7e0e3e8db8839b91c7a738f58f00ab887809db76ac8fef24e517a54261847473
SHA512:	93a30b23468728454b24d472e49e705a323210ca9f13a8a6f67e4602f4f2d855be0c13f528758ced4fa4a80391070159f0cb23a9dcbf8c5f0e45e6913b8dfddb
SSDEEP:	1536:XC1EebecfevV6WKWufVhW2mCnilLq/lFWJ0MNUiVCCboEvxoE6aXR74RiVsbzc:S1EEecfevVufVhW2mCnWLqNE0Mym/bhd
TLSH:	0793E1143AEA5619F2B79F3249F690939936BD92AD10DA4F3191330E0972D81EC61F3F
File Content Preview:	........................>......................................................................................................................................................................................................................................

Static Mail

General

Subject:	Trust Mail Check - Email verification (st_bb0d267f8fedcd_ed)
From:	Trust Mail Check <notifications@trustmailcheck.org>
To:	blum@audits.ga.gov
Cc:
BCC:
Date:	Sat, 30 Dec 2023 00:18:46 +0100
Communications:	CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi, we are a service dedicated to protecting the privacy of online users and keeping your information safe from misuse. We have detected that your e-mail address (blum@audits.ga.gov) has been filtered in: - Dun & Bradstreet on 2023-11-14 (336 accounts involved). - AntiPublic on 2016-12-16 (457,962,538 accounts involved). - Apollo on 2018-07-23 (125,929,660 accounts involved). - RiverCityMedia on 2017-01-01 (393,430,309 accounts involved). If you have any questions, please contact us. To continue receiving our notifications, you must confirm the ownership of the email address by replying to this email. Our alert service is non-commercial, and no one can charge you for it. We thank you for your time and look forward to helping you keep your information secure. Email verification (st_bb0d267f8fedcd_ed) Sincerely, The Trust Mail Check team. 650 Castro Street Suite 300 Mountain View.
Attachments:

Headers

Key	Value
Received	from intranet-host.talentsourcecorp.com ([143.198.158.168])
23	18:54 +0000
by DS0PR09MB11196.namprd09.prod.outlook.com (2603	10b6:8:169::18) with
2023 23	18:51 +0000
(2a01	111:f403:f90e::1) by DM6PR09CA0024.outlook.office365.com
(2603	10b6:5:160::37) with Microsoft SMTP Server (version=TLS1_2,
Transport; Fri, 29 Dec 2023 23	18:50 +0000
Authentication-Results	spf=pass (sender IP is 45.67.216.243)
Received-SPF	Pass (protection.outlook.com: domain of trustmailcheck.org
15.20.7159.9 via Frontend Transport; Fri, 29 Dec 2023 23	18:50 +0000
DKIM-Signature	v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=trustmailcheck.org; s=mail; h=Content-Type	MIME-Version:Message-ID:Subject:
Reply-To	From:To:Date:Sender:Cc:Content-Transfer-Encoding:Content-ID:
Content-Description	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe	List-Post:List-Owner:List-Archive;
Fri, 29 Dec 2023 18	18:48 -0500
Date	Fri, 29 Dec 2023 18:18:46 -0500
To	blum@audits.ga.gov
From	Trust Mail Check <notifications@trustmailcheck.org>
Reply-To	Trust Mail Check <notifications@trustmailcheck.org>
Subject	Trust Mail Check - Email verification (st_bb0d267f8fedcd_ed)
Message-ID	<833ppOVcuIiF7sRoSJtGyEMAv82YtVUUu0ENTRfpc@intranet-host.talentsourcecorp.com>
X-Mailer	PHPMailer 6.8.1 (https://github.com/PHPMailer/PHPMailer)
X-verification-ID	st_bb0d267f8fedcd_ed
MIME-Version	1.0
Content-Type	text/plain; charset=iso-8859-1
Return-Path	bounce@trustmailcheck.org
X-MS-Exchange-Organization-ExpirationStartTime	29 Dec 2023 23:18:50.6137
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	4c13981d-3bba-4acd-cf02-08dc08c4844e
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	3ba88d15-70d4-4b83-8474-db703319c2a0:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-PublicTrafficType	Email
X-MS-TrafficTypeDiagnostic	SA2PEPF00002251:EE_\|DS0PR09MB11196:EE_\|DM6PR09MB5288:EE_
X-MS-Exchange-Organization-AuthSource	SA2PEPF00002251.namprd09.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-Office365-Filtering-Correlation-Id	4c13981d-3bba-4acd-cf02-08dc08c4844e
X-MS-Exchange-AtpMessageProperties	SA\|SL
Content-Transfer-Encoding	quoted-printable
X-MS-Exchange-Organization-SCL	1
X-Microsoft-Antispam	BCL:0;
X-Forefront-Antispam-Report	CIP:45.67.216.243;CTRY:DE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:vmi1558252.contaboserver.net;PTR:mail.trustmailcheck.org;CAT:NONE;SFS:(13230031)(4636009)(230273577357003)(230173577357003)(451199024)(81166007)(356005)(15650500001)(5660300002)(9686003)(22186003)(9786002)(336012)(4001150100001)(426003)(956004)(3450700001)(26005)(6966003)(58800400005)(6916009)(7696005)(1096003)(8676002)(66899024)(83380400001)(55016003)(50396003)(43540500003)(39280500004)(56080200033);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime	29 Dec 2023 23:18:50.5199
X-MS-Exchange-CrossTenant-Network-Message-Id	4c13981d-3bba-4acd-cf02-08dc08c4844e
X-MS-Exchange-CrossTenant-Id	3ba88d15-70d4-4b83-8474-db703319c2a0
X-MS-Exchange-CrossTenant-AuthSource	SA2PEPF00002251.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped	DS0PR09MB11196
X-MS-Exchange-Transport-EndToEndLatency	00:00:04.0739983
X-MS-Exchange-Processed-By-BccFoldering	15.20.7135.011
X-Microsoft-Antispam-Mailbox-Delivery	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420123);
X-Microsoft-Antispam-Message-Info	=?us-ascii?Q?YEq9DWE5bx7lejLD+GflRmmZS9nsj94JepZg82WDfus6AuCHbfP0MHi3R3A2?=
date	Sat, 30 Dec 2023 00:18:46 +0100

File Icon


Icon Hash:	c4e1928eacb280a2