Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
From Tutz Honeychurch. Hawaii USA..msg

Overview

General Information

Sample name:From Tutz Honeychurch. Hawaii USA..msg
Analysis ID:1378817
MD5:527bd9a19af2d87ff5edcf732f67206f
SHA1:39034c617dc89431c277373439cc44e2de861315
SHA256:a4641cdd0e3256b277fb4767dcbea2e17af01e80e7e9e325d2ed4cb8a2ea7e78

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 5244 cmdline: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\From Tutz Honeychurch. Hawaii USA..msg MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 2632 cmdline: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C0F9ACA8-DB08-4AC5-AE10-2A1A6B4B167C" "285303F1-04DF-4571-9872-22A99FD0A826" "5244" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • Acrobat.exe (PID: 4600 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\3R8EA17X\I apologize READ FIRST (1) - Copy.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 4164 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 4412 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1596,i,9519340459592276645,18115757519224518711,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engineClassification label: clean0.winMSG@15/25@0/48
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240122T1544570367-5244.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\From Tutz Honeychurch. Hawaii USA..msg
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C0F9ACA8-DB08-4AC5-AE10-2A1A6B4B167C" "285303F1-04DF-4571-9872-22A99FD0A826" "5244" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C0F9ACA8-DB08-4AC5-AE10-2A1A6B4B167C" "285303F1-04DF-4571-9872-22A99FD0A826" "5244" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\3R8EA17X\I apologize READ FIRST (1) - Copy.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1596,i,9519340459592276645,18115757519224518711,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\3R8EA17X\I apologize READ FIRST (1) - Copy.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1596,i,9519340459592276645,18115757519224518711,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9B189D7-228B-4F2B-8650-B97F59E02C8C}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: From Tutz Honeychurch. Hawaii USA..msgStatic file information: File size 9303040 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataSIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager3
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyData Encrypted for ImpactDNS ServerEmail Addresses

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
52.113.194.132
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.109.20.47
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.109.8.89
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.63.206.91
unknownUnited States
16625AKAMAI-ASUSfalse
20.189.173.10
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

General Information

Joe Sandbox version:38.0.0 Ammolite
Analysis ID:1378817
Start date and time:2024-01-22 15:43:14 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:13
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:From Tutz Honeychurch. Hawaii USA..msg
Detection:CLEAN
Classification:clean0.winMSG@15/25@0/48
Cookbook Comments:
  • Found application associated with file extension: .msg
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 52.109.8.89, 23.63.206.91, 52.113.194.132, 20.189.173.10
  • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, e16604.g.akamaiedge.net, onedscolprdwus09.westus.cloudapp.azure.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, mobile.events.data.trafficmanager.net
  • Reached maximum number of file to list during submission archive extraction
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetValueKey calls found.
  • VT rate limit hit for: From Tutz Honeychurch. Hawaii USA..msg

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):290
Entropy (8bit):5.172701131020013
Encrypted:false
SSDEEP:
MD5:BFA1AA319456B5CCC441C798D509EF9A
SHA1:80161B035CF885AF1683684C1AB1B256344191CE
SHA-256:C5E2B701D93751171F55D7C22817EFC87E7FBC136BD76BA6648FD4D1394CBD88
SHA-512:024044CC2B7A65160A0EF30CC2BB112B819F6A9EB77A812E792CC59C1BAF08761E95908F679770282512060179F48353A4A53DEDAF1EACEF84D7DAFCAA7A90A3
Malicious:false
Reputation:low
Preview:2024/01/22-15:47:01.764 1174 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/01/22-15:47:01.767 1174 Recovering log #3.2024/01/22-15:47:01.767 1174 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):290
Entropy (8bit):5.172701131020013
Encrypted:false
SSDEEP:
MD5:BFA1AA319456B5CCC441C798D509EF9A
SHA1:80161B035CF885AF1683684C1AB1B256344191CE
SHA-256:C5E2B701D93751171F55D7C22817EFC87E7FBC136BD76BA6648FD4D1394CBD88
SHA-512:024044CC2B7A65160A0EF30CC2BB112B819F6A9EB77A812E792CC59C1BAF08761E95908F679770282512060179F48353A4A53DEDAF1EACEF84D7DAFCAA7A90A3
Malicious:false
Reputation:low
Preview:2024/01/22-15:47:01.764 1174 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/01/22-15:47:01.767 1174 Recovering log #3.2024/01/22-15:47:01.767 1174 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):334
Entropy (8bit):5.192842116951462
Encrypted:false
SSDEEP:
MD5:ED24571C7BA2C0ACEA7741F6BD33B0B6
SHA1:F410C08E402FBF15A7AC5ACAB9ED723DA452B67E
SHA-256:323F6550DAEB4752DB47F2F996F543EC2F96F4F53175131D175515921D6AEC5E
SHA-512:95D135FABB1EBBFB53711A7EF15E0C9941E0313D68D15FD8A55E1C86F0FE6C856E9A96FEFCDE516A1A6DCD587BAA7527BE48237F17E0198A4675F40C3D9C3A3F
Malicious:false
Reputation:low
Preview:2024/01/22-15:47:01.914 13e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/01/22-15:47:01.916 13e8 Recovering log #3.2024/01/22-15:47:01.917 13e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):334
Entropy (8bit):5.192842116951462
Encrypted:false
SSDEEP:
MD5:ED24571C7BA2C0ACEA7741F6BD33B0B6
SHA1:F410C08E402FBF15A7AC5ACAB9ED723DA452B67E
SHA-256:323F6550DAEB4752DB47F2F996F543EC2F96F4F53175131D175515921D6AEC5E
SHA-512:95D135FABB1EBBFB53711A7EF15E0C9941E0313D68D15FD8A55E1C86F0FE6C856E9A96FEFCDE516A1A6DCD587BAA7527BE48237F17E0198A4675F40C3D9C3A3F
Malicious:false
Reputation:low
Preview:2024/01/22-15:47:01.914 13e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/01/22-15:47:01.916 13e8 Recovering log #3.2024/01/22-15:47:01.917 13e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):231348
Entropy (8bit):4.3879472602995815
Encrypted:false
SSDEEP:
MD5:6D8C53AF5CBF31555AACED5043F38253
SHA1:4D4589528D00B64EE43873576BA3EE07D57A77D6
SHA-256:E258A224F700C7C5CC836019433BDB618BE11A88953366800E5EFA2A5108642F
SHA-512:05A1665017860A723C21FD457650005AD88AE90861E9F68098EBD78E839A969662185F3009C5B58183E683FCA9070C78B855573FD039B00478E9BA7AAF51BCAD
Malicious:false
Reputation:low
Preview:TH02...... .0..AM......SM01X...,...`&..AM..........IPM.Activity...........h...............h............H..h<........eM....h........8...H..h\cal ...pDat...h.b..0..........h.g............h........_`.k...h.f.@...I..w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. h..............#h....8.........$h8.......8....."h@<......0=....'h..............1h.g.<.........0h....4.....k../h....h......kH..h....p...<.....-h ............+h\`....0................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
Category:dropped
Size (bytes):1869
Entropy (8bit):5.068886160595881
Encrypted:false
SSDEEP:
MD5:AA03B64300740A0B57BBF105E3D48ACB
SHA1:4CAD4A948E41D1F21F9D7D5EE70C28933078F776
SHA-256:27958F1DF323A322C096CF2E071F370ECDACA4D966B4E042674F1A5924C72B0F
SHA-512:3713FECCB45CA00D094E1AFDBA3E780D6C563704EDAA76286989B3D321F32EE92457308E4676B230733CDD6AE0AC82ED059D330FB165CE721293048CC4316EB2
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-01-22T14:44:57Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2024-01-22T14:44:57Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2024-01-22T14:44:58Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2024-01-22T14:44:58Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2024-01-22T14:44:58Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2024-01-22T14:44:58Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:JSON data
Category:dropped
Size (bytes):520128
Entropy (8bit):4.90769541415434
Encrypted:false
SSDEEP:
MD5:3B91B07226DA43AA3096B72358BFB5E0
SHA1:92D98CB137664D5943790FD725495B3B2DF74CD1
SHA-256:31E98819C6C7183E67326D60DFD074BD54CD670D8A6D3E283BBD4CB12E047723
SHA-512:105D2B3522DD64DE3A7D4642347F5684FEC33A4C329601A6BED191BF594DC170AEF457098CA5817E371FC998E0F6AE5A8BB7210488A1E4B31ACA89F3302BD77F
Malicious:false
Reputation:low
Preview:{"MajorVersion":4,"MinorVersion":38,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_38.ttf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_38RegularVersion 4.38;O365
Category:dropped
Size (bytes):767532
Entropy (8bit):6.559134031163703
Encrypted:false
SSDEEP:
MD5:CBF459234D8EDB73A82FDF3DBAA457E4
SHA1:B249128952BCDD90CB21414E12E51DE0AE601595
SHA-256:5C008CE19DEAFA53AB1594FA7F048FDC822BCF44589E24A16429D95BD046F5F9
SHA-512:946468D7608BD513F42B915B79E67D9B39385AB705F0E9E41C72DADD8AB117337E6AC3862E9EAA1B32B0D47BF8FCCD671E5F72A65C8811CE3E71E9BAE0C6CA5C
Malicious:false
Reputation:low
Preview:........... OS/29....(...`cmap.s.(.......pglyf..&?...\....head1.R........6hheaE.@r.......$hmtxr..........0loca.+.....(...4maxp........... name.W+.........post...<....... .........0.._.<...........<............Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................l......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.04583532429010245
Encrypted:false
SSDEEP:
MD5:4FEDC23A32BD0CAA154782FE6F63E6D3
SHA1:2D273E88E07474F0D1C63F9B97B23557443266E9
SHA-256:1E147D6D91B7E9B556390411B3F01B63D06970729660F6E4DD73916509100247
SHA-512:4489DC03F57DD3C1F39DE2A4BEE383EEAB6D410A2BEE918E6579469DF248342693817166BF6C72ECE8850ED8618E0CA266054BAD759272CD734A3264AAEF1CBF
Malicious:false
Reputation:low
Preview:..-.......................cf.05iYR)x...f<>4.Z....-.......................cf.05iYR)x...f<>4.Z..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Write-Ahead Log, version 3007000
Category:dropped
Size (bytes):49472
Entropy (8bit):0.4826603832080008
Encrypted:false
SSDEEP:
MD5:C545CABDECBB2876457D235E143B5DCE
SHA1:27C0078A6036D77D58AC6B93CF4C25A19D480B9F
SHA-256:0090C8E5E97ADAA15C57A4721893B0C266382C4B1F9502E804B004F74E13BD72
SHA-512:760599DCEA751B89792492A8129467FA5876F70CF2CD30E825A5A378ABAF016BCD8737F03458C3D76E1D48E737BECED8E2135221CEF257670D3E04D2730DBF69
Malicious:false
Reputation:low
Preview:7....-..........YR)x...M.Ul...........YR)x......r...SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\3R8EA17X\366755034_1318567208774252_8001601623022940035_n - Copy.jpg:Zone.Identifier

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):26
Entropy (8bit):3.95006375643621
Encrypted:false
SSDEEP:
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:false
Reputation:low
Preview:[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\3R8EA17X\I apologize READ FIRST (1) - Copy (002).pdf:Zone.Identifier (copy)

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:PDF document, version 1.7, 2 pages
Category:dropped
Size (bytes):314433
Entropy (8bit):7.975467445427003
Encrypted:false
SSDEEP:
MD5:41AD05278CCD26A2143478BCFBFA216A
SHA1:185853F524B81FF347C5AD99B3F33DDE405B63EE
SHA-256:D2792DF339F04735D23D10E9A125F57D613D4E499767C632AB831DEEE2F440F3
SHA-512:BB3012B5F1AEC74C5EFC3847351D2807ED96DE68E97047F74C2A42BEAFA19289241FC9BC9494B7DC891FA60F59F2595B0ACC82E5239D61FAD08E3FF9AE220818
Malicious:false
Reputation:low
Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 33 0 R/MarkInfo<</Marked true>>/Metadata 84 0 R/ViewerPreferences 85 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 18 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image16 16 0 R/Image17 17 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 4492>>..stream..x..][s..~.L.......J.3.wl'.;...m....y.-YR+..$o...?k-.$E].H.;.D.\...|...}..4....O.n.~f....1.......d.o..?~.....B2.r...-F.?...l.......>...7~<|. .G..fe.f..L...#.....B6.o........c..c?.....x..>~`_..0..8.A....c^.L8..5..M_..E.\..Q.....>.;....E&..6.~..SBz.g..r./D.K...7.j..GK.~..~....b`. ......^.3a.s...Je.$f.q.....J.r..?.L..........S5C)..8......>J8.Rd*.I.R.,.\.H......<b..|N.@.3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\3R8EA17X\I apologize READ FIRST (1) - Copy.pdf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:PDF document, version 1.7, 2 pages
Category:dropped
Size (bytes):314433
Entropy (8bit):7.975467445427003
Encrypted:false
SSDEEP:
MD5:41AD05278CCD26A2143478BCFBFA216A
SHA1:185853F524B81FF347C5AD99B3F33DDE405B63EE
SHA-256:D2792DF339F04735D23D10E9A125F57D613D4E499767C632AB831DEEE2F440F3
SHA-512:BB3012B5F1AEC74C5EFC3847351D2807ED96DE68E97047F74C2A42BEAFA19289241FC9BC9494B7DC891FA60F59F2595B0ACC82E5239D61FAD08E3FF9AE220818
Malicious:false
Reputation:low
Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 33 0 R/MarkInfo<</Marked true>>/Metadata 84 0 R/ViewerPreferences 85 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 18 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image16 16 0 R/Image17 17 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 4492>>..stream..x..][s..~.L.......J.3.wl'.;...m....y.-YR+..$o...?k-.$E].H.;.D.\...|...}..4....O.n.~f....1.......d.o..?~.....B2.r...-F.?...l.......>...7~<|. .G..fe.f..L...#.....B6.o........c..c?.....x..>~`_..0..8.A....c^.L8..5..M_..E.\..Q.....>.;....E&..6.~..SBz.g..r./D.K...7.j..GK.~..~....b`. ......^.3a.s...Je.$f.q.....J.r..?.L..........S5C)..8......>J8.Rd*.I.R.,.\.H......<b..|N.@.3

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\3R8EA17X\READ SECOND (1).png

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:PNG image data, 1280 x 720, 8-bit colormap, non-interlaced
Category:dropped
Size (bytes):67622
Entropy (8bit):7.983350834478895
Encrypted:false
SSDEEP:
MD5:35EF0EE67E8682A8227CC8D4853DE251
SHA1:7CCBE37D9618A87DE7B5D61240D1BF9828CFDF9A
SHA-256:626B21E9F83C96B0181E91452490152E49B11C090A562502A84F05FBC48472CA
SHA-512:FC1EFD91C11C5EEF5E5D7D2771B685E6DC23E1A8547D8303B93185134E5969C2901853092C92420FA58CB0E6814647EC27C65B51A68DE42B5E7C844720A1290E
Malicious:false
Reputation:low
Preview:.PNG........IHDR...............-d....sRGB.........gAMA......a....JPLTE......MMM................mmm........GGG.............yyy......www...rrr...333kkkfff...222......???...bbb...DDDPPP...@@@.....{{{...***TTT%%%QQQ...---......(((.....ooo...~~~......LLLZZZ...]]]:::...YYYvvv............aaaggg.......................sss...|||.....ppp......hhh.....```000888 ......HHH............XXXxxx.......75....ntRNS................................................................................................................<3....pHYs..........o.d....IDATx^.].r*;.uFBBB.HI.8....r2.......Rk..6_.wu......Y.}..........................................................................................^.7G;Z.......k.,../.....*m....d..g..a.... ~..1#..........*s....~.{[E..tXm6.v.+..l6...n.qXA|W.=...&.[...qt.O.N......5.....(..5Si.).J........h.U8.....z,3...HV7#.p;|....-.>..x...5,L.n...n.Y.=..27.q7....I^.J..../..9no7..s..G.!..Z........6.qa..>)t.9.?v./=..pC'...o...k....|.W2.].5.....z..]...........

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1705934697722034300_9BF77DE4-E673-4F73-BC3A-38C5BE3B5EA1.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (28748), with CRLF line terminators
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.16282025058060168
Encrypted:false
SSDEEP:
MD5:A1FD0D4432C84DDC22756A87BE9C32AB
SHA1:F538882D0830284D9F2FE029B60FD492C667A74A
SHA-256:1D1306873006D50952A13EA1C74DFF90C3AD7E9DC5B8E3BBCDE8F78F4355F3D6
SHA-512:8686F5290DDE13AC4F57427EEEF1934474B8537BD63DEFEBB1736911D4446C4B33B7DCEFBA3B27B92E2968BB57B8717E9157E578F4C3B335BCC39C7FA06C22FF
Malicious:false
Reputation:low
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..01/22/2024 14:44:57.827.OUTLOOK (0x147C).0x1474.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-01-22T14:44:57.827Z","Contract":"Office.System.Activity","Activity.CV":"5H33m3Pmc0+8OjjFvjteoQ.4.9","Activity.Duration":16,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...01/22/2024 14:44:57.875.OUTLOOK (0x147C).0x1474.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-01-22T14:44:57.875Z","Contract":"Office.System.Activity","Activity.CV":"5H33m3Pmc0+8OjjFvjteoQ.4.10","Activity.Duration":39690,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1705934697723912500_9BF77DE4-E673-4F73-BC3A-38C5BE3B5EA1.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240122T1544570367-5244.etl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):94208
Entropy (8bit):4.437513831070381
Encrypted:false
SSDEEP:
MD5:872E2C9D2A8BB3B361CCE124058AC532
SHA1:9A80E8073706F4C64814729DCB99CA75BA4E0B27
SHA-256:582314C63C4914DF290B43DBF55678C31F111089D473CEBD8BCE09154EEE6B54
SHA-512:C341FB8F85A57ED2C4FC7F19102DE8E4CA139BF8A34F66E9D2135F6D86C6BADBAD5B95106C22B24094FDF0E9566A7AAA396545FF37DF727A9C833C90F9A56932
Malicious:false
Reputation:low
Preview:............................................................................`...t...|......AM..................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1............................................................HE.-..............AM..........v.2._.O.U.T.L.O.O.K.:.1.4.7.c.:.7.1.c.1.0.0.7.0.b.9.0.7.4.2.b.9.a.8.f.3.e.5.6.7.2.0.d.5.c.5.2.6...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.1.2.2.T.1.5.4.4.5.7.0.3.6.7.-.5.2.4.4...e.t.l.......P.P.t...|....B..AM..........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\olk5238.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):5171
Entropy (8bit):7.949484850559733
Encrypted:false
SSDEEP:
MD5:0BCD57318404B4ACB19B5312B1995F90
SHA1:C2ECDD8D7070AE9CE07706ADA8B7566BBBD1D3AB
SHA-256:EDD100F4DF09261E4FB6750B6F32801D3BEBAB1FA3E484FF9A3C39A5669BF250
SHA-512:6B5EA627D2E647CB3203CC4DC0FD32215681010B8F7145123240577751E42048F36061ECE505EBAFEDB48251CE764121106238F60B64B2E823169A54D897C033
Malicious:false
Reputation:low
Preview:.FG.....IDATn.Z,.fZ0..ko.....S.^Zm.....~.@.fZ.b.z.b.a>.r..1.3..Y..Z....X...m.^W2 $hc.R.S....YQd....z..\.=)Y.2.v.....dl]q....q.T...<n.l..&...,.O..^...>..{A.o...A..].p8...|..cp.U/.]?t...j.&............`M..sP....|..7^....|...a....v.R.,.#..p.'.'.H...,0....f.+...U..:.R.S.@..d..HN.f.c`.fdW...;.<9....~...%..8.Y.K.6....f..\...n.T..|...5.Q\..ww...M...-.tC...U..W.>.J..W.0....*...WM.6.t.6u....G.M=c....z..K...5.X.\. .....a.GA...'nwb.dd5.FH.j.p.Hj.1f.....Q.I...._.P..(.d..p.......}..N{...u.\.....).......3..z...._...<..@h..u..f~.....R}}}.S.a.D.G......-.........u.;FcS.\.b&.y-]*...C..V.R.G.7T..@.l.,u.X...^....LE.S.@._..C....Zg.`...-.x...l....^.....#.0]oi.....}....h..uT.T#.W.....8..*X....m'O.....%.WW....-.[\.....!.n...f..>g.J.T.z.l.S?o.Mk:V.y....P..pK..M4O......Y.../T.jZ#...<.d.j...C.....tw.{....qX..........~r.=..*)..X.(...\...n...A..n..2"..F..mi....W...m.=.b.x..^.....a.".3......~t...o.....zY.T*..n..'..c.e.MH.*.'..4"........z...g....@E.K

C:\Users\user\AppData\Local\Temp\olk5239.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):6.481155776500989
Encrypted:false
SSDEEP:
MD5:E4A2A9F7A46A5A6E6348A097F43DE42F
SHA1:ADFE8E58EDDBA03DAA6DBCA15738911DD430E733
SHA-256:35383ED4E76B9E695767A484B0390C5A9F71094760E989FE2579582824C7B3D2
SHA-512:04ACDCE2FFF739CD7D96A32E7524A5A7A3DB194A4B268C1ED01F7567C4285AD703F6493F5E30D64E8AC24F30BE2C94B95A12F77AA1D74A1A0E5EBAEC4F6EA429
Malicious:false
Reputation:low
Preview:?.....ZNIDAT...o.(3,[..`P...y.v..[.......%.....Y*..BM!......??.;..."/......6o...YaIA..(#_VWn.{j........7n..y.. ...PB..j-..}....,7[Rg.b`.c..#..,XJ.6.OA..H.._Q...~.......X4.H.3.SO..D.vut.d..588.K$.l.z....{x..&"X......''.hx....T}...oo.c....j*Y.....x.'...uq$...`.9.1....[fC]X...o.......F7.y.c-.i..Lo..K..RyQc\...l^R.%s{...........-..O&..0M..@A..Y.....5$^.:d...4...y>_@)....L*.&..j...A(........(Jn2.j[...u$.....\.aD.,.....?.....&.........._..:.. %'.....~.)..@.a......f..........7o.X.h..%...`!...<99.{...g...w...(...R.....;.8<..x.....7..s'.....E..b...a.hZ[[.H..x.2-.6l.E.m.nx.k......O.._.XWW7M3...? .D.\.=.'..y4M3.......#..|.-........I&.p.$a,!w ...........?..O...`57_,.....5x.m.T.D&...A.3h3aZ`...w..X..K...L..ft<.r"Z&.U.\....y..>.Cr...4.'a.+.T.VEE6\7W(rJ.dP.....X&..5P|.if.T.x...J.&.@8..;..........P....b..L.'C~...=.P...Z*...x,...AeK%..BkK..I..2b.T.F#.j.c...4Z.`..5.v....5..(........{@w#...i.F.o.~.mu.M=.]/....0`.z:.,...*.dWK..[.]Id...Y.d.

C:\Users\user\AppData\Local\Temp\olk5269.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):81920
Entropy (8bit):5.873604836666963
Encrypted:false
SSDEEP:
MD5:D2567EFCD808203BCD988F16DD1CDA8D
SHA1:603FC19AA64B7BED89597BEC6595B0EDDA83F5AD
SHA-256:1CAC756BF3FD6855B897521523781BB1CE8D705E858DF1DAA2B017322819025E
SHA-512:060A62EB183950CB284A05DCDFC2FC497F6A5EE2491DFA7D9B7F8E129D2A55A45A1179B54278937916973D4E8C0B446F6F9395D42709178B497B3229758E3AAF
Malicious:false
Reputation:low
Preview:a......^IDAT.;...............7'..~.J.>...>._..o.......m...;y.'.0......c;..S.27o.....G>e.XU}.m.F.6j..q..I.T[....-.....u.L.vL.{.%..CN+.%.j/........p..V.m]..^.....ZJ....Gxv#l.6bs.N.3O...w..G-..H.V...T3.....s....6]v.....S...2f.P.....@.......'..\/..U{...I....C...>#..e....N$3.................|9EB.....I.".Sf..cVZyJF...!..a..A.<.*KV..>..J....x.5...A.p...!.xi.L>.....2...j....r.._.C...1.0.z...;........<...oo...D).mO.i..(u....K.;#!..sW][j@.6..W.#k..8.. K>..U*..)K{].oKL.a.4......|...X.l.......z......l1U.V....8...b[Y....p9.....Oh..n..@!..A.........h..P.r.{T..V....)...B.K.-.B.....b..|.).....&-.."K'.....1.S.2...n...O....".G..0q..}..NY...Y..B%.h....0Xx..d?.....U.J.3. .....P.R`Xuq..`BDdG.....b...A.7......r0/..A.Zqf.}......W.D..{.......2..0....T...|.U.>.=..D;..!.Iv...R3...4.......3..X.e..f.f..[...K....|.b.+.0......1.T] #h.y9.]....,K...m...,?.])...}.d.>.y;.c....d$&.&.....MY=K...N.A....&....p.cY....qu"fp....B`WH..d.....;@...<.!.J.n.e.V..2....

C:\Users\user\AppData\Local\Temp\olk5299.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):81920
Entropy (8bit):5.923269693351471
Encrypted:false
SSDEEP:
MD5:66485A2E2DBE708FCC355BA736E3AB03
SHA1:A889707E6BAB4DC6AECED90731863220BB8B5896
SHA-256:CA802C84E8F3A00AE880EF1CFC667000DE680F78AB8D002F07865912FD4B46C7
SHA-512:2CB9A0F1295732714FC2F648B82E57BC9BA6DB63210EC3C1523E931B53EF21ECDB96F405C92F6188EE04BC79DCA2FE6117933210DA88F3A96CA68A7BE2976E50
Malicious:false
Reputation:low
Preview:N......IDAT.\..e..F^W..4.....E..Yu..Xi.?lQ..!.6 .`%pF3..,/....a!:.eQ.2....B.........TPo...|..q......).jw.s.3.O.n....&.;. ..HD.....W.J.........Xv...t..G.........5./x..=.1......<.-m..C.%.....C}..d]..b.8......'?...k...@.S..T..+.....h.<<....a....y'K'hs.._%..D..\P.H.V.kg,...@...`.r......g.........U.R..H.!I....4.Z...yL.E[....,r....>V...%..WwlsuM........V.V....(;.M[..KY.7i{..)$..w`..7k!..K..qc...K|..k..y.n..j.N.LS.Ak....v.T....A.n.T..}.....q.r..[...3p.....#f.n...z.l.vV.-..`....f.....I..6...F[..1..J..X.f..-!v5...........y0....j^kl....m..u.,..\....;.*,3.....a(.%.....b..B&.2..A|...l.9.d...0C........T.\,..@..%Z<.....Y.q.{....e4.......q:..O.Y3.. ....G..{+...D...ojO..yp.:.U.oM.....x...{..e....Qw../.....|U......>....R.-..P.X.5.S..b..}.G_y...nKl.6.......'....#..E.J\..I..1.l.mV7BT.LO....Zk6.G...I ....C.u.;'t..t..y....7.....TM3.....>-3.S7 .K..Vex..E[R.M.....cY.M......Z....Nh......0q[e.....@$..%......ns.ys.9..-..u.:].......}.......14.]....HP.........F

C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):538795
Entropy (8bit):5.985703860101417
Encrypted:false
SSDEEP:
MD5:EB96E883A4940F0AF21CAE489BCD903F
SHA1:71BA226B0D224DBBF3385288A6778DA3A4F63748
SHA-256:0CA5BE74B75207392DEDFA61FE94F667C7B8BC48CC057B61E68EB8CF96B904A6
SHA-512:95381AFE593934665D5895374B1FDFA62A1F4608BB510252F210B5C740ECC200DC41C8A3435021AB4E8537C12D8D420DD6FBF0CB178995747286D1687FB696BC
Malicious:false
Reputation:low
Preview:RNWPREP...A..<.l........h8.......&.fZ..J..nY~.{..W..X's~d.V..Em@...P.Q.....uY|P8.......$S.,..`......L`.....$S...`VY.....L`.....M.Rb.................c.@........... ....Qb........Re..`F.....Qb...~....aa..`.....D..Qb........u_..`.....D..Qb........Xy..`......Qb........ZT..` .....Qb........ZA..`.....D..Qb6.......iy..`......q.`V....D..Qb^@......Ig..`:....D..Qbn..@....Pw..`.....D..Qb.@......c_..`......Qb........Pm..`.....D..Qb..c.....dg..`.....D..Qb........_o..`......Qb... ....hc..`......Qb.@Cc....No..`@.....Qb...t....td..`......Qb..}~....Ok..`d.....Qb........bf..`.....D..Qb..K.....CA..`......Qb...%....XC..`......Qb........nn..`.....D..Qb.@ .....tr..`.....D..Qb.@ec....Na..`D....D..Qb........zh..`^....D..Qb.An.....Cs..`.....D..Qb..yQ....iA..`>....D..Qb&..A....hS..`.....D..Qb:......et..`>....D..QbB.\*....Io..`.....D..QbN.K=....bt..`.....D..Qbb......Dt..`......D..Qb.A.Y....vo..`@....D..Qb........Bw..`.....D..Qb..j.....Sv..`,....D..Qb...(....ma..`......Qb..V.....gI..`J....D..Qb...#....Nu..`.

C:\Users\user\AppData\Local\Temp\~DF9CC594ABB9941B0B.TMP

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):163840
Entropy (8bit):0.4384347573017172
Encrypted:false
SSDEEP:
MD5:98CF0C91F946ADC64CACA80D51E9BDAB
SHA1:24EE428F13D824E9B6451361E211AA1A973F04A3
SHA-256:2BC14F3C11F914B028B152A79B2AC96C3FABE944ADAA3DBA1770FC94CF205D90
SHA-512:19EB241D41FC8ECF47DF79E28F56FC83CC1CABC8660B5149711ABA5CB4F80ACA6D620E6A99EEC09C49098C7519BF5B4DD365AE85CFB733E3856F32EB2BDF0B0E
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Outlook email folder (>=2003)
Category:dropped
Size (bytes):271360
Entropy (8bit):1.2955073617961108
Encrypted:false
SSDEEP:
MD5:FF15332ACB1DA88BF483B4E3FE5DC617
SHA1:DCF6A64A1670C2AA32C2A12EE8A38446A81ACB14
SHA-256:06E0B2650CA186128CF27F4D4C0E765937C8E130379C751F00407A8C419981E2
SHA-512:214F5D7A2CAD07969393AA1B9112314DB245677C2E9FD4B04CF25A9C76885A7F4973CFE2A2ADFDF98AD98FB0DB2649E02CDF9D2DEB91B903160823A4F7BEFB36
Malicious:false
Reputation:low
Preview:!BDN.E^.SM......\....I..........;.......U................@...........@...@...................................@...........................................................................$.......D.......V..............7...............:..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:DOS executable (COM)
Category:dropped
Size (bytes):131072
Entropy (8bit):0.9622982535228154
Encrypted:false
SSDEEP:
MD5:400919A71EAB1491BAF1FE67C826880C
SHA1:5E5F4831CDD6BCB15BF3AE555C55D861E177D4B3
SHA-256:703C5D35833AC6836F2E8251E07CAD10CB63996A297C687FD05AC86122FA8D07
SHA-512:F2E2D55BB4AAEE51EA342F192AE6E80A0483CF3BA03E9F6D51A504136C33A0ED9D80DA9A8C338AC6169F701C692CF21BD40D77EA3B2F3A57456528DCB8AACD77
Malicious:false
Reputation:low
Preview:...|C...R.......|.......AM....................#.!BDN.E^.SM......\....I..........;.......U................@...........@...@...................................@...........................................................................$.......D.......V..............7...............:..............................................................................................................................................................................................................................................................................................................AM.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:CDFV2 Microsoft Outlook Message
Entropy (8bit):7.721096638735946
TrID:
  • Outlook Message (71009/1) 58.92%
  • Outlook Form Template (41509/1) 34.44%
  • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:From Tutz Honeychurch. Hawaii USA..msg
File size:9'303'040 bytes
MD5:527bd9a19af2d87ff5edcf732f67206f
SHA1:39034c617dc89431c277373439cc44e2de861315
SHA256:a4641cdd0e3256b277fb4767dcbea2e17af01e80e7e9e325d2ed4cb8a2ea7e78
SHA512:3dc069b3bdf8d3b8fc4025a4d42894e456c3585a3144fe17ad80fe71d084dcda6fd0c6a4b31292de4494d954ce799e9a64578f67c831eed6bd0a46bce1355bab
SSDEEP:196608:bIVfvtQo4hBtIQnNFDteBkYTJJv77o9VdyCqt6Ry:qqBSkxkB1rKVwCqU
TLSH:C796E01136B98B8EF27F8F721AE680874922BCC6ED10979F3345774E1531981A5B2F1B
File Content Preview:........................>.......................................6....-..........i...............................................................K...L...M...N...O...P...Q...R...........................q......................................................

Static Mail

General

Subject:From Tutz Honeychurch. Hawaii, USA.
From:Trudie Rosa <tutzhoneychurch01202417@gmail.com>
To:Virginia.Phifer@agr.georgia.gov; hrhelp@dch.ga.gov; kjohnson@srta.ga.gov; leishea.johnson@house.ga.gov; mjohnson@jekyllisland.com; sjohnson@georgia.org; john.kennedy@senate.ga.gov; info@senatoralbers.com; john.barmann@doas.ga.gov; jbauer@gwcc.com; john.boan@gvs.ga.gov; john.carson@house.ga.gov; "john." <corbett@house.ga.gov>; john.fuchko@usg.edu; jjurkiewicz@sos.ga.gov; john.lahood@house.ga.gov; john.e.mckay8.nfg@army.mil; jmoffatt@georgia.org; john.porter@ltgov.ga.gov; John.Shugart@agr.georgia.gov; john.wilkinson@senate.ga.gov; bruce5347@aol.com; srodgers@gnfa.com; scrogers@gnpec.ga.gov; mandi.ballinger@house.ga.gov; roger.custin@doas.ga.gov; rhayes@gohs.ga.gov; rhrogers@gapost.org; rustyrogers@djj.state.ga.us; gerald.greene@house.ga.gov; gerald.pilgrim@spo.ga.gov; gerald.smith@spo.ga.gov; gerald.schaefer@doas.ga.gov; gneal@gnfa.com; greg.dolezal@senate.ga.gov; gdozier@tcsg.edu; greg.kirk@senate.ga.gov; greg.morris@house.ga.gov; GWCCPublicSafetyInfo@gwcc.com; beth.green@ltgov.ga.gov; beth.green@house.ga.gov; jenna.wiese@usg.edu; gregg.kennard@house.ga.gov; reg.griffin@decal.ga.gov; john.meadows@house.ga.gov; matt.brass@senate.ga.gov; mcolvin@georgia.org; matt.dollar@house.ga.gov; matt.dubnik@house.ga.gov; matt.gurtler@house.ga.gov; matt.hatchett@house.ga.gov; mattjones@doe.k12.ga.us; marty.harbin@senate.ga.gov; Lisa.mantz@djj.state.ga.us; marty.smith@spo.ga.gov; danny.mathis@house.ga.gov; jmathis@gfstconline.org; mattie.robinson@djj.state.ga.us; Geoff.Duncan@ltgov.ga.gov; gary.black@agr.georgia.gov; hailey.ghee@usg.edu; ggravett@tcsg.edu; mgray@gfc.state.ga.us; christine.greene@doas.ga.gov; Gary.Kelley@agr.georgia.gov; gwen.middleton@doas.ga.gov; godonnell@georgiaquickstart.org; gwhite@gfc.state.ga.us; mgeiger@gwcc.com; terry.rogers@house.ga.gov; Derrick.Lastinger@agr.georgia.gov; calandra.fergerson@vs.state.ga.us; brad.raffensperger@house.ga.gov; rbrown@georgiaquickstart.org; darlene.taylor@house.ga.gov; nbrackett@georgia.org; matthew.gambill@house.ga.gov; karen.mathiak@house.ga.gov; matthew.wilson@house.ga.gov; matthew.wolfe1@gdc.ga.gov; mwoodruff@sos.ga.gov; chuck@martinforgeorgia.com; pk.martin@senate.ga.gov; martin.momtahan@house.ga.gov; nanciemasters@phoenixcenterbhs.com; cmay@vs.state.ga.us; tcitron@cobbcsb.com; nsmith@georgia.org; njensen@jekyllisland.com; quickrxdrugs@yahoo.com; NZaharis@sos.ga.gov; patn@gnpec.ga.gov; jcoconnor@dhr.state.ga.us; tnorton@jekyllisland.com; lorna.sippo@doas.ga.gov; lorraine.hoffmann-polk@dor.ga.gov; gloria.butler@senate.ga.gov; frazier26@comcast.net; tlowrimore@gfc.state.ga.us; jodi.lott@house.ga.gov; sheila@gdaonline.com; clogan@gaports.com; brenda.lopez@house.ga.gov; ellis.black@senate.ga.gov; sellis@pathwayscsb.org; karin.elliott@usg.edu; efranko@dhr.state.ga.us; elisabetta.kasfir@decal.ga.gov; melissac@gsfc.org; andre.elam@spc.ga.gov; mtodd@tcsg.edu; madams@gwcc.com; mark.bannister@vs.state.ga.us; mary.scruggs@doas.ga.gov; mdalessio@tcsg.edu; mark.demers@vs.state.ga.us; mack.jackson@house.ga.gov; mjaronski@georgia.org; mlee@georgia.org; fred.mays@gbi.ga.gov; marc.morris@house.ga.gov; mark.newton@house.ga.gov; mpeevy@tcsg.edu; markp@gsfc.org; markphillips@highlandrivers.org; mary.robichaux@house.ga.gov; brandon.beach@senate.ga.gov; Kerry.herndon@dor.ga.gov; lgammage@tcsg.edu; laura.mcdonald@gbi.ga.gov; lauren.curry@georgia.gov; laura.lanier@trsga.com; blacy@georgia.org; RCL@gsfc.org; chip.lake@ltgov.ga.gov; Larry.Blankenship@dnr.ga.gov; jeff.lacks@gsfic.ga.gov; Larry Walker <larry.walker@senate.ga.gov>; ben.luke@georgiacourts.gov; stacey.lutz@gosa.ga.gov; Cindy.Levi@avitapartners.org; william.lewis@dcs.ga.gov; charles.elrod@dor.ga.gov; elena.parent@senate.ga.gov; erin.bryant@gsfic.ga.gov; exdirector@georgiagames.org; ewaldman@gadome.com; MAlleyne@georgia.org; ophelias@gsfc.org; jacqueline.booker@georgiacourts.gov; angelika.kausche@house.ga.gov; cburton@llida.ga.gov; charles.releford@fultoncountyga.gov; carl.gilliard@house.ga.gov; carl.hall@doas.ga.gov; cdebose@tcsg.edu; carla.gracen@doas.ga.gov; doreen.carter@house.ga.gov; kristy.carter@cjcc.ga.gov; sandra.carter@sao.ga.gov; sharon.carter@doas.ga.gov; scarter@dds.ga.gov; thomas@gdaonline.com; camia.hopson@house.ga.gov; mcoan@sitf.ga.gov; clay.cox@house.ga.gov; clay.pirkle@house.ga.gov; ddabrowiak@tcsg.edu; barry.fleming@house.ga.gov; barry.ogletree@djj.state.ga.us; Email Phone View Agency Email Phone View <sgordon@river-edge.org>; natalie.crittendon@fultoncountyga.gov; jcraig.gordon@house.ga.gov; mgordon@georgia.org; tgordon@georgia.org; ghenderson@gfstconline.org; csanders@srta.ga.gov; clarence.ingram@doas.ga.gov; cmcgowan@sos.ga.gov; chookep@osah.ga.gov; charlette.uqdah@dor.ga.gov; swoods@gohs.ga.gov; csouthern@srta.ga.gov; rhen.cain@treasury.ga.gov; charles.lawrence@doas.ga.gov; Cathy.Barnette@dnr.ga.gov; sandracraine@holocaust.georgia.gov; carie.steele@doas.ga.gov; david.clark@house.ga.gov; heath.clark@house.ga.gov; james.clark@gdc.ga.gov; jasmine.clark@house.ga.gov; kclark@gefa.ga.gov; clark.wong@spc.ga.gov; carolyn.hugley@house.ga.gov; carolyn.kaplan@ers.ga.gov; bcarswell@jekyllisland.com; cellerbee@gnfa.com; dcapraro@osah.ga.gov; kasey.carpenter@house.ga.gov; kaleb.mcmichen@house.ga.gov; kalil.smith@spc.ga.gov; khornsby@tcsg.edu; kate.coker-daisie@dor.ga.gov; krussell@georgia.org; katie.byrd@georgia.gov; katie.dempsey@house.ga.gov; kharris@jekyllisland.com; katherine.ruiz@spc.ga.gov; kay.kilpatrick@senate.ga.gov; pat@patgardner.org; pwilson@georgia.org; karen.bennett@house.ga.gov; don.hogan@house.ga.gov; repdon@donparsons.org; ddavis@jekyllisland.com; donna.bowman@treasury.ga.gov; donna.mcleod@house.ga.gov; Donna.Moore@dph.ga.gov; donna.tebought@gdc.ga.gov; donovan.head@gosa.ga.gov; donzella.james@senate.ga.gov; bdonaldson@oig.ga.gov; Daniel.Duncan@agr.georgia.gov; Doug.Haymans@dnr.ga.gov; Doug.Killingsworth@agr.georgia.gov; jon.burns@house.ga.gov; lee.hawkins@house.ga.gov; lee.poage@treasury.ga.gov; lthomas@georgia.org; thomasle@audits.ga.gov; apayne@sitf.ga.gov; alisa.pereira@spo.ga.gov; alisa.pereira@gsfic.ga.gov; glendale@gefa.ga.gov; a.mosley@stonemountainpark.org; alan.abercrombie@treasury.ga.gov; timothy.barr@house.ga.gov; camala.ball@vs.state.ga.us; stacy.hall@agr.georgia.gov; al.howell@doas.ga.gov; al.williams@house.ga.gov; erick.allen@house.ga.gov; glenn.allen@djj.state.ga.us; lynnette.allen@fultoncountyga.gov; Michelle.Allen@dph.ga.gov; tallen@georgia.org; sally.harrell@senate.ga.gov; Natalie.Adan@agr.georgia.gov; azimmerman@tcsg.edu; akerber@georgiacore.org; mmalihi@osah.ga.gov; alan.perry@spo.ga.gov; alanpowell23@hotmail.com; asmith@gfstconline.org; alan.watson@gdc.ga.gov; hbraswell@gpstc.org; paul.shaw@gapsc.com; paula.calhoun@gta.ga.gov; paulette.petty@doas.ga.gov; pgriffin@georgiaquickstart.org; suzette.parks@dor.ga.gov; chuck.payne@senate.ga.gov; perglp@audits.ga.gov; anna.schrews@spo.ga.gov; peter.adams@gdc.ga.gov; jesse.petrea@house.ga.gov; peterson.david@georgiacourts.gov; pskandalakis@pacga.org; fpoe@gwcc.com; phaberly@tcsg.edu; penny.houston@house.ga.gov; stacey.peace@gsfic.ga; pamela.stephenson@house.ga.gov; Pam.Stevens@decal.ga.gov; park.cannon@house.ga.gov; samuel.park@house.ga.gov; patty.bentley@house.ga.gov; pamela.hill@djj.state.ga.us; miriam.paris@house.ga.gov; mariam.paris@house.ga.gov
Cc:
BCC:
Date:Sun, 21 Jan 2024 23:47:29 +0100
Communications:
  • CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Attachments:
  • 366755034_1318567208774252_8001601623022940035_n - Copy.jpg
  • CorrectedNote12182023.png
  • CorrectedNote01112024.jpg
  • Anastasia and Drizella.png
  • 2ndNote12182023.png
  • I apologize, READ FIRST (1) - Copy.pdf
  • READ SECOND (1).png
  • Note 121323.png
  • READ THIRD.png
  • Three.pdf
Key Value
Receivedby mail-qv1-f53.google.com with SMTP id 6a1803df08f44-68183d4e403so17073116d6.1;
2248:05 +0000
by SA0PR09MB6572.namprd09.prod.outlook.com (260310b6:806:ac::8) with
2024 2247:51 +0000
(260310b6:930:d4::19) with Microsoft SMTP Server (version=TLS1_2,
Transport; Sun, 21 Jan 2024 2247:51 +0000
Authentication-Resultsspf=pass (sender IP is 209.85.219.53)
Received-SPFPass (protection.outlook.com: domain of gmail.com designates
15.20.7202.16 via Frontend Transport; Sun, 21 Jan 2024 2247:50 +0000
Sun, 21 Jan 2024 1447:50 -0800 (PST)
DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed;
h=tosubject:message-id:date:from:mime-version:x-gm-message-state
from:to:cc:subject:date:message-id:reply-to;
X-Google-DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed;
X-Gm-Message-StateAOJu0Yy6VPo9mJ6lN+BMXObbOwE7P0D9kvemODA0im0eD4x0w3g7D77l
X-Google-Smtp-SourceAGHT+IHaue5Yuuzfvdu8UKDNsfDVpPY1ha6W3nKmQQtsUKw+bdQz8hAj9xdEyZLifm3NhwFdg9EaWuNSbwR7GwndouA=
X-Receivedby 2002:ad4:5749:0:b0:686:309e:14d2 with SMTP id
Jan 2024 1447:45 -0800 (PST)
MIME-Version1.0
FromTrudie Rosa <tutzhoneychurch01202417@gmail.com>
DateSun, 21 Jan 2024 12:47:29 -1000
Message-ID<CAJcB-522T9bKxaqgvaCeQT3KtKEGkWrRcVBYcF=-8UJLz9V37g@mail.gmail.com>
SubjectFrom Tutz Honeychurch. Hawaii, USA.
ToVirginia.Phifer@agr.georgia.gov, hrhelp@dch.ga.gov, kjohnson@srta.ga.gov,
Content-Typemultipart/mixed; boundary="00000000000073c26f060f7c8094"
Return-Pathtutzhoneychurch01202417@gmail.com
X-MS-Exchange-Organization-ExpirationStartTime21 Jan 2024 22:47:50.8679
X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id74a458ba-5a79-442e-5fc0-08dc1ad2ff50
X-EOPAttributedMessage0
X-EOPTenantAttributedMessage3ba88d15-70d4-4b83-8474-db703319c2a0:0
X-MS-Exchange-Organization-MessageDirectionalityIncoming
X-MS-PublicTrafficTypeEmail
X-MS-TrafficTypeDiagnosticSA2PEPF00002253:EE_|SA0PR09MB6572:EE_|DM8PR09MB7334:EE_
X-MS-Exchange-Organization-AuthSourceSA2PEPF00002253.namprd09.prod.outlook.com
X-MS-Exchange-Organization-AuthAsAnonymous
X-MS-Office365-Filtering-Correlation-Id74a458ba-5a79-442e-5fc0-08dc1ad2ff50
X-MS-Exchange-AtpMessagePropertiesSA|SL
X-MS-Exchange-Organization-SCL1
X-Microsoft-AntispamBCL:0;
X-Forefront-Antispam-ReportCIP:209.85.219.53;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail-qv1-f53.google.com;PTR:mail-qv1-f53.google.com;CAT:NONE;SFS:(13230031)(4636009)(84050400002)(852800001)(230273577357003)(230173577357003)(9402899012)(451199024)(6211899012)(1096003)(450100002)(8676002)(33964004)(6666004)(110136005)(42186006)(76482006)(58800400005)(336012)(26005)(82202003)(21480400003)(73392003)(1191002)(28085005)(5660300002)(86362001)(55446002)(921011)(7596003)(356005)(7636003)(2721855003);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime21 Jan 2024 22:47:50.6492
X-MS-Exchange-CrossTenant-Network-Message-Id74a458ba-5a79-442e-5fc0-08dc1ad2ff50
X-MS-Exchange-CrossTenant-Id3ba88d15-70d4-4b83-8474-db703319c2a0
X-MS-Exchange-CrossTenant-AuthSourceSA2PEPF00002253.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAsAnonymous
X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
X-MS-Exchange-Transport-CrossTenantHeadersStampedSA0PR09MB6572
X-MS-Exchange-Transport-EndToEndLatency00:00:14.7240544
X-MS-Exchange-Processed-By-BccFoldering15.20.7202.028
X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420123);
X-Microsoft-Antispam-Message-Info=?us-ascii?Q?JBRFEuQap6BS1H8RVzySfISw0ofpopoVEoOpGlgv14msasUNjaAjb7mTkgsn?=
dateSun, 21 Jan 2024 23:47:29 +0100

File Icon

Icon Hash:c4e1928eacb280a2