Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Status_ Message For choulihan@biolegend.com.eml

Overview

General Information

Sample name:Status_ Message For choulihan@biolegend.com.eml
Analysis ID:1380534
MD5:67a00718bb82935a2a9ddcf4a2f17cc1
SHA1:cd68303f2fbbfaf4062f5d88f181ca853617cc2e
SHA256:5a7f36ccf6bb0753e0d5ff08efc908be1fe8e942b9f7a0a6063cdc5bfa4097de

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 2544 cmdline: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Status_ Message For choulihan@biolegend.com.eml MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6360 cmdline: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D927BB55-C7A7-4BE4-9737-7CFD960603D9" "536187DB-428E-461E-8C44-70582CD47D88" "2544" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engineClassification label: clean0.winEML@3/18@0/53
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240124T1819330940-2544.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Status_ Message For choulihan@biolegend.com.eml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D927BB55-C7A7-4BE4-9737-7CFD960603D9" "536187DB-428E-461E-8C44-70582CD47D88" "2544" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D927BB55-C7A7-4BE4-9737-7CFD960603D9" "536187DB-428E-461E-8C44-70582CD47D88" "2544" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
52.113.194.132
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
20.42.65.90
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.111.229.63
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.54.200.130
unknownUnited States
16625AKAMAI-ASUSfalse
52.109.20.38
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

General Information

Joe Sandbox version:39.0.0 Ruby
Analysis ID:1380534
Start date and time:2024-01-24 18:19:01 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:Status_ Message For choulihan@biolegend.com.eml
Detection:CLEAN
Classification:clean0.winEML@3/18@0/53
Cookbook Comments:
  • Found application associated with file extension: .eml
  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 52.109.20.38, 52.113.194.132, 23.54.200.130
  • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, s-0005-office.config.skype.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, e16604.g.akamaiedge.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.
  • VT rate limit hit for: Status_ Message For choulihan@biolegend.com.eml

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):231348
Entropy (8bit):4.386409460538605
Encrypted:false
SSDEEP:
MD5:6EECDD6A156906D224AE096DCF297F32
SHA1:680EB1C49E7A11371A8C65A9CF83A3D420143BD6
SHA-256:1E703BD13E3148BE3B6211A32BE4236CBAB65C87D784DCEB845C5269C9F1904E
SHA-512:1E4D93AE692C2161B3FF9BED3BE29AE37231973DB8A19AD24F52889934CEB43E21E09B0F94A489B45E0B0C7530C5A2DB9CE721B2771821D6BA99015DA5730AC3
Malicious:false
Reputation:low
Preview:TH02...... ..ov.N......SM01X...,.....cv.N..........IPM.Activity...........h...............h............H..h4..........6...h.........e..H..h\cal ...pDat...h....0..........h..._...........h........_`.j...h..._@...I..w...h....H...8..j...0....T...............d.........2h...............k..............!h.............. h.$. ..........#h....8.........$h.e......8....."h.g......xc....'h..............1h..._<.........0h....4.....j../h....h......jH..h....p...4.....-h ............+hX.._....(................... ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
Category:dropped
Size (bytes):1869
Entropy (8bit):5.087638833183498
Encrypted:false
SSDEEP:
MD5:82EA675F8C87E04B5CADBF58D89C4F2A
SHA1:A1FD9494217025ADA1465B8652E112F1CECC1B31
SHA-256:8D80654BD56E7402701C21CBB003FA8068AD09F99E45AFED37054790D9DBF013
SHA-512:95BE0DBAA0B40552D7A1C496A1B8090BC5671D654C395640B74358DCD89D9AAEB0D07092CA5EE72B8E4767671B44C41D4D9812138F2C35C50B4F690D444F1FAC
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-01-24T17:19:34Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2024-01-24T17:19:34Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2024-01-24T17:19:34Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2024-01-24T17:19:34Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2024-01-24T17:19:34Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2024-01-24T17:19:34Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:JSON data
Category:dropped
Size (bytes):520128
Entropy (8bit):4.90769541415434
Encrypted:false
SSDEEP:
MD5:3B91B07226DA43AA3096B72358BFB5E0
SHA1:92D98CB137664D5943790FD725495B3B2DF74CD1
SHA-256:31E98819C6C7183E67326D60DFD074BD54CD670D8A6D3E283BBD4CB12E047723
SHA-512:105D2B3522DD64DE3A7D4642347F5684FEC33A4C329601A6BED191BF594DC170AEF457098CA5817E371FC998E0F6AE5A8BB7210488A1E4B31ACA89F3302BD77F
Malicious:false
Reputation:low
Preview:{"MajorVersion":4,"MinorVersion":38,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_38.ttf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_38RegularVersion 4.38;O365
Category:modified
Size (bytes):767532
Entropy (8bit):6.559134031163703
Encrypted:false
SSDEEP:
MD5:CBF459234D8EDB73A82FDF3DBAA457E4
SHA1:B249128952BCDD90CB21414E12E51DE0AE601595
SHA-256:5C008CE19DEAFA53AB1594FA7F048FDC822BCF44589E24A16429D95BD046F5F9
SHA-512:946468D7608BD513F42B915B79E67D9B39385AB705F0E9E41C72DADD8AB117337E6AC3862E9EAA1B32B0D47BF8FCCD671E5F72A65C8811CE3E71E9BAE0C6CA5C
Malicious:false
Reputation:low
Preview:........... OS/29....(...`cmap.s.(.......pglyf..&?...\....head1.R........6hheaE.@r.......$hmtxr..........0loca.+.....(...4maxp........... name.W+.........post...<....... .........0.._.<...........<............Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................l......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\CBA4B645-7C7B-4DD9-8939-9965BBA88BE0

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):164757
Entropy (8bit):5.342953918620872
Encrypted:false
SSDEEP:
MD5:07B238297BF6631433C3AFABDCE5D0E3
SHA1:B085AC859C67A2F53E595CA4FA0BAE64877AA61E
SHA-256:74D3D985AA6CA5C1353248053A2982EA011B07EC5C679F2D811573E56C3ED695
SHA-512:B54B204EDAB5C64CD67EB68A399F7813A476309267CF3A6FB18307724FA9A8B10E82867240DD0C36109BD5A0613FC92AC6F70250F6B3FBADF016F66EF0A3ED8F
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-01-24T17:19:36">.. Build: 16.0.17321.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.04559118366510245
Encrypted:false
SSDEEP:
MD5:499C9CCD4538668BA21C0BDAFA576EF4
SHA1:13C40F07DBF1D490DCBB0AAD4AA579FC22F60B7D
SHA-256:B72670298E0402F0784BBED69F2FA94EA1B7AF0B1EE4CA98907413B8928DD2BD
SHA-512:B96F989AEDF191C8B14A5DA652D39B1C376C46D00D5EED6A0BBB8CD1D24022CD6F4377BB3E6FF964BF52B6AEC6D07C235A3E7A8B930212680114B29A5CA0C763
Malicious:false
Reputation:low
Preview:..-.....................R.6.$.......P....I...-,...-.....................R.6.$.......P....I...-,.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Write-Ahead Log, version 3007000
Category:modified
Size (bytes):49472
Entropy (8bit):0.48419857155884266
Encrypted:false
SSDEEP:
MD5:A381AAD50A5B22052EAFB05BE13F1052
SHA1:003314548D1832D435675FAEE9D02110672A73A6
SHA-256:777DD99A5D3EF57D9273723BE269E29BA63BE8F2D697DBC2AD45CBF58A3BF87D
SHA-512:FD8B4E0A8CD921742646ADF3362D5ED8C07ACC1B68AC675DB1D5E9B5E3D97851F5BD44FBE6FA9EFE48895D6F5A4E7D6F30650D760DD9AF4F48770F0243A1AC4B
Malicious:false
Reputation:low
Preview:7....-..............P....h..pk..............P....A.."...SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1E84C87B.dat

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 2824x2541, components 3
Category:dropped
Size (bytes):471623
Entropy (8bit):7.567944434990685
Encrypted:false
SSDEEP:
MD5:C1B0608B95D859E4687E8D8FA5869CFD
SHA1:9BC5719D1174B0333FB8494E76B915D133E0FCFD
SHA-256:076F59A753862B5EDBF9D32C9A836921B460B8EFDA4F7F5B82429737D6C9D762
SHA-512:6A239170084449DC2ED82358323E3D1B7E575A6BA2CCB32A829718217538A1D0E44CB4EE826738F4B89F36776BE7A584B7AE0D2EACDCFF673E10CDB747CDCF83
Malicious:false
Reputation:low
Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{336543AA-842C-4A45-9B9A-AB903B9F511D}.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):1536
Entropy (8bit):0.9133380184988859
Encrypted:false
SSDEEP:
MD5:50821B554E192A5CE51D1760A3E2E5F0
SHA1:E7DDD2F8CDCF16826A5A337043BD634546DA6CF9
SHA-256:6E3E79F0D2ADF51877BC2E155AE7E93F611FD772D6EB55478EA39E09A7F7D0E2
SHA-512:25F1E2021BE99B400C02617BA4A23C2E4DED3AFFBB6067B2459C84D26D0342FC91D9E54BAAA65B069EF0006C32DA3ACF62E689266EE37825CD8FAA263A38A1CC
Malicious:false
Reputation:low
Preview:....I.N.C.L.U.D.E.P.I.C.T.U.R.E. .".c.i.d.:.f.9.7.0.2.8.a.f.5.e.6.d.5.7.4.4.8.4.3.3.a.3.4.b.d.f.8.0.0.8.4.f.". .\.*. .M.E.R.G.E.F.O.R.M.A.T.I.N.E.T... . ...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1706116774378700500_08738251-B712-4BDE-A47A-612CDF04D655.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (28763), with CRLF line terminators
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.17951808961109608
Encrypted:false
SSDEEP:
MD5:4FA7816E971897F0B622E15EA6442EF0
SHA1:BD53080FD8D9601AE968E3188A69B5B78FFD05B1
SHA-256:7D8581A9DF00A7FA3F788C8A8D52B59C9FCF0DC21B35904DA5FF9D248B91AE1F
SHA-512:81B655F55CBC4922AD990F5F9E1C14C5C2EC37675DBCAE4F6588E1DB2AA665E448301A83FD7F0D5AE3F6BF87E0C3A186EB9F30144C4020B036892D0E418BA97F
Malicious:false
Reputation:low
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..01/24/2024 17:19:34.545.OUTLOOK (0x9F0).0x1464.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-01-24T17:19:34.545Z","Contract":"Office.System.Activity","Activity.CV":"UYJzCBK33kukemEs3wTWVQ.4.9","Activity.Duration":26,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...01/24/2024 17:19:34.593.OUTLOOK (0x9F0).0x1464.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-01-24T17:19:34.593Z","Contract":"Office.System.Activity","Activity.CV":"UYJzCBK33kukemEs3wTWVQ.4.10","Activity.Duration":17263,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVer

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1706116774380463200_08738251-B712-4BDE-A47A-612CDF04D655.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:false
Reputation:low
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240124T1819330940-2544.etl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:modified
Size (bytes):110592
Entropy (8bit):4.526308472114107
Encrypted:false
SSDEEP:
MD5:1F07BCBBFEA46B60F3BAF0ADE5833193
SHA1:916E4B2B65EB7826A77316E35FB8D2FF0147EF51
SHA-256:1F20F01F9EEF0A6348DDC31D44F773C6D55DE6D0188DEA3A9EBBB902494E7292
SHA-512:11199AA40BC63A98776406A40A0E54870234441FCE10749651ADCD7C565CB5BDA0B9253F7C43FA7BDF8C1C662CC8008312518AA25E6812122F491FA541F23BEB
Malicious:false
Reputation:low
Preview:............................................................................^...d.......~....N..................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1.............................................................F$,...........~....N..........v.2._.O.U.T.L.O.O.K.:.9.f.0.:.6.8.9.3.7.d.7.1.a.1.7.d.4.e.5.2.8.9.d.0.8.d.e.c.4.7.c.1.1.0.4.d...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.1.2.4.T.1.8.1.9.3.3.0.9.4.0.-.2.5.4.4...e.t.l.........P.P.d........{...N..........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\olkB368.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):340551
Entropy (8bit):7.4841135730915225
Encrypted:false
SSDEEP:
MD5:17D114B240DD3ED892F48D555B2E690B
SHA1:6315600B45480A6D4FFA4EA36BA9A90059143B44
SHA-256:40346A9A7D696CB081EA383B439C7CF310DE623AC0102C1A7F2F8B8D596AAB61
SHA-512:AF60C4542C7D9D10D0FFDD81F1C265652D7C36AA17C7E7D9672ADE70DBE330EB722A1F63A700B82C431825D152FC4168BA66A517A51028084ECC3CAF79593033
Malicious:false
Reputation:low
Preview:R...w..?......w..I.........Lc..n0..j.k....?.8.....x...I.._,.....zw...6#....s.G.e...6............^k...0~..+.M.CZ.B..........Bc...^%.*..U.......vVO.z9.%.X.P.....?....C....P[c{....&..-2....$8....+...,O...H...q~.....5v..n-...5...x.?._x~...ue..O....Z....5...5...A,@....~v..I.'|J..~/.........i,M.p...@.....3'*9.V.~.....r.(NX.<S.....N..D..~.^.e.-...C..?..W........kp)....?.!....~..4v..\}.O_0D........|.....zw._.H"bK|...Vw...z~.{G.4.FY.'.......t..<.............ps_...w.;.R...UE.~.~.._.q....6Qg..Z.K....%X.+xp...@._.W.......=...U*..........E ?.N..Q...5...C._...l..w..m.Icr!^..~.....}w...?H.H.....K.4...yG...."...t.>....:.k.H...h..a..).......-u...O..f..m_OMWO...I..=..........Z..?.;.o...GQv...h.9<...|%.\......+>..h.YL....K.'....F...e{....Q.....\["...6.9.z.3................x.D...n.E....'+...w..:|..p.{.....<M.xM....A.#.n...O.....i.....Mz.^..5..v.I.N.+cV6..i.v.._.O.,.%k.b.............L.S..>...-..m............>j_..d.u..*..I.<q......'..W.cG.<E.......o:.J..B..^..K.......

C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):538835
Entropy (8bit):5.984927752427164
Encrypted:false
SSDEEP:
MD5:83F00296FD096EB3EF426A0AE9629A76
SHA1:9C3D77F1B7CD1DB73692D2C9E1C4EA1203EB939B
SHA-256:F032DE7390503836EF044C5C4A21533EA7EA628D51BF31A616C58842754A161F
SHA-512:73BBD641EE117A5434902B36A9827A12D9DF54E62C7C6D38C38AE04060ACFD59B1D45A665D8321F56E26B9662736E45FEFD1FF3FE2C9035EBE1E59FC3512B010
Malicious:false
Reputation:low
Preview:RNWPREP...A..<.l.........8......^.3. .*.|1-7.B.O.....F.}.$f@...P.Q.....uY|x8.......$S.,..`......L`.....$S...`VY.....L`.....M.Rb.................c.@........... ...D..Qb...7....Ms..`.....D.....`"....D..Qb".......Wc..`.....D..Qb*.C.....lk..`.....D..Qb2@.O....Jk..`.....D..Qb:..f....ip..`.....D..QbB.G.....la..`d....D..QbN@......vg..`......QbN@......g_..`.....D..Qb^@.=....Bp..`"....D..Qbf.......JI..`......Qbj.7.....PC..`.....D..Qbf..(....fc..`t....D..Qb..<f....io..`......Qb........bn..`.....D..Qb........gT..`......Qb..:.....Gf..`V.....Qb..%.....CS..`.....D..Qb..@f....iy..`.....D..Qb.@.W....Ma..`~....D..Qb.],....Hh..`\.....Qb.......Ln..`&....D..Qb........Zg..`*....D..Qb........$t..`.....D..Qb........hT..`......Qb"./r....ol..`X....D..Qb6.......wo..`......Qb:.E(....jf..`.....D..QbB.......xA..`.....D..QbV.......Ie..`D.....QbV.rA....YS..``....D..Qbf.2....._t..`.....D..Qbv..~....Br..`......QbvA.O....Qy..`v....D..Qb.A......WC..`.....D..Qb...K....nC..`r....D..Qb........Hr..`......Qb..<"....

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):30
Entropy (8bit):1.2389205950315936
Encrypted:false
SSDEEP:
MD5:55B07B5D1C580CCF09FDE1F00D0A6B2F
SHA1:DB406B5D751D13538511603CCA5817B29B324A38
SHA-256:57D5F182BFDE6B0493D439FF7F47A21A0E7D0B1252AB998B1B137A582F6D025F
SHA-512:284FE1A102486BC89DCF96DAA0FDD7B14D0F6F9A3C881CEBBCA59DB83D799418558FE70D81374D59FEE9A5AD974C1442B4731427256CD3E96D448FCEB8521387
Malicious:false
Reputation:low
Preview:..............................

C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):14
Entropy (8bit):2.699513850319966
Encrypted:false
SSDEEP:
MD5:C5A12EA2F9C2D2A79155C1BC161C350C
SHA1:75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A
SHA-256:61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
SHA-512:B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B
Malicious:false
Reputation:low
Preview:..c.a.l.i.....

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Outlook email folder (>=2003)
Category:dropped
Size (bytes):2302976
Entropy (8bit):2.575588808171701
Encrypted:false
SSDEEP:
MD5:7DAF6CCDEE4AA8825905120958767D21
SHA1:B12D24CF7C04986F95A444B484129199B2ACCA56
SHA-256:4B45D50E8AE4D022EE7A4AABA351628587BC5F4F4F771FD221CD05EB4C93A438
SHA-512:02EE3EB1018DDD4E9A5156288ACE71B6606DFC012F0E94C1ACCD115675666B72E220A8B89899C605F95D919952F89B2A164A27EDBC3E82A73638AB9F3EC84CFF
Malicious:false
Reputation:low
Preview:!BDNj..eSM......\.......N..............Z................@...........@...@...................................@...........................................................................$#......D......@-..........................................................................................................................................................................................................................................................................................................................\.......Xr.O.GC.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):655360
Entropy (8bit):6.665166736686725
Encrypted:false
SSDEEP:
MD5:107DF13BFA1A9757F89E07AAB7747A83
SHA1:ADEE14AF870A5AD3812797FDC028CF0FE2E38D8F
SHA-256:ED76E8817CBFCFB88C9F9719B4609D75699E7751E1B2A069D025CD4A113C2E35
SHA-512:2392DBF6D1B223BFA31E385726EC00E39D047E756E1D70CFE5E596893CE7183095368281F88A790CB15E901528AD25D7EF7000D65F1E34CFB407F96CDF2BAC79
Malicious:false
Reputation:low
Preview:b..)C...................N....................#.!BDNj..eSM......\.......N..............Z................@...........@...@...................................@...........................................................................$#......D......@-..........................................................................................................................................................................................................................................................................................................................\.......Xr.O.GC.....N....................#.................`...h.R..........a............R.................8.....R.....................H.R.......................R.........@.......8....*R.@.......@............4R.D...............8....5R.H...................(6R.L....................6R.P.......@...........h7R.X.......@.......n....8R.X.......@.......n....8R.T....................8R.8...............n....3R.<...............(...H4R.@.......

Static File Info

General

File type:RFC 822 mail, Unicode text, UTF-8 (with BOM) text, with very long lines (385), with CRLF line terminators
Entropy (8bit):5.882882744171303
TrID:
  • Text - UTF-8 encoded (3003/1) 100.00%
File name:Status_ Message For choulihan@biolegend.com.eml
File size:656'237 bytes
MD5:67a00718bb82935a2a9ddcf4a2f17cc1
SHA1:cd68303f2fbbfaf4062f5d88f181ca853617cc2e
SHA256:5a7f36ccf6bb0753e0d5ff08efc908be1fe8e942b9f7a0a6063cdc5bfa4097de
SHA512:b4b72a21d2adb32f2505c4f0916efd0dd0bede8ede9f1cab229b14fcf71c638ee591cbf1c2dcc9c655ba8c3b237e34944d086897c841efa843d15d025ef1c11e
SSDEEP:12288:sF9icuXkhruTO6q9q8i6wXUgzxR7igD+g+zWp3lGT9X89:lcuXkheBvXRxDXVPGRXG
TLSH:17D4DE10C6B38E7B04925AEB581336D1A078F7F182EC95FB21B6AF63F0668F5C359611
File Content Preview:...Received: from SJ0PR10MB5859.namprd10.prod.outlook.com (2603:10b6:a03:3ef::13).. by SJ0PR10MB4718.namprd10.prod.outlook.com with HTTPS; Tue, 23 Jan 2024.. 23:25:28 +0000..Received: from CY8PR02CA0021.namprd02.prod.outlook.com (2603:10b6:930:4d::25).. b

Static Mail

General

Subject:Status: Message For choulihan@biolegend.com
From:Biolegend Doc File Message <iinstall@integrityinstallationsinc.com>
To:choulihan@biolegend.com
Cc:
BCC:
Date:Tue, 23 Jan 2024 23:25:13 +0000
Communications:
  • This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the system manager. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this e-mail. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the system manager. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this e-mail. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the system manager. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this e-mail. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the system manager. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this e-mail.
Attachments:
  • f97028af5e6d57448433a34bdf80084f
Key Value
Receivedfrom 45.79.111.213 ([45.79.111.213]) by mrelay.perfora.net (mreueus004 [74.208.5.2]) with ESMTPSA (Nemesis) id 1M424C-1rSQ8n47CS-0002Ul for <choulihan@biolegend.com>; Wed, 24 Jan 2024 00:25:14 +0100
Authentication-Resultsspf=pass (sender IP is 74.208.4.197) smtp.mailfrom=integrityinstallationsinc.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=integrityinstallationsinc.com;compauth=pass reason=109
Received-SPFPass (protection.outlook.com: domain of integrityinstallationsinc.com designates 74.208.4.197 as permitted sender) receiver=protection.outlook.com; client-ip=74.208.4.197; helo=mout.perfora.net; pr=C
DateTue, 23 Jan 2024 23:25:13 +0000
Tochoulihan@biolegend.com
FromBiolegend Doc File Message <iinstall@integrityinstallationsinc.com>
SubjectStatus: Message For choulihan@biolegend.com
Message-ID<db765167e9cb69a7235335f3581246f6@integrityinstallationsinc.com>
Content-Typemultipart/related; boundary="xSYiGqLkNTzZ//9U3XJLKCN/Bh"
X-Provags-IDV03:K1:2z/vUX7u9Ei/vhrf/739KWNnQWi4YvsJVhWSrWJFXzcdthVf20l sBITW6h0v/syzfadjtHjD95mo2QXoPAgnfneXMjNiueBOrlqs7AN7pxoqEAJ8l/2fNmXyms rBHZGMn0XX8XLeteRmeOcxA+D0bV8uZVD7TxQH5U7JxO1T+cl1dMxzbUA7E+0jzNuQoGP6f 2E+CMi77XJ2G17+eq/jSQ==
X-Spam-FlagNO
UI-OutboundReportnotjunk:1;M01:P0:bSSx29HVN24=;lSuFYftB9CzJjHbctgOqDjMJjAq 5dVwxVAXBWxzd5KXvy77dczpbFf6f8MqyhRZd8AF4RBUixEQi5E/+oZ7qIoDNHNF8qiJHdZmN xATk5pF75tpM/iYXvQT+BHiIN0fgjOxerf4qmFblh/0y/SPQm0mTma+EUuFMNS2Hf6tr1To60 oAmPEAr1YJKEHXDmqtXR5WNTfdk3AYhShBO/d32A/0FpDCC3DrGM2kYbIdZF+/SZhHOkiQDsF R+KaL4aRWZt+lsmd2TrYgwjGjoW9S5q1b+oFlauepQtVaGJEQ3LE1PeQyfJFP1qQpuBp87PhP 9t1QnDFUjLfpePgMC/rc5J8fZ/LceBNTFtRn+QIYncc+QWsgIEp85zV0BS6XM0eJVXAj4k7Cv wydBCOkcKuUjqpqokG3N5A3H0GoQOW4iKHBseSzad4HOI6exmK4yw5jzcL66M47FIN3GeeqJk aOPIiI+1zz36lX6aeLmhijCE3/AfRj6Nefzr+EKVql28pm34Zo5lsTPkHTLMAZ4+NxF1f2iKr 2j9PtZeNBWzrKrIarKJGTBnC/DzcVNmo+kMcbuyDFVEPWaQBrg2kjMK0pZGvW3DGHYcnOch2e 2JXqyGp/zXf08Ga5xs9uarAkI8CA8/lwtWdByEGXsw9poZbP7LSnE0A0Ybm4T8dP4cPPn2e1z 943O8wdc5V4FNoO/3vgQZ06S+ac/4hZv1fyEX4VJKgvvlU0w7WV8kHoJ6tky0lNn0sl3t/uiM iHWeIyHZtZg5BvZ4V30YmqNJs5JOT3mqsK7Q8P68+iNF0/nccSNEf4AugtYKZr6uz9LTidwOe HitjTLh6GtaIcax3k2yXoXSeWnWZCvD+VVslFjTb8brFRFndrv0BeUT43a+XWf8b9JEevsoJg hyGiHfqCYQceucVDkr83m0zy3MPg25438hNpAeg64BeLL+meQygzEuygMQmE79QMNvzLW7Z5Y Eqavg0RnOBHOSe/tPCRPphI1BzI=
Return-Pathiinstall@integrityinstallationsinc.com
X-MS-Exchange-Organization-ExpirationStartTime23 Jan 2024 23:25:20.9290 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id 62e5d125-6758-4f08-f187-08dc1c6a9147
X-EOPAttributedMessage0
X-EOPTenantAttributedMessagefa246a9e-8fe0-4eed-9eec-93652a25c4ee:0
X-MS-Exchange-Organization-MessageDirectionalityIncoming
X-MS-PublicTrafficTypeEmail
X-MS-TrafficTypeDiagnostic CY4PEPF0000E9D9:EE_|SJ0PR10MB5859:EE_|SJ0PR10MB4718:EE_
X-MS-Exchange-Organization-AuthSource CY4PEPF0000E9D9.namprd05.prod.outlook.com
X-MS-Exchange-Organization-AuthAsAnonymous
X-MS-Office365-Filtering-Correlation-Id62e5d125-6758-4f08-f187-08dc1c6a9147
X-MS-Exchange-AtpMessagePropertiesSA|SL
X-MS-Exchange-Organization-SCL1
X-Microsoft-AntispamBCL:0;
X-Forefront-Antispam-Report CIP:74.208.4.197;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mout.perfora.net;PTR:mout.perfora.net;CAT:NONE;SFS:(13230031)(4636009)(84610400002)(532800001)(451199024)(7636003)(356005)(6916009)(7596003)(8676002)(1096003)(83380400001)(33964004)(108616005)(24736004)(2616005)(956004)(58800400005)(36756003)(5660300002)(22186003)(26005)(86362001)(66574015)(336012)(10800299003);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime23 Jan 2024 23:25:18.9758 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id62e5d125-6758-4f08-f187-08dc1c6a9147
X-MS-Exchange-CrossTenant-Idfa246a9e-8fe0-4eed-9eec-93652a25c4ee
X-MS-Exchange-CrossTenant-AuthSource CY4PEPF0000E9D9.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAsAnonymous
X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
X-MS-Exchange-Transport-CrossTenantHeadersStampedSJ0PR10MB5859
X-MS-Exchange-Transport-EndToEndLatency00:00:09.4100920
X-MS-Exchange-Processed-By-BccFoldering15.20.7202.035
Importancehigh
X-Priority1
X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420123);
X-Microsoft-Antispam-Message-Info B0SNNpPmVRN/NCXPkLhfDBjRWaWWmoqcvi/z0Ph0V6dmjmaf+T+oVazw34oW5YNTfiQIHQnzsPdPVwyFM1Vtr4VQ3CZ1NXcZuggJrGnvB6VD033PSoA7Yq03qr/XSnhTmRkL/WaUGpOtkQ1UriilJBGYWQIu7NtA/XSdS4rJH6Aw9roNhhaRT5Xt9x00cUcD9XnIStWPPSwWgGCSgTz7747RHKMaZwyEw3/eqPhkAOHh7WQBxEftim0Gg2I0BIJcirAZYPGKvEjyoY9mXwM4AJw+8L6WevBX0Csch3nat+pS7JMSv85FRNZuPzAQWSNIERpPtR+/kjKUCe5o6AOvPu/nqDlALk0zyF5ZMX7JDvempUYYof0XCaiMkRhGPJDO7DbhMvw/+NT6QRNH+Mse6q3hEsIgjxszsaDgsfvKVEVWjKeq7WT879uooHnfU0pglZizBNnm08moFAxrsuQ/eV0jKYOirNapKsmWRXgi6XjVwnhDXuBdqEL4KtMN1HHIyfpju8OF3a5CSuH0b46wl33FddgrKYKdmCyBBodsXZZES64aCGiRM5XoW2mAN6RA+nZoJNyAQ2z8fy4j0PU53y1uz8UcG0kdP1oUFmzNhTMLeX7+qikQsc444Ce4+33WrFkKiwgvEVP66lIAIybYADsbpKvvzb4/81ehS4gBoKwICZb+Q26SGLbiEd/FZaQqBleItsCr03QyAeoAD0xzpUFhwYVhDBLRLLDqpTUUfwphpPakrPu42W/ts1WA6kKivp151hee5fF+/IhE9fDOQ7sjsXAoxrMyqBB5/g+WnvOebYLctQLUDXU3daiUmb/ggKRADb6Gx4OJzlE+UGbNnJppQC8Nc14BYIhgBT8+nb2MFPRdQJd1gGS7lOA39MY3oXG7Q2joQCDJnsfvKzAVYezuCfO3CeVfs8tW4kpMphqosWWhnA8RyewKK7eZWsVmDsfKNnn2kAigIJZpjPfw4LyCgWrRuMDRxUzoBYfYrCAePXl3OgwYT+WmleU8bNJ3x06Ya7JUX99jwdjAuU/USoMd7M+4F8EJiaJGg+g5ldqziKhIneG4+pEuT+aNyyh3ED1vyPcd0nsbAhKpwTYMtFnd0Lo2+AvUjqOIX1p9xSGGScT81qj917PQhqhNM/T9i7f9YD3+7o5SSppTXiFx8k8Wt1AZiBmz6vvlpf6NTtzGy5xYURVWq3MJr7xGlesqbqYtFGO/jdZzixKHRMiSwViw/h10rKcUwvCIDdjj0T0NB3xJt+bk9eyc0gP+FHbJd8uawkeu09aGFcKXDu7ZBW4a9arM0VgSoQAY+Q03ezViDWOJoDH4c6iiKwBT7lx9RhULDh9J9qS3hdQ2PvJe+JwAEZOw1/vj9dzIr64//VYzKdnosntN5+S6t147dJOh6OHxnkhSJTnCBjmQEg4kL4aF3HIplKwZvI2zJXXkaa6A4NaeH4scsTBaGl6fG4nm2QTJePi+FanvHcO6kaeW3NRJvI5XElol0SV6/Zp25YPCp7TN9mf7faME+I8+CpZV8A+VBG2fZZQFPUny6SouLgPyFbc/WOeYxOUZnPyYJQg9ySOlsFsDklidCWw/1S8VPVN4yWTkdBt0rvwVdxn5FQtvCipS3g03skEoQoW33ULEbnRtVHbwQ0lFKc8XtxvNmRaL32zdnBK0LPWuxtA7U/9/v2GOnnarsxv21Fy2vk1IYg1iAB322Dkk9NH6ls5jutMBMCnpwIAa0gCZ/1xkBn8LquwXqNfIu2n6nkV3UenWvS22dk7Sy8GlvoiR0kEU9O1Za0cJIcwUXCaZE1kJ0MSePi8D1nVrTHIzonadLsJIfIJgY+ywZwJdojjMUeUGuF977saEd80i7QhdbXTiTbjCf4xMGDARI6TzF4WoldngoeF4hs/H+Gl3yQF21W6QyAjPULENFdSgClMzdGQPg/QMMKnp3zf44qkD58BFhGTQo/kVFVkQUG1jLEBc3qPgkn0BXun1sxKFzEVyGbreWg==
MIME-Version1.0

File Icon

Icon Hash:46070c0a8e0c67d6