Windows
Analysis Report
original (4).eml
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 7088 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\orig inal (4).e ml" MD5: 91A5292942864110ED734005B7E005C0) ai.exe (PID: 6188 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "F55 DD613-07E0 -4AE6-A9B2 -79F0899F1 3CA" "BCD5 EDE6-6BFC- 4E13-8260- 2F0A1610AC 00" "7088" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) OUTLOOK.EXE (PID: 2304 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\Ap pData\Loca l\Microsof t\Windows\ INetCache\ Content.Ou tlook\QZLV AUO3\phish _alert_sp2 _2.0.0.0.e ml" MD5: 91A5292942864110ED734005B7E005C0) EXCEL.EXE (PID: 6708 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\EXCEL .EXE" /Emb edding MD5: 4A871771235598812032C822E6F68F19) EXCEL.EXE (PID: 5732 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\Offi ce16\EXCEL .EXE" "C:\ Users\user \AppData\L ocal\Micro soft\Windo ws\INetCac he\Content .Outlook\Q ZLVAUO3\15 3 - NM Wes t Area Ops Full Spre adsheet.xl sx" MD5: 4A871771235598812032C822E6F68F19) EXCEL.EXE (PID: 6476 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\Offi ce16\EXCEL .EXE" /Emb edding MD5: 4A871771235598812032C822E6F68F19)
- cleanup
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
Source: | Author: X__Junior (Nextron Systems): |
Click to jump to signature section
Source: | File opened: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Window created: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File read: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Persistence and Installation Behavior |
---|
Source: | LLM: |
Source: | Section loaded: |
Source: | Key value created or modified: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Clipboard Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Process Injection | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Extra Window Memory Injection | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
52.182.143.209 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.109.28.47 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.109.32.97 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
2.19.126.160 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
52.109.89.119 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
20.189.173.3 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
184.28.90.27 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
199.232.210.172 | bg.microsoft.map.fastly.net | United States | 54113 | FASTLYUS | false | |
13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467269 |
Start date and time: | 2024-07-03 23:50:17 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | original (4).eml |
Detection: | MAL |
Classification: | mal48.evad.winEML@11/34@0/76 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 52.109.32.97
- Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, europe.configsvc1.live.com.akadns.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetValueKey calls found.
- Timeout during stream target processing, analysis might miss dynamic analysis data
- VT rate limit hit for: original (4).eml
Input | Output |
---|---|
URL: e-Mail Model: gpt-4o | ```json{ "riskscore": 9, "brand_impersonated": "Microsoft", "reasons": "The email impersonates Microsoft, a well-known brand, by using their logo and mentioning 'Microsoft account'. The sender's email address (no-reply@microsoft.com) appears legitimate, but the presence of a suspicious link (http://www.micros0ft.com) that mimics the official Microsoft URL is a strong indicator of phishing. The subject line 'Microsoft account unusual sign-in activity' creates a sense of urgency, which is a common phishing tactic. The email body uses social engineering techniques by warning about 'unusual sign-in activity' and urging the recipient to 'review recent activity' by clicking on the deceptive link."} |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 3.4598049346798283 |
Encrypted: | false |
SSDEEP: | |
MD5: | 08A8FA7F0F594F72337BD4E4EF01741B |
SHA1: | 443F630416E2AC3A2C078F74FAFCB581684523B3 |
SHA-256: | 31E2FAD2D692679871AED56FBF00B37A9D3B28A59FBDC8DCAFB735913AFAB99F |
SHA-512: | BC0E2925E5511C4827FC2FECDF786E07EA07FE7A7E0A6622536DBFDC9DF997E08AECA668CB7BC3088B7D345BE4316CD9BF7980A52A774538AE5FDFD43664F15E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.378229367947115 |
Encrypted: | false |
SSDEEP: | |
MD5: | 39F699299601F23E5001935197C5A42B |
SHA1: | F4AB1C1A4E9FA68E03793BB9CEB13B0340B38E78 |
SHA-256: | F5E178FB5AA811B5035B8D1F7C1DCDA97F2B2F9731FB22AE8A7CC7BD39487526 |
SHA-512: | EF8057A326D60803EF472D31D712DF796C12F0B467106D4396B7FADA27C67779C9E77D046EF197423079E47C8E5B66B0088C7DF1EB8CC63203A3E8961FF09217 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.4464393446710155 |
Encrypted: | false |
SSDEEP: | |
MD5: | B1B7362E5A390C3F9F55A51F032F2C16 |
SHA1: | 51A69B8F64AFFD67468816953C8DFD0547660CB0 |
SHA-256: | D6D7B81FD06A6CF92E6A9F594DEF60A10393BC31E7F6111599186BB5B63F1962 |
SHA-512: | CD59901F5B3709B8EF7D9F1B4789F656A82CABAACFC6CE933985C4A4890E44EA19F67167E359A68400BE0E87A7C8062CADA4DC0C988763C1704749A92D2BADC3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6DE6B2D2-1137-4FD2-973D-0F974698284B
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 174490 |
Entropy (8bit): | 5.289613816461032 |
Encrypted: | false |
SSDEEP: | |
MD5: | 717C5A81A42883ED64E6EECB92C69706 |
SHA1: | C513C4EEA4E2E1576950C00C2E871800A989D735 |
SHA-256: | AC4D6681D6FEC1B3B4AA7A56828C82C3578CBE1FA1FBCC9A305FB30F63960755 |
SHA-512: | 2CD28EC3C511869BD318975CB04A0EF1C4E24914C646942715BB95050718AA6112CC0A7A8275202BA04E57074605939047D691352D983EBBC3B30EC48B48F583 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.13760166725504608 |
Encrypted: | false |
SSDEEP: | |
MD5: | F3E684AAC7B2A7036DF0A83648E51D10 |
SHA1: | E8E7FE219ACFF7AEF204DAA6B1E495E8C847DC9F |
SHA-256: | 5C7FA15824A42E10BE53FD39B63062EE4B8339E0CD0DB5DFD7079F3AFCB2AA79 |
SHA-512: | F4B3BBBE8A6B8F3DB36F89C719C3B447CC18BF6BF456F42B92F18CE40CA8CEC46880915862E0AD8B577779CDFE8CA4ED14F8A8F437CAAF8A911F6E9C9FE68AAE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04474441261042196 |
Encrypted: | false |
SSDEEP: | |
MD5: | B7615F883C03E6745760A1117ED2E067 |
SHA1: | A8FC4F22F9B9EA7893775228303DEE981DCA9EBE |
SHA-256: | 92DC9AEBEB36158822B4C35D880042040CDBFE402C13A424053F08D152390549 |
SHA-512: | 04F88F7DFDBACF7E45886F016BB6207DD6CB70DD1D2E125486DC53BE990AEAC960F10D0FA60CF497AF4F6F0B943550370DEDDC50B735C408D9EF321487422AB8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 45352 |
Entropy (8bit): | 0.3938497083295384 |
Encrypted: | false |
SSDEEP: | |
MD5: | F1DD3A1546BDE7299351254E3E7580F3 |
SHA1: | 1DA84E9E8BC4C3E0F5990D41145D323E396F3CDA |
SHA-256: | B4A09791077BED0C862696EBBD31C226E097739BDF3A8E1691C9BB42467ABF97 |
SHA-512: | 72B988620CD2FA0284F316F6EEDBB9B324FD0B6077F26EB619301433379E893F70BB11DC1268B93DE4AF35B023CD5F3579009EA35EE1F596AD21F543EEE68981 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\153 - NM West Area Ops Full Spreadsheet (002).xlsx
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 27915 |
Entropy (8bit): | 7.55589672117112 |
Encrypted: | false |
SSDEEP: | |
MD5: | FD785269440ED948CD2C0415A0A19DE3 |
SHA1: | FAF9977120AD5364251CC2A27E7AB2789CDBA90F |
SHA-256: | 33D3D81BBDFD2A888AFF21AEA9FB51D3548772198437ADC73D66ED3B1EB3248F |
SHA-512: | 8100166A5CC0610FC5420DF5389B576EFD41972932BBE3A98C071644D25C21034502641240A4FA2332BC018554B842277B246CC63EFCF58C27806A9523F5116A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\153 - NM West Area Ops Full Spreadsheet (002).xlsx:Zone.Identifier (copy)
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | AEC934A1571CB84FD908C4E033EE5A59 |
SHA1: | FB23CE0635DA5EE56AC450C892CDED681827517A |
SHA-256: | F08C3A3D1353FBEC8C5E065AB64E3ABECF8C423C7F2286FE0307E6D181A86C52 |
SHA-512: | BBA8B04F8661D0A3A66A04404BFA5420025B4705802D7C18D0FA767DCA0AF9523D6C7768DB51FFF7054911825BA2AC25623E41165B02C088AA98C5942135CC41 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\phish_alert_sp2_2.0.0.0.eml
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 44562 |
Entropy (8bit): | 5.983309753673011 |
Encrypted: | false |
SSDEEP: | |
MD5: | AEC934A1571CB84FD908C4E033EE5A59 |
SHA1: | FB23CE0635DA5EE56AC450C892CDED681827517A |
SHA-256: | F08C3A3D1353FBEC8C5E065AB64E3ABECF8C423C7F2286FE0307E6D181A86C52 |
SHA-512: | BBA8B04F8661D0A3A66A04404BFA5420025B4705802D7C18D0FA767DCA0AF9523D6C7768DB51FFF7054911825BA2AC25623E41165B02C088AA98C5942135CC41 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\phish_alert_sp2_2.0.0.0.eml:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\QZLVAUO3\~$153 - NM West Area Ops Full Spreadsheet.xlsx
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.3520167401771568 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9AC4D67F6E514F452D4A1DB79CE3B2E8 |
SHA1: | 33F8C665ECBB81275D2E49D48F2565A58A282043 |
SHA-256: | 407E1D871964C93DBDBD4D00613CD0A9E30D3ED6352D8052C58E7A252D52FC5A |
SHA-512: | 018D0F54AB0AB01F27E9FB870A128F2F581A58487399DD7FB56A94EC4AAEC6874708A5AD5650F362485E45E2C6A557ED08524C5B8335F83F240E0962281A0F1A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 185 |
Entropy (8bit): | 5.520300612295114 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5B3FD82E8F0623A41E9FC98E864E43FB |
SHA1: | EFA0D365644C3116601FC94BF1BFB08DEB0EF038 |
SHA-256: | 71FCF15F0075A0137988F6676C0DA61A31CFE0C131DD4472662DD5DA1501C412 |
SHA-512: | F748F89841A9EEFBBB4946DA6725FFCAB283A70017DD1B19E0FE95DF722BBC90D99587D48245D18559DEB641A457587F32BD3A66190A2EF87BAE9B16FE03AC30 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.09216609452072291 |
Encrypted: | false |
SSDEEP: | |
MD5: | F138A66469C10D5761C6CBB36F2163C3 |
SHA1: | EEA136206474280549586923B7A4A3C6D5DB1E25 |
SHA-256: | C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6 |
SHA-512: | 9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db-journal
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.1370048545379396 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6B18ACBE828F3DA1BC8BAC1637B69EB9 |
SHA1: | CD5CCFDBA234A8BDF938AACAF694E53B531F16E0 |
SHA-256: | 174560F4164379B3345A89A70946AF14FBA18625AF03B8D1F39D72EB33202204 |
SHA-512: | 009840C6A0290ADAFDF4DF2EACC99FCAA30983384F39AEFEF307293227BEF26F6EE2A9C88A8D3E1424F42F5894ADE87BC28AD99B8B47CA7BBBC26670DA1E4805 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db-shm
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04495055541749482 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2707437D83F0D7DC1C12665CD1E22888 |
SHA1: | 682BB80B427CA4B006B68E22B37B1916D36BA9D3 |
SHA-256: | E7198CE3ED9AC0E7B7C9E7ABD75307061F067994C96EF6D23B85B977057C4FCC |
SHA-512: | 7ED2D9BBD3EA5AE4500EF72FF2E323C200BD59D1DA3D4C345086B95B11A60AA45893E894427AB40CF4F5AC884732CB6284DC0C8C30EE82DFC0B783ABE688A816 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Microsoft\Office\OTele\excel.exe.db-wal
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 45352 |
Entropy (8bit): | 0.3939717433362132 |
Encrypted: | false |
SSDEEP: | |
MD5: | 89B0F9EDC74541C589F7E7C0FCD07F34 |
SHA1: | AA35556B9D0AD6BD297B8F2AE59DCD822D553F6C |
SHA-256: | 34BA2F1EECFE216FCBE9F02D6654F672111B36F2E1B427029A7448C0B373F366 |
SHA-512: | EBDA9F0AE6844003B7484DAA6BD35C20D69E1242A02EC46633FEFB2A04729CF52CF4705673E3D6D69B93D21BF980AA80AF2F439C84B2DD2AF7A65B40064BC4D7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_10c3\AC\Temp\Diagnostics\EXCEL\App1720043457776199400_0F62FBFF-425F-4B2B-A5BD-9B1B92FC4C81.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.014124448290412582 |
Encrypted: | false |
SSDEEP: | |
MD5: | 21CF25F4387BF392D978CDB087E187FD |
SHA1: | 873DD2BA420268BC15358A4CE3B3D783D6C2FA72 |
SHA-256: | AE0A979B793B07A0A2B47D124827BBDE2C4008409E9B3EDBDD412245F86E4326 |
SHA-512: | 8ED0D515A8F878DFAA929A725D8E0B5C5B079E2C1DB660C505D1D9DE90C267BBEFBD7DDC17BBF8B83F05B042CC83FF914991662FB3D24B9FB312E2AD4536F707 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\1380790193167760279.C4
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | BB7DF04E1B0A2570657527A7E108AE23 |
SHA1: | 5188431849B4613152FD7BDBA6A3FF0A4FD6424B |
SHA-256: | C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479 |
SHA-512: | 768007E06B0CD9E62D50F458B9435C6DDA0A6D272F0B15550F97C478394B743331C3A9C9236E09AB5B9CB3B423B2320A5D66EB3C7068DB9EA37891CA40E47012 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 185 |
Entropy (8bit): | 5.550622993238015 |
Encrypted: | false |
SSDEEP: | |
MD5: | 773ACC7B281ECEFFD0D0B1168A7E56C4 |
SHA1: | 250BA8BAA120095CC50AF7B2917C2B18A5737A96 |
SHA-256: | 30B43273DD0D00BF09ACCECE2E01B915910793318A254446FD290FA3208A4F85 |
SHA-512: | 8D672435F371B4E7A1BB8858F764658F27E3424C1EB27ABCC85C65703BA4B20871335744C0A5263B2AC34A5A17B1B2F221C86AA4306E8DE9BE38A128087E0EC3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Temp\Diagnostics\EXCEL\App1720043461978768000_7901C45E-FEF4-45AA-96D3-8FC7FA867CA5.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.011773730159190698 |
Encrypted: | false |
SSDEEP: | |
MD5: | FDC208F43873CD68599BF00F51B5AEEF |
SHA1: | A8617866C751CD7087F2CA82FFD458DAF73FEB2C |
SHA-256: | 3C7290E1DF5A050A091D9AF2F4709ED42B48C2EE74C6E146980C6F5A72703429 |
SHA-512: | 5BCA4CF434FF18CE69BD91AFD4381DC7FB6430095C7E96AAE58E5E66419DAA162C231133140A21AFC68D6E26195DAC4784E4973DA4292183FA081E29AD694A9C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_19a\AC\Temp\Diagnostics\EXCEL\App1720043461980990400_7901C45E-FEF4-45AA-96D3-8FC7FA867CA5.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3220 |
Entropy (8bit): | 4.593222552542455 |
Encrypted: | false |
SSDEEP: | |
MD5: | B0200E32EB6C4531789F8A49621221F7 |
SHA1: | 0411D9AE1BD9E4536CB3C9C94F28709A10E703AB |
SHA-256: | E5B2441094CDA5DFEF41A21446BEFA1BFF505061BE2FF51D11F366F68E7C0E76 |
SHA-512: | 8C5ACCE0EF791229341A104C8BFBEC628F2E4B3046A6A6829FDD698256B7F0610CDDCDF9B875C2E82546D4819C8DAA91195EE27DF79DE19A8AAAF44B666EFC0E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720043443196736200_7AB9C2C0-9FA7-4FE4-B8ED-443E982C27DF.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.004821954036269073 |
Encrypted: | false |
SSDEEP: | |
MD5: | 33A3210D83706BD8C100CFBE4A43E032 |
SHA1: | 1559DFF9B0CFD66E55EEF9EFF394CA2670441298 |
SHA-256: | FAFFEDDD2178E5A5C7C269152C29A05903400D8F053860D03849D83B7C2D974F |
SHA-512: | C7606B9E7FCF03DBAB936A9FF9A7DB6FA123D8927D3D3104C86A8630946B10F5F50A3484D8C07FFA0F3896FD18EBB4207F8010260522665B4BA9D439506B31A2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1750430023-7088.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 147456 |
Entropy (8bit): | 4.694943107681102 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7F779D2041D6ECAC13712BB49FC304B5 |
SHA1: | 1D72EF55E07D330F433A34D793E1C57C794EF024 |
SHA-256: | 1109590DF655233174E9E0E6ED687EDA9AB8071D78E6769A31815E17BB0B1AA0 |
SHA-512: | CB6CC94E192A2E056F3E9943ED06881FF210DF1CA8C0F14C2F446C998167029650638182DFC7786ECD061A8B7B2693F517CCDC2E6FDC44DD904872000DBF2B2F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1750540022-2304.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 3.530861727354809 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8BBA6CB7956E804A554147BDF0749A22 |
SHA1: | 7DA20739F1E11D41811C3A1CF6E83279CE1F29C0 |
SHA-256: | B9C35CB97972DF100359AC3A18F0281BD17129592FEB966256565C09776B611C |
SHA-512: | 10BFD0B70F9EE0D62042FC00262B1BBA7D82D292E902713EDDD8A5605B9A15A0C51894FA05F3BF0851FE7E8F031CB2C1CC5DC5354AE3F0BCFFEE7EF8AB8B9CF2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 36864 |
Entropy (8bit): | 1.5264956367549396 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1CD05557DD06CFFBC7824D95212B288A |
SHA1: | CB0E891F11F78045CD93B4983D3BD0998C9F2093 |
SHA-256: | 56877531FF9AB98D753018833DF01F60137914177F61CC657DE230303DD5AA1B |
SHA-512: | 2706DB39A24B0549652F33FC8E9FD09AB21DA02259A4F5F70BB4EDBD4AB94B6A4C101E0B3661A6BA1FE5EBFBFC01CD914DFE734E521C97C75C4A75CE9D0F8AE8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.0090508457723568 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8E25FA50277CC16E296E9464B6927642 |
SHA1: | 471D80F6983D0563A3CC2CA89318DCF5FE6C30E5 |
SHA-256: | 1C941A727607667F46FF604F366E2A5CA9EA2DFEBA6F2B3E55FDE617010A8F7D |
SHA-512: | E2E79A2F35B93B28CFF3314B19B07F5A7FB2C779315CE6E390F76ED2AD862E3B1BA534AE7675ABF8C2F534BE10608C1EA1C97F30D58F41C54C156F5BD085DAC5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10428 |
Entropy (8bit): | 3.4749078737523647 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C450D975CBC8CA313F31FA37BB94951 |
SHA1: | 9C0017EFF2DA8ED58B7438A9C5723275FAD4DEDC |
SHA-256: | 61B56BA8B92D130E4CCB7A1DC6468E5B39184A702C5C97361A70FEC3AF7B8920 |
SHA-512: | 7DEC1EFD32D345856FA0AED6569EF031172A476CBBA107839D3100A859FB2652C7010DECE311743B731B6A68FCD50950F3DEC9758A2CC99C829AE55CF68D2F8C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5C450D975CBC8CA313F31FA37BB94951 |
SHA1: | 9C0017EFF2DA8ED58B7438A9C5723275FAD4DEDC |
SHA-256: | 61B56BA8B92D130E4CCB7A1DC6468E5B39184A702C5C97361A70FEC3AF7B8920 |
SHA-512: | 7DEC1EFD32D345856FA0AED6569EF031172A476CBBA107839D3100A859FB2652C7010DECE311743B731B6A68FCD50950F3DEC9758A2CC99C829AE55CF68D2F8C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0FB1065889D80A8D6CFDC1DF8D0256C1 |
SHA1: | 49A009680D33B7D2C33DE5A1F1C3631C5113E362 |
SHA-256: | 31BB20CBE16A58BCE01C6C2919DAA4FEF2C779DDAAF97422ADD6C71EEDB69248 |
SHA-512: | 5A7A70A215F8D37D87268040AE30E81D1B1DD9352D6BF79BBBFA5146D4EFFCF5965C50FB70433524C18BAAEAFBD76FFCAF84ABDD99C5E2552C3F91305B4D936D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.6697504293272222 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2763D852A6585B39E62D15B52F17287E |
SHA1: | 4E7AE9FCCF91AAD72E0BADADD3E19A4D7F33B15F |
SHA-256: | B12664F762DD7B6D25CC5EEEC287CCD0041ADC5900A9556194783595C8DFDC2D |
SHA-512: | 5488E1065DC189AF40696E7E7B58EFA25C938F611F43F1D0FE780AC1805F21A08180E473A839F40673050F0B5A201CD80D6456B192787122C4051F00CCFBF9D8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 2.699513850319966 |
Encrypted: | false |
SSDEEP: | |
MD5: | C5A12EA2F9C2D2A79155C1BC161C350C |
SHA1: | 75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A |
SHA-256: | 61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D |
SHA-512: | B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 4.900123313642019 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1D9147E7D569FAB2570159CBAB3BB5C9 |
SHA1: | 9543D742DB045D941F7BA530035876E3AB228BFA |
SHA-256: | 1873A4F8AEF5042F38F1505E1CD344C2F748B46A9013710D78067BA0E75F2C7B |
SHA-512: | 649EE0B126D4F1658E93D526E1CFA30FC1B1DC957B5A73BA31577AD19B58A61FC4174D8BB4570417E64B82932DA686DCC3CDD50687EE931029C039A9FB7B2E74 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 262144 |
Entropy (8bit): | 4.350763196287537 |
Encrypted: | false |
SSDEEP: | |
MD5: | 78F938BE0AF4B14D717E68D6233787ED |
SHA1: | 810DB9A4AAB8DBA5781C6E774A181AE3F75301CE |
SHA-256: | BEDF61328B895C72BCD63B1D6A115EFC9DF1FB9E77B8788CC794A2A33981BF1D |
SHA-512: | AF8135A68BF4F925D973C9BB9A1775413FDE094D83FA9BC9548A44936B11EAFBFD59AF9B2C8C69848DACF27C53F4E6675DD53315F8A35800FBCA625C31393EE6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 5.8895169326021986 |
TrID: |
|
File name: | original (4).eml |
File size: | 73'719 bytes |
MD5: | d2fb95f225e6ad1dadc78d4ea90564af |
SHA1: | 8383b91cc1cbdb706e18b70b1b2e05ed9b676385 |
SHA256: | cf01d5eb6cb4d70791a43ace6f33cc9a6a8e7cceef6177fdf54ae023bb299174 |
SHA512: | 1ca133043928a52c36d94ddea3d4eb4a3f1d3d039e6e7aae529f6cee210549878919a6e8ec85d070ee061cab261ccc063e19ffc929f183278f453c97fd32efb8 |
SSDEEP: | 1536:iQAwlqy7Cea1KdExKBOwc+1pOpXHQ0qR2XKIQMc+ojmPYrQcdNsD:iQAC4YciEpXiWKIQ9+mi8QSm |
TLSH: | DB73D0030B0536C1D3126A3FD446B90B9EB65F85C967A1CCB1A7784FEADFC78185129A |
File Content Preview: | Return-Path: <Isaacl@plateautel.com>..Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2113.outbound.protection.outlook.com [40.107.244.113]).. by inbound-smtp.us-east-1.amazonaws.com with SMTP id vs98bodf65stk6flohmeencjsc1asm |
Subject: | [Phish Alert] West Area - Premium Pay Spreadsheet |
From: | Isaac Lovato <Isaacl@plateautel.com> |
To: | "9f39fdb7-5601-4ea7-9716-c172e4198525@phisher.knowbe4.com" <9f39fdb7-5601-4ea7-9716-c172e4198525@phisher.knowbe4.com> |
Cc: | |
BCC: | |
Date: | Wed, 03 Jul 2024 21:23:56 +0000 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Return-Path | <Isaacl@plateautel.com> |
Received | from SA0PR15MB3871.namprd15.prod.outlook.com ([fe80::470d:b22f:8052:cc8]) by SA0PR15MB3871.namprd15.prod.outlook.com ([fe80::470d:b22f:8052:cc8%3]) with mapi id 15.20.7741.017; Wed, 3 Jul 2024 21:23:57 +0000 |
Received-SPF | pass (spfCheck: domain of plateautel.com designates 40.107.244.113 as permitted sender) client-ip=40.107.244.113; envelope-from=Isaacl@plateautel.com; helo=NAM12-MW2-obe.outbound.protection.outlook.com; |
Authentication-Results | amazonses.com; spf=pass (spfCheck: domain of plateautel.com designates 40.107.244.113 as permitted sender) client-ip=40.107.244.113; envelope-from=Isaacl@plateautel.com; helo=NAM12-MW2-obe.outbound.protection.outlook.com; dkim=pass header.i=@plateautel.com; dmarc=pass header.from=plateautel.com; |
X-SES-RECEIPT | AEFBQUFBQUFBQUFFZHQyTit2QkRjc3VLakg4YTNja0FFc2RwKzJvWGN6RXhlUWpjRCtTSlVLYUFjcE5hZytUL0V5YXhGa0Nnd2UrVFRVUjR3VkFkRXBwM3ZQYkl2dEM2NmJURVFGRFBZN0M2YUY1U3BEcERkaTl0cU53RmpvOWYwV0ZYdFBQRTVyTUZBbE5mMFJjbGRMNGxHL0J5RkN3T08vaW1rWk9QczZzVFk2SWV0NUNaVHZSRTQrdnRreUIzQTRiZG5ORWRSVUtqZTJYb2tsdytkUXNFc0RMZHliQWltWnlYeWV3UzNwMVo1WUdxU1gzSk0zVkx0Q0EzenNGQkhsS09EcUJLem1zWVNuWmZmblplMjkvdWhaTksvWWNOLzRMZTlwY1JybC9DUGRDeVROejVKNmc9PQ== |
X-SES-DKIM-SIGNATURE | a=rsa-sha256; q=dns/txt; b=TURiveyRpx2VAarK2caUFdjYmzchbsePA1mYsFRqiGukik2sg2gY1LErYy/TBzE2zBZ60aGu7JhRWb4sU8ZID0q+AAVTRBUTo7kQJfu5ZbJLiHa2fufRfWmlmOhrgsxs5VDHhBCUuMKXlxaRSK869xNUOZZssN0fSeVYsZZogMg=; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1720041842; v=1; bh=/jqvZDC8HqVcqMtDbdF0t4M0k460Uj4xY0Z2SOhmQm0=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT; |
ARC-Seal | i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QBS60TvG8bi/WyR7mDcPMlNztji4hhQg15SXGbZ7H8rBTmDofILtbLg3qmZc0JiVLjAj1QzlOT7a9JiJIu4/6frIuJf9QCBosg9C9D8OITT6PzXp3IG8OXidU6V6Y/XJah562nRAz9q+N+O+UAKbxbIfO/E+JTJNNp9CDMsXHpgU3f4+hIcWh4nL0O6D2IscmNDQ7rIH/v56teCeH9pHdL+njwlUoPRnXyTtz5lNxuJFitSSSNI0YZG7BebPgqKXzAICS4wTLIZ3LQV8vR1OHc+e1DQRnUjvlmg2y7xG7JRUrhxZdH9WwW44Y7P+k8WaEDait7E0ztQXydE9WaVV5g== |
ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aF3G1Z9/NPEYuEQoFI7fRHStV1DOmJ3IH4lKmBx0Gfk=; b=BjswuPjBOyb8mJ0Qx2AXCEgl2U39+0LBv1CyPkHgOrQIu0e5FgbE7zwyJAG+eeTzmCcu82jhOGSmBjvV1yoWTGUqspilGn/CSGL7L/K78McGWc2zHxpfPaCbI0/NgVI2SepOMLaBenZyJIegalJ/e7uN0vk9zA4nb7NZHysmf67VyI4IFL1vOlL10vofkW7RQEZWA3HetpA24prTnZgynYfz98jr2xae/tsQoiOa0X7xeqT22N/NpATBXiEVj+Sc4PBN3uVTen2JO1i8VVPZPPAmg9XFiRz53e9K+uo5Yn7Oud4gbCfYeBBC7Uym4bIToEnLw3dMmtDx8GZMzU6azA== |
ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=plateautel.com; dmarc=pass action=none header.from=plateautel.com; dkim=pass header.d=plateautel.com; arc=none |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=plateautel.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aF3G1Z9/NPEYuEQoFI7fRHStV1DOmJ3IH4lKmBx0Gfk=; b=b2vqEIquXy58IQsGL6gtSCB0WycjDIuQ+kn6fuKNOXy29sNePz/SRMuGnDTQesqA27G+PhCdmhLmtBnH+v2PBXjmdkXIqVaphnE69Mskz3c0f7QMJs0OzRrjtNvdmiscJWZf897X3mRKbPal8LHwDNRXvQYEnninhVcioHxMZkI= |
From | Isaac Lovato <Isaacl@plateautel.com> |
To | "9f39fdb7-5601-4ea7-9716-c172e4198525@phisher.knowbe4.com" <9f39fdb7-5601-4ea7-9716-c172e4198525@phisher.knowbe4.com> |
Subject | [Phish Alert] West Area - Premium Pay Spreadsheet |
Thread-Topic | [Phish Alert] West Area - Premium Pay Spreadsheet |
Thread-Index | AQHazY9PMiuGueX8REemafuN0dj7lg== |
Date | Wed, 03 Jul 2024 21:23:56 +0000 |
Message-ID | <SA0PR15MB3871B8DA563E94A755D860F3A5DD2@SA0PR15MB3871.namprd15.prod.outlook.com> |
Accept-Language | en-US |
Content-Language | en-US |
X-MS-Has-Attach | yes |
X-MS-TNEF-Correlator | |
authentication-results | dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=plateautel.com; |
x-ms-publictraffictype | |
x-ms-traffictypediagnostic | SA0PR15MB3871:EE_|CH3PR15MB6450:EE_ |
x-ms-office365-filtering-correlation-id | 65281221-5b90-4bfc-a78b-08dc9ba672ac |
x-ms-exchange-senderadcheck | 1 |
x-ms-exchange-antispam-relay | 0 |
x-microsoft-antispam | BCL:0;ARA:13230040|376014|1800799024|366016|38070700018; |
x-microsoft-antispam-message-info | SUrhtE+iq/zD5F8Uke/JAZGKxmH831fxZ9zhkVPhFf8JTUxImiSz08IVNlI6kLcq4yZwrOT2TzsTOVu9nlkPv0zXtzrWbXbyS3gGq7tmrg3e4pSJr+3c0UXfcdnw08rH0F31EC15JNFpbjxiE0qbeQG/JvuyAkqNgx9ewk6pY/DphUmyWCDf8OC/1j2DepZqkvCzT8UQQ+eeMi2/lx95O6CMdmkC2JlTxVuQjEE7/7H3wDI9nx3HrOeVXBDgDnIXMFcdbhxh5C2r3UhwIf05exX+dPRzifHM/qRd7og4b55U7wUHMJ3yN7FKsx1979cKUIaSIsaySn/DRA7F9RsZKb2o4Fmnj7PfVIAbkUbhRdxgHZ17uQ8zEli1aCPQBNeyrS+Xh1Zc6PK1vFudfuOxmMkj0CRpH21Zg30sLbPKrnN1WOU183dMeAa/V3xRmA58L0XBMapsOyStwX4QutfMFWjB8ih46dIj3v59yYqE2QgYRGS2YMrJNSZCwCBchXBrANvtD7H7fjJ9GpmRRpIW8OJUc9grVneJKh5HNvhSQ7x5GR8h78vz+rPmd9yDf1yEN1WB7zNYInB+chJ2o1dCgVlYYn7450q0TFqfflO3yHNP6GrijrW53zY9ZKdMIvnZjqmhrqe2yBS/2OtYwR1LD/iGun1TGv9sk/kfeAdsYFiJO3IwQg+0bG/YxRCyQOkqpHflZxXaKXNfskSJaL24oqkIwxro4xi3OeJn4Fp2baHxqFFhFltIakAhcoQRcpqfmaSVSKqOvJHgCe1nyQNWN64FhY89Nx4L5cmyZ9R7UuZwNlPApgO6ZW83vjNd8wSs4qcSjsO9EXvg1/2tcC8QgyBhoOQk9RH+ZmA7STTMz34e4feqbC+yaJIn4askfnDw4h8IMS3QZPdEKYSBfHCZ7OtxbKEWfcz0gqn4Xkoyr6vtgGm59r1v6YG3mk3UjFGm5iRnAcDXlKgRM80IbVaZwHlSCHx8YrByNTsp7+3LISHomjnQ/tB1YEFKnaNvTaxZrN9tSED0pomJi5IY5F7b3GvL7ogkxG9UgcEYocEGG/gBgL+XKsrp/DdSywVYW/XmBr43Dt+99UOCRTisqiYPamraAuUEimgc+i4mV+or1k6OHHxv76xogquMzKgXv9aakpjQt4nudRyl3QWYj6jujCTg7c+Q3wq+vo1Ivc2SZil0QZ3PWkemQFXIOGdRunIxHQXo1V4RDE3r/WuNnHB/P+eU+3f45F7gVbPBAQcplg88efIAGfykWMq3VVPlveuF3ituj0CQwgwJa8nfQ+UF0uI7nFDabsdGdNbqkJJ3Jt0Gxfa6Npkw2hC9ehp6g2urEf9sGIIrJrI7IsjFNsu9qQ== |
x-forefront-antispam-report | CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA0PR15MB3871.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(38070700018);DIR:OUT;SFP:1102; |
x-ms-exchange-antispam-messagedata-chunkcount | 1 |
x-ms-exchange-antispam-messagedata-0 | 1bg+YhMjTWallqffPGNc0B10grDN3N90NO6lGcoV36XsZG8Shtzi4hQInQ59sB04mhntyzRxHXBkBMsOcsGKyaNcbWrItFlsLpd/qz4uUjzvl+GrVH+IAjlQPOGkMbeY8PmtCBpXslSLDULq9I9rXKpyDET919mbWKuKdoxrW+3nWMpIs5AECOXalR6rPqFts1V7A9yNgh97HxeiPXge7zLeCp0TsBHV5sTOQV52ysbO2N4cqCY9DT05ly08QGIQyyTZn1bx5/tnYCbAEkY0h1OxxNXjRLEIh9xtZ/CHm70Mi2+QkeZ4VxSLC3wRuWRgrd+I7oKYplwca5pPF4fWuyyVWUwBwXZTp2TJUHTK9W7RrPBOI/WhyfJjEglYn3ak8grFO6fhGMBatUKauBF+GpqdCAAqHdHmRv4+zqennxyTHlFNaFb0WfoU1Pb15wy5aUgq5ooN2RW22mG7wTiJEYpUQQjhzoAfJU3DNKgQif/8wpfCIJi6R4NqRghHDl1MW7W23ET21XZ8SI5TLk17MlyBCP6QW66rdz0PNDsSfGxXCE/Cs63lBepWhuGKdvebMYYTGpO7x70Cxrv1+bn40eIjdl4VdkrLQlCLLpWMWAWhc1GVNO28IbgFuH5NNkLGJfMBCF1UL1ZMbB/a+6SK5B9o3aOiu2SKZH449nQIEP67fwtD2476k7s0gYQD26jwi0v9q7A9RKGanEnRLMqi71dOtyTZsRMfECQg0jJPQ4DdDl3vJSDvB9ZQBCVLEDh3fOjY+GGekziJdiOhhStBBxrLqpg5dpWs9kvccbtMlrWv7tuWdGEywonT+NA+tigyDe3v8i7f7UtAJy/AHrilUMDlUsPDBUUrMlQsTDBgU2bAt0xkLFNou7UPO0cS/no0S0T/y91CcMq/IAHFvCsMrZ0VjqjrBDo57a5lpku31L2Hcz3bcJgNot02q0JtkafXBgVHhp1jnGHPFs9qL1YkV0WzjC/MAcw15+s0wmTtxm3RPyzk3gj1BpTAFJp7Goep9n3o93H5Zk1J6/orj9FwP/T/enZr8APt61KiwJofkZzxXEMpLSVfYLpdlhzzK5kbKfqd1TQ8lXtkzOijKXxUV4IyK8RVSyFAZt6zgdut/wBuvE3dsSpV+2dLaJtDMAAejzrIowZB7R4fIAwulY0BRnnLfuFaE3IrkofCeIUfobcQyKJPwf35fuu5mZhp7GM9T3Mebku1MwTV7ciYYj6Lnl/r9wlAS3kIYSX8DZI/g1/+wmxX3gTZDHeUMjDOFborPFYXv+tREdO9Ud3zFoSDUaJwUtFGZ4LUCoVN0zQSOn5IDQIuyT1ZpJPq0YkqG1uLLZ7ZKI6HSvKyoMc3SUgGnucyGlp25UeBsTydjHnTMiz170NyBYHbSn5lBASUJmeEceceOXcgI4q8UzPgS/xB3IvlC1AQbr/1eoSDn3/MKlhkDzXofC21w8esPQpXbM+0ju2ODzBNbC4oW/3tdos53t1uzPBtkybZxoEX9jSYUYmof/Z2W2+sQ19pgcy6dPP+DV5i+6AMMBucgvqEfWWwHIePed/5sFR13zPA6bNtFrocne+MYRTKLVtnoIPyXQq2 |
Content-Type | multipart/mixed; boundary="_004_SA0PR15MB3871B8DA563E94A755D860F3A5DD2SA0PR15MB3871namp_" |
MIME-Version | 1.0 |
X-OriginatorOrg | plateautel.com |
X-MS-Exchange-CrossTenant-AuthAs | Internal |
X-MS-Exchange-CrossTenant-AuthSource | SA0PR15MB3871.namprd15.prod.outlook.com |
X-MS-Exchange-CrossTenant-Network-Message-Id | 65281221-5b90-4bfc-a78b-08dc9ba672ac |
X-MS-Exchange-CrossTenant-originalarrivaltime | 03 Jul 2024 21:23:56.2599 (UTC) |
X-MS-Exchange-CrossTenant-fromentityheader | Hosted |
X-MS-Exchange-CrossTenant-id | c66eaad3-4231-4d3b-873b-e9d98588a49e |
X-MS-Exchange-CrossTenant-mailboxtype | HOSTED |
X-MS-Exchange-CrossTenant-userprincipalname | lY5QaZFOBCNqG2bqNRofWhWCW83YAAAiIyu5WhuWdEwHi6FZRthWLpb2oPiG3gTsoOWNffBDXUsAH0T8wyjDYA== |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | CH3PR15MB6450 |
Icon Hash: | 46070c0a8e0c67d6 |