Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Last Update Verified Status Removed #U2013 Take Action Now.eml

Overview

General Information

Sample name:Last Update Verified Status Removed #U2013 Take Action Now.eml
renamed because original name is a hash value
Original sample name:Last Update Verified Status Removed Take Action Now.eml
Analysis ID:1516605
MD5:10c5ee3fab231a86483ef921d2c54e78
SHA1:91c8a0c2b416bb067b9daf4152e9ff478326b481
SHA256:0f2c85b673d72b777826d458f828988ce43e306e3b8bebe94a47fef64f463e92
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Form action URLs do not match main URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Invalid T&C link found
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Suspicious form URL found

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 5532 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Last Update Verified Status Removed #U2013 Take Action Now.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6828 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A25E326F-1035-49F3-8701-57E27A567887" "4B1B704D-9028-4275-8FEC-33FE9127E141" "5532" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 1992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=soundestlink.com&u=aHR0cHM6Ly9wdWUuc291bmRlc3RsaW5rLmNvbS9jZS9jLzY2ZjI3ODkxY2Q3YTQxYzBmOWYyNzU0ZS82NmYyNzhhMGVhOTJmODVmZWVlZmY4YzkvNjZmMjc4YmQ1YzZlZGMzYTYyYTBhNTA5P3NpZ25hdHVyZT00N2MyYmYyNDJmMTY0NGUwZjhmMTdmMmVhNTc4YWU2ZmExMjAyNmViZDVlZjEyOTVlM2Q2NTkxNzY5NGJmMjAy&p=m&i=NjRiMzUwOGI3MTE2MjA1NTA2MTA1ODVm&t=WURmajhGaFdKNnJsMGRJRlFrMlN1ekdFdTZOOVI3MkgweXVFWVg2bUQ0WT0=&h=52e5531c93b34dfb8644550afe0dafef&s=AVNPUEhUT0NFTkNSWVBUSVY_rJvoqsQ_hOIHTiaXRF720p2WkzzAPXDh0RQTEGGjGw MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 1444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,8757490934388368392,16095774079668964678,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=soundestlink.com&u=aHR0cHM6Ly9wdWUuc291bmRlc3RsaW5rLmNvbS9jZS9jLzY2ZjI3ODkxY2Q3YTQxYzBmOWYyNzU0ZS82NmYyNzhhMGVhOTJmODVmZWVlZmY4YzkvNjZmMjc4YmQ1YzZlZGMzYTYyYTBhNTA5P3NpZ25hdHVyZT00N2MyYmYyNDJmMTY0NGUwZjhmMTdmMmVhNTc4YWU2ZmExMjAyNmViZDVlZjEyOTVlM2Q2NTkxNzY5NGJmMjAy&p=m&i=NjRiMzUwOGI3MTE2MjA1NTA2MTA1ODVm&t=WURmajhGaFdKNnJsMGRJRlFrMlN1ekdFdTZOOVI3MkgweXVFWVg2bUQ0WT0=&h=52e5531c93b34dfb8644550afe0dafef&s=AVNPUEhUT0NFTkNSWVBUSVY_rJvoqsQ_hOIHTiaXRF720p2WkzzAPXDh0RQTEGGjGw MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 2064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1896,i,10593052777371322446,10658700746079105240,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5532, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://livechat.account-webhelp.com/LLM: Score: 9 Reasons: The provided URL does not match the legitimate domain of the brand 'Meta'., The domain 'account-webhelp.com' is unrelated to Meta and is commonly used for customer service by Webhelp, not Meta., The use of 'livechat' and 'account' subdomains could be an attempt to mimic legitimate service portals. DOM: 5.5.pages.csv
Source: https://livechat.account-webhelp.com/HTTP Parser: Form action: https://facebook.com/ account-webhelp facebook
Source: https://livechat.account-webhelp.com/HTTP Parser: Form action: https://facebook.com/ account-webhelp facebook
Source: https://livechat.account-webhelp.com/HTTP Parser: Form action: https://facebook.com/ account-webhelp facebook
Source: https://livechat.account-webhelp.com/HTTP Parser: Number of links: 0
Source: https://livechat.account-webhelp.com/HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
Source: https://livechat.account-webhelp.com/HTTP Parser: Title: Meta for Business - Page Appeal does not match URL
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Privacy Policy
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Terms of use
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Privacy Policy
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Community Payment Terms
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Commercial terms
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Privacy Policy
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Terms of use
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Privacy Policy
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Community Payment Terms
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Commercial terms
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Privacy Policy
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Terms of use
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Privacy Policy
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Community Payment Terms
Source: https://livechat.account-webhelp.com/HTTP Parser: Invalid link: Commercial terms
Source: https://livechat.account-webhelp.com/HTTP Parser: Form action: process.php
Source: https://livechat.account-webhelp.com/HTTP Parser: Form action: process.php
Source: https://livechat.account-webhelp.com/HTTP Parser: Form action: process.php
Source: https://livechat.account-webhelp.com/HTTP Parser: <input type="password" .../> found
Source: https://agility-customization-5940.my.salesforce-sites.com/support?omnisendContactID=66f27891cd7a41c0f9f2754e&utm_campaign=campaign%3A+test+%2866f27384a89be4b8a289edd7%29&utm_medium=email&utm_source=omnisendHTTP Parser: No favicon
Source: https://livechat.account-webhelp.com/HTTP Parser: No favicon
Source: https://livechat.account-webhelp.com/?__cf_chl_tk=qSFLzDX0PFZ9Bb0m8RZLACN008XMBxU_U7KepGUu07Q-1727176424-0.0.1.1-4714HTTP Parser: No favicon
Source: https://livechat.account-webhelp.com/HTTP Parser: No <meta name="author".. found
Source: https://livechat.account-webhelp.com/HTTP Parser: No <meta name="author".. found
Source: https://livechat.account-webhelp.com/HTTP Parser: No <meta name="author".. found
Source: https://livechat.account-webhelp.com/HTTP Parser: No <meta name="copyright".. found
Source: https://livechat.account-webhelp.com/HTTP Parser: No <meta name="copyright".. found
Source: https://livechat.account-webhelp.com/HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.104.72
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.73
Source: global trafficDNS traffic detected: DNS query: eu-west-1.protection.sophos.com
Source: global trafficDNS traffic detected: DNS query: pue.soundestlink.com
Source: global trafficDNS traffic detected: DNS query: agility-customization-5940.my.salesforce-sites.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: livechat.account-webhelp.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.19.104.72:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49798 version: TLS 1.2
Source: classification engineClassification label: mal48.phis.winEML@32/22@26/166
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240924T0713120436-5532.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Last Update Verified Status Removed #U2013 Take Action Now.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A25E326F-1035-49F3-8701-57E27A567887" "4B1B704D-9028-4275-8FEC-33FE9127E141" "5532" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A25E326F-1035-49F3-8701-57E27A567887" "4B1B704D-9028-4275-8FEC-33FE9127E141" "5532" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=soundestlink.com&u=aHR0cHM6Ly9wdWUuc291bmRlc3RsaW5rLmNvbS9jZS9jLzY2ZjI3ODkxY2Q3YTQxYzBmOWYyNzU0ZS82NmYyNzhhMGVhOTJmODVmZWVlZmY4YzkvNjZmMjc4YmQ1YzZlZGMzYTYyYTBhNTA5P3NpZ25hdHVyZT00N2MyYmYyNDJmMTY0NGUwZjhmMTdmMmVhNTc4YWU2ZmExMjAyNmViZDVlZjEyOTVlM2Q2NTkxNzY5NGJmMjAy&p=m&i=NjRiMzUwOGI3MTE2MjA1NTA2MTA1ODVm&t=WURmajhGaFdKNnJsMGRJRlFrMlN1ekdFdTZOOVI3MkgweXVFWVg2bUQ0WT0=&h=52e5531c93b34dfb8644550afe0dafef&s=AVNPUEhUT0NFTkNSWVBUSVY_rJvoqsQ_hOIHTiaXRF720p2WkzzAPXDh0RQTEGGjGw
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,8757490934388368392,16095774079668964678,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=soundestlink.com&u=aHR0cHM6Ly9wdWUuc291bmRlc3RsaW5rLmNvbS9jZS9jLzY2ZjI3ODkxY2Q3YTQxYzBmOWYyNzU0ZS82NmYyNzhhMGVhOTJmODVmZWVlZmY4YzkvNjZmMjc4YmQ1YzZlZGMzYTYyYTBhNTA5P3NpZ25hdHVyZT00N2MyYmYyNDJmMTY0NGUwZjhmMTdmMmVhNTc4YWU2ZmExMjAyNmViZDVlZjEyOTVlM2Q2NTkxNzY5NGJmMjAy&p=m&i=NjRiMzUwOGI3MTE2MjA1NTA2MTA1ODVm&t=WURmajhGaFdKNnJsMGRJRlFrMlN1ekdFdTZOOVI3MkgweXVFWVg2bUQ0WT0=&h=52e5531c93b34dfb8644550afe0dafef&s=AVNPUEhUT0NFTkNSWVBUSVY_rJvoqsQ_hOIHTiaXRF720p2WkzzAPXDh0RQTEGGjGw
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,8757490934388368392,16095774079668964678,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=soundestlink.com&u=aHR0cHM6Ly9wdWUuc291bmRlc3RsaW5rLmNvbS9jZS9jLzY2ZjI3ODkxY2Q3YTQxYzBmOWYyNzU0ZS82NmYyNzhhMGVhOTJmODVmZWVlZmY4YzkvNjZmMjc4YmQ1YzZlZGMzYTYyYTBhNTA5P3NpZ25hdHVyZT00N2MyYmYyNDJmMTY0NGUwZjhmMTdmMmVhNTc4YWU2ZmExMjAyNmViZDVlZjEyOTVlM2Q2NTkxNzY5NGJmMjAy&p=m&i=NjRiMzUwOGI3MTE2MjA1NTA2MTA1ODVm&t=WURmajhGaFdKNnJsMGRJRlFrMlN1ekdFdTZOOVI3MkgweXVFWVg2bUQ0WT0=&h=52e5531c93b34dfb8644550afe0dafef&s=AVNPUEhUT0NFTkNSWVBUSVY_rJvoqsQ_hOIHTiaXRF720p2WkzzAPXDh0RQTEGGjGw
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1896,i,10593052777371322446,10658700746079105240,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=soundestlink.com&u=aHR0cHM6Ly9wdWUuc291bmRlc3RsaW5rLmNvbS9jZS9jLzY2ZjI3ODkxY2Q3YTQxYzBmOWYyNzU0ZS82NmYyNzhhMGVhOTJmODVmZWVlZmY4YzkvNjZmMjc4YmQ1YzZlZGMzYTYyYTBhNTA5P3NpZ25hdHVyZT00N2MyYmYyNDJmMTY0NGUwZjhmMTdmMmVhNTc4YWU2ZmExMjAyNmViZDVlZjEyOTVlM2Q2NTkxNzY5NGJmMjAy&p=m&i=NjRiMzUwOGI3MTE2MjA1NTA2MTA1ODVm&t=WURmajhGaFdKNnJsMGRJRlFrMlN1ekdFdTZOOVI3MkgweXVFWVg2bUQ0WT0=&h=52e5531c93b34dfb8644550afe0dafef&s=AVNPUEhUT0NFTkNSWVBUSVY_rJvoqsQ_hOIHTiaXRF720p2WkzzAPXDh0RQTEGGjGw
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1896,i,10593052777371322446,10658700746079105240,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pue.soundestlink.com
172.64.145.78
truefalse
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		unknown
      d35tlz0p71apkp.cloudfront.net
      		18.173.205.27
      		truefalse
        		unknown
        challenges.cloudflare.com
        		104.18.94.41
        		truefalse
          		unknown
          www.google.com
          		216.58.206.68
          		truefalse
            		unknown
            livechat.account-webhelp.com
            		104.26.5.182
            		truefalse
              		unknown
              na236-ia6.ia6.r.salesforce.com
              		136.146.16.122
              		truefalse
                		unknown
                eu-west-1.protection.sophos.com
                		unknown
                		unknownfalse
                  		unknown
                  agility-customization-5940.my.salesforce-sites.com
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://agility-customization-5940.my.salesforce-sites.com/support?omnisendContactID=66f27891cd7a41c0f9f2754e&utm_campaign=campaign%3A+test+%2866f27384a89be4b8a289edd7%29&utm_medium=email&utm_source=omnisendfalse
                      		unknown
                      https://livechat.account-webhelp.com/true
                        		unknown
                        https://livechat.account-webhelp.com/?__cf_chl_tk=qSFLzDX0PFZ9Bb0m8RZLACN008XMBxU_U7KepGUu07Q-1727176424-0.0.1.1-4714true
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          104.26.5.182
                          		livechat.account-webhelp.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          1.1.1.1
                          		unknownAustralia
                          		13335CLOUDFLARENETUSfalse
                          136.146.16.122
                          		na236-ia6.ia6.r.salesforce.comUnited States
                          		14340SALESFORCEUSfalse
                          51.104.15.253
                          		unknownUnited Kingdom
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          216.58.206.78
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          104.18.94.41
                          		challenges.cloudflare.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          216.58.206.67
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          104.18.95.41
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          142.250.185.227
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          216.58.206.68
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          74.125.206.84
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          18.173.205.27
                          		d35tlz0p71apkp.cloudfront.netUnited States
                          		3MIT-GATEWAYSUSfalse
                          172.64.145.78
                          		pue.soundestlink.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          2.19.126.151
                          		unknownEuropean Union
                          		16625AKAMAI-ASUSfalse
                          52.109.28.47
                          		unknownUnited States
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          13.79.7.57
                          		unknownUnited States
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          35.190.80.1
                          		a.nel.cloudflare.comUnited States
                          		15169GOOGLEUSfalse
                          142.250.186.42
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          52.109.76.240
                          		unknownUnited States
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                          Private

                          IP
                          192.168.2.16

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1516605
                          Start date and time:2024-09-24 13:12:41 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:18
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Sample name:Last Update Verified Status Removed #U2013 Take Action Now.eml
                          renamed because original name is a hash value
                          Original Sample Name:Last Update Verified Status Removed Take Action Now.eml
                          Detection:MAL
                          Classification:mal48.phis.winEML@32/22@26/166
                          Cookbook Comments:
                          • Found application associated with file extension: .eml

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 52.109.76.240
                          • Excluded domains from analysis (whitelisted): neu-azsc-config.officeapps.live.com, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • VT rate limit hit for: Last Update Verified Status Removed #U2013 Take Action Now.eml

                          LLM Input / Output

                          InputOutput
                          URL: Email Model: jbxai
                          {
"brand":["unknown"],
"contains_trigger_text":true,
"trigger_text":"CAUTION: This email originated from outside of the organisation. If in doubt please use the report message button to Security. VERIFIED BADGE REMOVED To avoid the permanent removal of your verified status,
 you are required to adhere to the provided guidelines and take the necessary corrective steps by September 24,
 2024. An appeal addressing the identified concerns must be submitted by this deadline. Furthermore,
 reach out to our support team to discuss the restoration of your verified badge. Failure to meet these requirements within the given timeframe will lead to the permanent loss of your verified status. This communication serves as your final warning. Appeal the decision 564 Market Street,
 Suite 700,
 San Francisco CA 94104",
"prominent_button_name":"Appeal the decision",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"has_visible_qrcode":false}
                          URL: https://livechat.account-webhelp.com/ Model: jbxai
                          {
"brand":["livechat.account-webhelp.com"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                          URL: https://livechat.account-webhelp.com/ Model: jbxai
                          {
"brand":["Meta"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Start Chat",
"text_input_field_labels":["full name",
"email address",
"confirm your phone number"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                          URL: https://livechat.account-webhelp.com/?__cf_chl_tk=qSFLzDX0PFZ9Bb0m8RZLACN008XMBxU_U7KepGUu07Q-1727176424-0.0.1.1-4714 Model: jbxai
                          {
"brand":["livechat.account-webhelp.com"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                          URL: https://livechat.account-webhelp.com/ Model: jbxai
                          {
"brand":["Meta"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Start Chat",
"text_input_field_labels":["full name",
"email address",
"confirm your phone number"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                          URL: https://livechat.account-webhelp.com/ Model: jbxai
                          {
"phishing_score":8,
"brands":["Meta"],
"sub_domain":"livechat",
"legit_domain":"meta.com",
"partial_domain_match":true,
"brand_matches_associated_domain":false,
"reasons":"The domain name 'account-webhelp.com' does not fully match the legitimate domain name associated with the identified brand 'Meta',
 which is'meta.com'. The presence of a hyphen in the domain name 'account-webhelp.com' suggests a partial matching domain name,
 which is a good indicator for phishing. Additionally,
 the brand 'Meta' is not commonly associated with the given domain 'account-webhelp.com',
 which further suggests that the webpage may be a phishing site.",
"brand_matches":[false],
"url_match":false,
"llama70":{
"riskscore":8,
"legit_domain":"meta.com",
"reasons":["The provided URL does not match the legitimate domain name of Meta,
 which is meta.com.",
"The URL contains 'livechat' and 'account-webhelp' which are not typical subdomains associated with Meta.",
"The domain 'account-webhelp.com' is not a known or trusted domain associated with Meta.",
"The use of a subdomain with a different domain extension (.com) than the legitimate Meta domain is suspicious.",
"Meta is a well-known brand and it is unlikely that they would use a third-party domain for live chat services."]}
,
"gpto1":{
"riskscore":9,
"legit_domain":"meta.com",
"reasons":["The provided URL does not match the legitimate domain of the brand 'Meta'.",
"The domain 'account-webhelp.com' is unrelated to Meta and is commonly used for customer service by Webhelp,
 not Meta.",
"The use of 'livechat' and 'account' subdomains could be an attempt to mimic legitimate service portals."]}
}
                          URL: https://livechat.account-webhelp.com/ Model: jbxai
                          {
"brand":["Meta"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Start Chat",
"text_input_field_labels":["full name",
"email address",
"confirm your phone number"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                          Created / dropped Files

                          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:data
                          Category:dropped
                          Size (bytes):231348
                          Entropy (8bit):4.380375058401163
                          Encrypted:false
                          SSDEEP:
                          MD5:2F54CAC9423C98D78CADAD320CF6AAAA
                          SHA1:6F049A245490D0913D2B6EA0FA5609541240016B
                          SHA-256:848FC849DB94B2404FC23D3C7C69D860DCB940FBCBF9065B4B15B1940CA635AB
                          SHA-512:19FEB5CB4B5654ECD8115075C5CB7413A9AB2EACF1BADAC80F23E22E11FED17697C38D6F6F671B5C77466B0C96C17E91969F519CF08FA0DF9C10C3ECBC89C466
                          Malicious:false
                          Reputation:unknown
                          Preview:TH02...... .p.j.r.......SM01X...,.....^.r...........IPM.Activity...........h...............h............H..h4.s.......=4...h.........}..H..h\cal ...pDat...h...0.....s....h'.._...........h........_`Rk...h.._@...I.lw...h....H...8.Wk...0....T...............d.........2h...............k-.......8.-...!h.............. hu.........s...#h....8.........$h.}......8....."h........x.....'h..............1h'.._<.........0h....4....Wk../h....h.....WkH..h.p..p...4.s...-h ........s...+h..._....(.s................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:ASCII text, with very long lines (65536), with no line terminators
                          Category:dropped
                          Size (bytes):322260
                          Entropy (8bit):4.000299760592446
                          Encrypted:false
                          SSDEEP:
                          MD5:CC90D669144261B198DEAD45AA266572
                          SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                          SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                          SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                          Malicious:false
                          Reputation:unknown
                          Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:ASCII text, with no line terminators
                          Category:modified
                          Size (bytes):10
                          Entropy (8bit):2.6464393446710157
                          Encrypted:false
                          SSDEEP:
                          MD5:486D7A574470CB41C14403F0449C438E
                          SHA1:53285555ACC6925DDD1E05D0A3C0BA48B3F6F49A
                          SHA-256:44D118D65F6CAAE29260CD4FD5CAF816E25A5635AD1582EA108211117BB2F514
                          SHA-512:68C40F4C0B7EC6B3ADC481234BD9EA4C1855E69A78C83CA2E5582DD8F8650D6CD9613EB1CE71F61C1146A8A42C5B19F751676A3570D467F0F05E85FA7BB6A056
                          Malicious:false
                          Reputation:unknown
                          Preview:1727176395

                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7B1AB9FD-07ED-49B1-B356-7F1E689CA3AE

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):176955
                          Entropy (8bit):5.2868022171706475
                          Encrypted:false
                          SSDEEP:
                          MD5:F91F6F67C5B52038CA436106CDE689EE
                          SHA1:5401C15A5807929BF99FCDCCB7671439A36EC6F5
                          SHA-256:27EF0DFABE57C0FBAB5A5C93ECDDC6A13E262627F87CC46ED26CF818CC60A9C6
                          SHA-512:04FC2E81FA00C59649D6B4D583EA88B0033700481C5E27356DDB98FCAE9546335E4B40C6F63560813AE73BF24E91B736E9C5EA25D63AD31334513DB7A2673FBE
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-09-24T11:13:14">.. Build: 16.0.18112.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                          Category:dropped
                          Size (bytes):4096
                          Entropy (8bit):0.09304735440217722
                          Encrypted:false
                          SSDEEP:
                          MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                          SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                          SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                          SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                          Malicious:false
                          Reputation:unknown
                          Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):4616
                          Entropy (8bit):0.1384465837476566
                          Encrypted:false
                          SSDEEP:
                          MD5:FC1D8AF774E35AAC9E386BD59CFFF61F
                          SHA1:F746BFC1D0ECC4638F4A1AC86C164D4C1907AFBA
                          SHA-256:041D82F0033D3855C6AB979628B6F9A8956BA415FFFFFF097AA3BAF2C3D6C4A4
                          SHA-512:F21C38B62C2AD2F29DA10401AE457029F412F84FE00F9A14472981C4D763796B02727EEB2C401C971CF8A33FE74BD270ED7A318629B9FE9C0EB7D177AE7D400F
                          Malicious:false
                          Reputation:unknown
                          Preview:.... .c.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:data
                          Category:dropped
                          Size (bytes):32768
                          Entropy (8bit):0.04445419730877624
                          Encrypted:false
                          SSDEEP:
                          MD5:716002FF1A46C2E8A6E713BDFF2A125E
                          SHA1:9297771337B1A0541E0D59BEB56DD746831FC28D
                          SHA-256:AE00F35EE2762F9A7856443BF01BCF29AA3B4B123FC1C271D4ED757689C507C1
                          SHA-512:9C9FBCBB94FB8F5F6C0B874F6670BF0D2AFB9F1C3898B94A86315F4DB0252BBBB8B606EC66E5AD1260C822CFD1A5113B477EDA51B355ECEB9FC84B0C096ABF7C
                          Malicious:false
                          Reputation:unknown
                          Preview:..-.....................I..,.<..w=.((.:.D....2j...-.....................I..,.<..w=.((.:.D....2j.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:SQLite Write-Ahead Log, version 3007000
                          Category:dropped
                          Size (bytes):45352
                          Entropy (8bit):0.39532562341883226
                          Encrypted:false
                          SSDEEP:
                          MD5:6F4082BD8E1CCFA4A0AA9C9C91D4F58D
                          SHA1:430F7B0D7AE5A78F6BECC27CDD37DF3B506A9EDC
                          SHA-256:CAC215ED4D33821AB68390FA6DA984798AE8C11DE628042AEC1FCED91FF9BA42
                          SHA-512:5BA0025D689840BE122E28610E490B2D402EA7FF8CD6998B310A6F296E16D213D52D438881F188D435CBCC692DFAE4ADC49E8F16AC2892D1AA8FF7E8BC3CE6B3
                          Malicious:false
                          Reputation:unknown
                          Preview:7....-..........w=.((.:...@...W........w=.((.:..Cr.&'..SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0C1B6343-6493-4A31-9C90-0A933FED2401}.tmp

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:data
                          Category:dropped
                          Size (bytes):19064
                          Entropy (8bit):4.598723521500365
                          Encrypted:false
                          SSDEEP:
                          MD5:C4239C70A30EDB488FC368BB2DCF5C48
                          SHA1:1DD4AA7C3756685424BE33D761843C502F74B486
                          SHA-256:10E5944D423EA61A6619E8204179C61E7557A6207BF983E3696461189F23787F
                          SHA-512:3B42236B27F0A8F07C6265B6F3F62BE80EA9FBD8927D6B36CB2337AEC47F77998D6AD9C687429AC98C494D7B2B46063AC27D65CB620F3A3EEA5B6A6C721D4BD4
                          Malicious:false
                          Reputation:unknown
                          Preview:............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................@....&...*...*...*...*...*...*...*..`8...8...8.......................................................................................................................................................................................................................................................-D..M................$..$.If....:V.......t.....6......4........4........a..........d...d.[$.\$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4.

                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727176392663829700_876F8BC2-C15E-4EBF-A033-D0EF58C63168.log

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:ASCII text, with very long lines (28737), with CRLF line terminators
                          Category:dropped
                          Size (bytes):20971520
                          Entropy (8bit):0.1616156564263844
                          Encrypted:false
                          SSDEEP:
                          MD5:E7802891C35684F49BC45BF27B8DDBA2
                          SHA1:FDD99B904868DB737BC5ADCE886E04CB5E10123E
                          SHA-256:0D25B540F054485A2FEBFEA3FEBB99AEEAE87C24F24B6AFFCECBB8EAB693F9B2
                          SHA-512:914141FDE8985BE8FBF558076584310EBB6AA578513A34FC9D25B5B5075594E22F824F38A14497E954C9C38ABD711BAC634A21391FF5B5025BFB3856F66C90B7
                          Malicious:false
                          Reputation:unknown
                          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..09/24/2024 11:13:12.707.OUTLOOK (0x159C).0x195C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-09-24T11:13:12.707Z","Contract":"Office.System.Activity","Activity.CV":"wotvh17Bv06gM9DvWMYxaA.4.9","Activity.Duration":20,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...09/24/2024 11:13:12.723.OUTLOOK (0x159C).0x195C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-09-24T11:13:12.723Z","Contract":"Office.System.Activity","Activity.CV":"wotvh17Bv06gM9DvWMYxaA.4.10","Activity.Duration":11611,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727176392665024700_876F8BC2-C15E-4EBF-A033-D0EF58C63168.log

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:data
                          Category:dropped
                          Size (bytes):20971520
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                          Malicious:false
                          Reputation:unknown
                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240924T0713120436-5532.etl

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:data
                          Category:modified
                          Size (bytes):102400
                          Entropy (8bit):4.515181994128496
                          Encrypted:false
                          SSDEEP:
                          MD5:A799EAC5EC056A74E2D56D704514BEEC
                          SHA1:369C59350F0BFA2CBD844AF51210875A52F8A515
                          SHA-256:DF056667C3A52C86D3904461A960F5017EFBB47AB731B34D67929911498C83C1
                          SHA-512:0070FC462EA15336CBD709A3C0F741FEB8F60989B3D4ABCCC2E67376B0DAD504BCF492482F4EEB3EB71458849EA58A4DB85D0909EC8CDC505BCC1D2B0B30BFAE
                          Malicious:false
                          Reputation:unknown
                          Preview:............................................................................`...\...........r...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................}.Y..............r...........v.2._.O.U.T.L.O.O.K.:.1.5.9.c.:.0.1.2.4.d.9.6.3.1.b.4.3.4.2.e.a.9.d.e.4.7.c.5.e.f.1.b.c.b.7.a.2...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.9.2.4.T.0.7.1.3.1.2.0.4.3.6.-.5.5.3.2...e.t.l.......P.P.\...........r...........................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:data
                          Category:dropped
                          Size (bytes):30
                          Entropy (8bit):1.2389205950315936
                          Encrypted:false
                          SSDEEP:
                          MD5:CF55E9CE131104758B8D659225343D93
                          SHA1:ECBBB8136A1B1A1403F1956BFD81DB387444D95F
                          SHA-256:02F68FD13030A421CBFCD767A839F0EC762E4635AC160A6EB56B0DF2EFC2F3C2
                          SHA-512:8FC537D5771CF47D6ADB4CDA5128985414E3467A2DB70ED7983652711011F6A2E9155F6F9D7F2B07A9E87CE5C8164AA2CDD49EF1A549C9F9511321E62F594C3B
                          Malicious:false
                          Reputation:unknown
                          Preview:..............................

                          C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:Composite Document File V2 Document, Cannot read section info
                          Category:dropped
                          Size (bytes):16384
                          Entropy (8bit):0.6689664687239653
                          Encrypted:false
                          SSDEEP:
                          MD5:DEBADDB89C024F50F70C6F85259B8C71
                          SHA1:A75696F08CA079779906BDBAB210540DC602A919
                          SHA-256:F2FE64A6CFFB765347C45647878D0E4556C98B0A09AC329F4E03329073FBEAD5
                          SHA-512:1EA13B4F80E9DF856EFD9790EBA1BA35D5461D3926253778E51DA79F7CAB3078E3529A3EC0AC863F8CCCDC0F8963B9C2131DDD2C1DE43077760426EA96CADFBE
                          Malicious:false
                          Reputation:unknown
                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 24 10:13:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2673
                          Entropy (8bit):3.978622650065796
                          Encrypted:false
                          SSDEEP:
                          MD5:9F1B4A8A20F7131DB7A6923833BF3366
                          SHA1:9E2705DC363083D745EB5D4C46016411D6E30857
                          SHA-256:D2A753F227D3E54DE6F0B235670BE0452E8937F5AA25D597D8DE1BF315331827
                          SHA-512:3E343358A1C405ACB0532A3C7593B6BAE42FC4A952ABABE9A9333C5978E4A4DC530BFCFD2A188C4E8B276E40311BFD30708FD60528216CE4A2B304B5B49B3AC7
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....R4.r...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I8Y.Y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V8Y.Y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V8Y.Y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V8Y.Y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V8Y.Y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C(fV.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 24 10:13:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2675
                          Entropy (8bit):3.9946142129166864
                          Encrypted:false
                          SSDEEP:
                          MD5:EAD21B2CD1A1F37ACBA91D3CCF4E279C
                          SHA1:CA5714696A103320A235A4FE39CE4E9D2E7957D4
                          SHA-256:3FC5EFD09FFD9EFD271A2B0118EC1B8D96EA32B99E771722DFD76FA43D629318
                          SHA-512:3655C6FA7C0A016D6AED3565CAC92399F8DBC381AC0BA8BEA0C8B153BEE2F4E56D46E1ABF613EEC04A3B0A70EE187B7273713EB1EBB19037375D8D677382ACE1
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,....c.$.r...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I8Y.Y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V8Y.Y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V8Y.Y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V8Y.Y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V8Y.Y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C(fV.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2689
                          Entropy (8bit):4.004307303629369
                          Encrypted:false
                          SSDEEP:
                          MD5:B488D7EEDF0653CB826D5D91B4248C6C
                          SHA1:1DF39D13EAFD7BC8D5C1DD4DCDA95FB71FD5B6A6
                          SHA-256:7C027EBE1EC1CD3B1E0963E67116F8D20251FFE62CEBEFBFE724C9248FD78FAF
                          SHA-512:63BF7F622EA5C25A11C5E334A664838DEF09C322ED8224092ACDECB5597278BCA51997FEF549CB1FEE58F14296630E28E7E51CCB77197A5E050BAB5F0952E00E
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I8Y.Y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V8Y.Y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V8Y.Y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V8Y.Y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C(fV.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 24 10:13:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.993338172694777
                          Encrypted:false
                          SSDEEP:
                          MD5:5F8B2441E51EE502290F5F91BB51FA22
                          SHA1:132FA0D995BB457B5C85221FE5B59CE875F3BEDA
                          SHA-256:76764111A1CA08EBC0B2F2097B3CB5D82312A450DF5610924F561585E93517B9
                          SHA-512:E52BBDE82C4C2C95C262EDD89F5952689C3878CBFBFEEF1D616D9A89B7E3B036E00559ED3026B52ABC8AD0F6DC7E2181800E4A801765ECE2CBA2FB7C4DA31668
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,........r...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I8Y.Y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V8Y.Y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V8Y.Y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V8Y.Y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V8Y.Y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C(fV.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 24 10:13:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.9829784459580524
                          Encrypted:false
                          SSDEEP:
                          MD5:A66B76E50D241A49D30B50284AB02808
                          SHA1:3551D2721AAF3186454D5CFA556F0BAC4A102300
                          SHA-256:277E6CD581B910123B5E5A96C2FC4CE1B9B4603BFD6E80091C93AEDA48979640
                          SHA-512:E97E7A44C065729A62B04677C07EFC7FE820F34E80CFE74FACB30F027212DFB6F9C243231FB97027620E7DF0F004803D2C9873E510175117177AB5791D2F83D8
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,....x<,.r...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I8Y.Y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V8Y.Y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V8Y.Y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V8Y.Y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V8Y.Y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C(fV.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Sep 24 10:13:38 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2679
                          Entropy (8bit):3.9903025828788246
                          Encrypted:false
                          SSDEEP:
                          MD5:D0DDBB2EF2A1B72B30F2542F64F07C07
                          SHA1:EBE8D50FCF361A721BD53E519F78902E082B5FEA
                          SHA-256:2C84BBD429634780BCA672C108A2E6499E8ED93A1D974BEE8EE947C448E32032
                          SHA-512:BDD6C74063E3701C82269BC80C6B490DD5C4FE57D28F70E5A1FD6D933C8120F1F3CF761466F96A8EBEFA9BD6B8E2EF75AE1469925F3B3F04DE0AAEFD37D5DCA6
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....:..r...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I8Y.Y....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V8Y.Y....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V8Y.Y....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V8Y.Y..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V8Y.Y...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........C(fV.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:Microsoft Outlook email folder (>=2003)
                          Category:dropped
                          Size (bytes):271360
                          Entropy (8bit):3.3115776397915595
                          Encrypted:false
                          SSDEEP:
                          MD5:FDDC2E267DF58BACAFD1306DBE15130C
                          SHA1:D5245F581CA1BAA5F740742EE81CCC126120991D
                          SHA-256:246743EAE5C3B5804B775404794762680DC7AD788D65F644D789DF1D2ADAA349
                          SHA-512:F76B62FFC17C21EF30C770DF2197B0BD6C20CA82787107C6DAA8CEF115DA4A48F286C033DDC7E4F9A7E903B74DD12B07BE5D0466A64000C16B8C550B4DD4A64B
                          Malicious:false
                          Reputation:unknown
                          Preview:!BDN....SM......\...............:.......a................@...........@...@...................................@...........................................................................$.......D......@ ..............9...............6...........................................................................................................................................................................................................................................................................................(........|g}L7......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                          Download File
                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          File Type:data
                          Category:dropped
                          Size (bytes):131072
                          Entropy (8bit):4.289542394720393
                          Encrypted:false
                          SSDEEP:
                          MD5:0EABF3A13ECEC2CBF88380E8ECDFF497
                          SHA1:5C27AAF3F18A8C6D115BC9005E9A0F6AC7939E3C
                          SHA-256:D3D970640F3B44D877D702A9E216902EB918173C933CEF70C6ABDF0594E6D3FE
                          SHA-512:C1EFECBDAAF4939F76016F35FAB061AF37E395CCE7BE1254EC0A688C81600DA4551999D844FF7123D5789D2E8BC5721E9AED07C625D3FBD97A7D5C39089D12DC
                          Malicious:false
                          Reputation:unknown
                          Preview:.`&.C...g............wr.r.....................#.!BDN....SM......\...............:.......a................@...........@...@...................................@...........................................................................$.......D......@ ..............9...............6...........................................................................................................................................................................................................................................................................................(........|g}L7...wr.r........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                          Static File Info

                          General

                          File type:RFC 822 mail, ASCII text, with CRLF line terminators
                          Entropy (8bit):5.903280947278014
                          TrID:
                          • E-Mail message (Var. 5) (54515/1) 100.00%
                          File name:Last Update Verified Status Removed #U2013 Take Action Now.eml
                          File size:32'476 bytes
                          MD5:10c5ee3fab231a86483ef921d2c54e78
                          SHA1:91c8a0c2b416bb067b9daf4152e9ff478326b481
                          SHA256:0f2c85b673d72b777826d458f828988ce43e306e3b8bebe94a47fef64f463e92
                          SHA512:120c8ef89bd17f35a32248a6ab797c931890c99e59c7cf8054f0bd92d206d11a30c3594acc87701b3c4273ebd11d4b2e70a5b1780c3132eaaf4462872c43656c
                          SSDEEP:384:HYDf3h/VWPZIthpIdIQekUZ/wWaoOkaXeNHWpHQg/a7eQdamnJHRExY+cn9jJmPB:otWIFI1kaGWqg/TQda+HFmPtsmZTP
                          TLSH:98E218A149945016F53A08D80B547E5DE6507A0FAAFB8EC036EE30BB9F9B0365F1778C
                          File Content Preview:Received: from AS8PR03MB6966.eurprd03.prod.outlook.com (2603:10a6:20b:290::13).. by GV2PR03MB9473.eurprd03.prod.outlook.com with HTTPS; Tue, 24 Sep 2024.. 09:59:53 +0000..Received: from DU7P190CA0012.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:550::11).. by AS

                          Static Mail

                          General

                          Subject:Last Update: Verified Status Removed Take Action Now
                          From:Verified Badge <shashank.sharma@salesforce.com>
                          To:"karla.threlfall@cardfactory.co.uk" <karla.threlfall@cardfactory.co.uk>
                          Cc:
                          BCC:
                          Date:Tue, 24 Sep 2024 09:59:38 +0000
                          Communications:
                          • CAUTION: This email originated from outside of the organisation. If in doubt please use the report message button to Security. HTML preview VERIFIED BADGE REMOVED To avoid the permanent removal of your verified status, you are required to adhere to the provided guidelines and take the necessary corrective steps by September 24, 2024. An appeal addressing the identified concerns must be submitted by this deadline. Furthermore, reach out to our support team to discuss the restoration of your verified badge. Failure to meet these requirements within the given timeframe will lead to the permanent loss of your verified status. This communication serves as your final warning. Appeal the decision 564 Market Street, Suite 700, San Francisco CA 94104
                          Attachments:

                            Headers

                            Key Value
                            Receivedfrom [10.173.181.103] ([10.173.181.103:43414] helo=na236-app2-2-ia6.ops.sfdc.net) by mx1-ia6-sp3.mta.salesforce.com (envelope-from <shashank.sharma@salesforce.com>) (ecelerity 4.7.0.20111 r(msys-ecelerity:tags/4.7.0-ga^0)) with ESMTPS (cipher=ECDHE-RSA-AES256-GCM-SHA384 subject="/C=US/ST=California/L=San Francisco/O=salesforce.com, inc./OU=0:app; 1:ia6; 2:ia6-sp3; 3:na236; 4:prod/CN=na236-app2-2-ia6.ops.sfdc.net") id A8/B4-07244-A8D82F66; Tue, 24 Sep 2024 09:59:38 +0000
                            Authentication-Resultsspf=softfail (sender IP is 198.154.180.194) smtp.mailfrom=salesforce.com; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=salesforce.com;compauth=none reason=451
                            Received-SPFPass (protection.outlook.com: domain of salesforce.com designates 13.110.242.204 as permitted sender) receiver=protection.outlook.com; client-ip=13.110.242.204; helo=smtp13-ia6-sp3.mta.salesforce.com; pr=E
                            X-Sophos-Product-TypeMailflow
                            X-Sophos-Email-ID52e5531c93b34dfb8644550afe0dafef
                            Authentication-Results-Originalmx1-ia6-sp3.mta.salesforce.com x-tls.subject="/C=US/ST=California/L=San Francisco/O=salesforce.com, inc./OU=0:app; 1:ia6; 2:ia6-sp3; 3:na236; 4:prod/CN=na236-app2-2-ia6.ops.sfdc.net"; auth=pass (cipher=ECDHE-RSA-AES256-GCM-SHA384)
                            DateTue, 24 Sep 2024 09:59:38 +0000
                            FromVerified Badge <shashank.sharma@salesforce.com>
                            To"karla.threlfall@cardfactory.co.uk" <karla.threlfall@cardfactory.co.uk>
                            Message-ID<9TWHN000000000000000000000000000000000000000000000SKBAFA00VdIdXaJ-QZqw4YoJzKlmVg@sfdc.net>
                            SubjectLast Update: Verified Status Removed Take Action Now
                            Content-Typemultipart/alternative; boundary="----=_Part_3481_713676623.1727171978910"
                            X-SFDC-LK00DHs000008oo6X
                            X-SFDC-User005Hs00000FAXiC
                            X-Senderpostmaster@salesforce.com
                            X-mail_abuse_inquirieshttp://www.salesforce.com/company/abuse.jsp
                            X-SFDC-TLS-NoRelay1
                            X-SFDC-BindingiCBT705cy8bBFz3B
                            X-SFDC-EmailCategoryapiMassMail
                            X-SFDC-EntityId005Hs00000FAbS6
                            X-SFDC-Interfaceinternal
                            X-EOPAttributedMessage1
                            X-EOPTenantAttributedMessage7956b84e-0c99-46b5-81c6-28689cfa7221:1
                            X-MS-TrafficTypeDiagnostic DB1PEPF000509F6:EE_|DBBPR03MB7066:EE_|DB1PEPF000509F9:EE_|AS8PR03MB6966:EE_|GV2PR03MB9473:EE_
                            X-MS-Office365-Filtering-Correlation-Id4a2416c5-3a6f-431e-b122-08dcdc7fa09b
                            X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|69100299015|29132699027|5073199012;
                            X-Microsoft-Antispam-Message-Info-Original eEHpOH4JdgpDTC+nJWhX6ZBAhuf4TqLSjc8O7DFWyXBGWBeQpCgi1yURXQ6NuciYFR0JLJ/S6rnmg95pc+HCgUzQPc+A9DMoDl/QSGKsqejAsz6dGXg+w5ngBO9at7TYtonmPImkDcGUXNYGLW2lGFYN0lF4NQ8scJlhISrnv/+bu7kipsWpi1IHLpgQVfMvvMZ38u1sDQ7yLB8cvEsGuc8sYlg9Rsl4KR2szia9iaa6D9VOPouJib7KQXyZSQ1r7gb9HKL4LGeeIW+grpy+tKpEApS/0dttHjuZpFXi6B7s53aZ7+JrBDk1OGusfX29CCWkj5PqIAvP/mqMaqRAgNpQwOjEjhk3Aw0veZto2LcgGN4cqN509/mp5chrUFRp+1X3bd2gp+4YugtNm75z0hpVYw8SLlRYVNOkF6dZBKxh12cnUmiWp4H2y5Wf6F6aSZ9gipMwHuKadmDKYGh/meMaP6nfI36dLYVcknLcQ6aJLUXq9lFuihIdvR9I+EC6597RkChlcRscWAMtqUiRfIABXgHRHzTqEfWdOsznv8gUtwiSRqrWIwNtkik5iNOQl590//iBZIt2q0BbmjwQQ/t/6/mFsJB8JkI1d8Qaz8l1dimx1PRQ/Ve4Elguj2FaQQion3yw/QpTh5joojGh+n4GgjTW4Uyxmr27y6No3rOmtdkacAoJ8MXhby9DEfO/WfdJroVBOHmVfXf1Jx8rzBRqd8axkYfriiIGoW0ifls6VmAgVFHttGt2V3obZ7jHdb+SEevkajzlLZPb3yBwrUv1saO4Plc7+jTIkJSOHvjo29xv1kfwmpCiTBwxw69tQANlLk6+9X4nfmNcwU+vhiog5rEqMog4OU/LmxcKQUiRSIXqLojsdgreDqusLqZUQyl0QZdeqB5qDaZKmJ22fHNgdPM+qKJDDDowiWgfaDi3vlM+LmyG4y6r9BwCip0brXdWBlaMw0CwlaquxGflDlwiw0R4lg8wTbdXNVWi2o+TjoxuWHIbe+CGkzMax/KyYvG105psitjGOSGZzmFaORdnu2naxUCASjIiDuktWGz78nmmr94IOJ/ABMd6aEDoNVNMpFInwkXbbaJbxPizDeiWfnFHMPRhwzPS+VJBEIJd1Ngnwx1MsIKBv61gnmstslhq+InANGmXNd1IobGVP8pWp5+owaVFZmh5S4nFnDHtNEZlf52Y0gpATq2BC0tMD71gHM+D4aeIVOVG7kvyCNHkL+Pq/Ex3slD4lirHYYXfsBYZk/9LmGmz1IUdbwUc1d+EDdNjgi6EueU2ZItxSU7evQDAkwHYKN/rTVPukfQkIfb2j1Ns6vsvmsYLMU2pUO6Pg3q9DoqrAk98KIeOOUXHu693lB89BC09N82X6hSupnCX4ZK3vPt95n8CWCWh9rxCapv+0JQbWcvjJtoRGQrAevK3Y3G+bebJqZCLE9U25ewcpyDoahLNDg++E13iIN3xH0c6NxOGNpwtSSTIehL2mCL1WJhaw2xJGnndUgr1NSclrNXnHcoJSLw9WlOrhd2Ya0kNg4Zmt+5XHUSz0nLrIrkaosS1jRgSypVpNj8CpOzq00ikYs5sJYklLFWS3ZjAb3VLi3KyEd5ZNv9EZ2fsd4qpQbbhj8CxOiVQBTbg+v3YCvdTU1m4JXbzPxGO4Eg2e3Wh/UaHar/BQdpUiT6ZwXLCM6dLtJymFPi1luE1WyC/o3rc10GdGNPTtHsasyed3bQsA9KGKl+6ipULRsSPUijFeV09oUz/bCtyrWhr1SZeuzc15lWQd+4ZDuuSo1QEHgYKUhdi8u1vYXsxTA/6FEZi5p90sFKoBYWrgJ2uh3HKNi4wCADq3MUUQrVIA1kJ+CIDwi8VbDma+yveEUsu1QszHu/4J1oT0Sb45KTxtuceFPQNFUZoI2btzS7ujQkGNDFYOPJSb5yyNNBtHwF3BFOMqC5VdzgdUAhLao0=
                            X-Forefront-Antispam-Report-UntrustedCIP:13.110.242.204; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:smtp13-ia6-sp3.mta.salesforce.com; PTR:smtp13-ia6-sp3.mta.salesforce.com; CAT:NONE; SFS:(13230040)(69100299015)(29132699027)(5073199012); DIR:INB;
                            X-MS-Exchange-Transport-CrossTenantHeadersStampedAS8PR03MB6966
                            Content-Transfer-Encoding8bit
                            X-Sophos-Email-Scan-Details27140d1e1540510e7e771140550e7d75
                            X-Sophos-Email[eu-west-1] Antispam-Engine: 6.0.0, AntispamData: 2024.9.24.91216
                            X-Sophos-SenderHistoryip=13.110.242.204, fs=1207404, fso=44578314, da=220630594, mc=83, sc=25, hc=58, sp=30, re=141, sd=13, hd=6
                            X-Sophos-DomainHistoryd=salesforce.com, fs=35982, fso=76133874, da=81373418, mc=25643, sc=177, hc=25466, sp=1, re=864, sd=0, hd=30
                            X-LASED-From-ReplyTo-DiffFrom:<cardfactory.eu.com>:10
                            X-LASED-SpamProbability0.131017
                            X-LASED-HitsBODYTEXTH_SIZE_10000_LESS 0.000000, BODYTEXTH_SIZE_3000_MORE 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_8000_8999 0.000000, CS_HDR_RND_1 0.100000, DQ_S_H 0.000000, FONT_STYLE_0PT 0.000000, HREF_LABEL_TEXT_NO_URI 0.000000, HREF_LABEL_TEXT_ONLY 0.000000, HTML_70_90 0.100000, HTML_FONT_INVISIBLE 0.100000, IMP_FROM_NOTSELF 0.000000, INBOUND_SOPHOS 0.000000, INBOUND_SOPHOS_TOP_REGIONS 0.000000, KNOWN_MTA_TFX 0.000000, LINK_TO_IMAGE 0.000000, NO_FUR_HEADER 0.000000, OBFUSCATION 0.000000, PHISH_SPEAR_CONTENT_X3 0.100000, PHISH_TRUSTED_RDNS 0.000000, PRIORITY_NO_NAME 0.716000, SUSP_DH_NEG 0.000000, SXL_IP_TFX_WM 0.000000, TO_NAME_IS_ADDY 0.000000, TRANSACTIONAL 0.000000, URI_IS_POUND 0.000000, URI_WITH_PATH_ONLY 0.000000, UTF8_SUBJ_OBFU 0.100000, __ANY_URI 0.000000, __ATTACH_CTE_7BIT 0.000000, __ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __AUTH_RES_DMARC_PASS 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_TEXT_X4 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_ALT 0.000000, __DQ_D_H 0.000000, __DQ_IP_FSO_LARGE 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __DQ_S_DOMAIN_100K 0.000000, __DQ_S_DOMAIN_HD_10_P 0.000000, __DQ_S_DOMAIN_HD_1_P 0.000000, __DQ_S_DOMAIN_HD_20_P 0.000000, __DQ_S_DOMAIN_HD_30 0.000000, __DQ_S_DOMAIN_HD_5_P 0.000000, __DQ_S_DOMAIN_HIST_1 0.000000, __DQ_S_DOMAIN_MC_100_P 0.000000, __DQ_S_DOMAIN_MC_10_P 0.000000, __DQ_S_DOMAIN_MC_1K_P 0.000000, __DQ_S_DOMAIN_MC_1_P 0.000000, __DQ_S_DOMAIN_MC_50_P 0.000000, __DQ_S_DOMAIN_MC_5_P 0.000000, __DQ_S_DOMAIN_RE_100_P 0.000000, __DQ_S_DOMAIN_SC_100_P 0.000000, __DQ_S_DOMAIN_SC_10_P 0.000000, __DQ_S_DOMAIN_SC_1_P 0.000000, __DQ_S_DOMAIN_SC_5_P 0.000000, __DQ_S_HIST_1 0.000000, __DQ_S_HIST_2 0.000000, __DQ_S_IP_1MO 0.000000, __DQ_S_IP_MC_10_P 0.000000, __DQ_S_IP_MC_1_P 0.000000, __DQ_S_IP_MC_5_P 0.000000, __DQ_S_IP_RE_100_P 0.000000, __DQ_S_IP_SC_10_P 0.000000, __DQ_S_IP_SC_1_P 0.000000, __DQ_S_IP_SC_5_P 0.000000, __DQ_S_IP_SD_10_P 0.000000, __DQ_S_IP_SD_1_P 0.000000, __DQ_S_IP_SD_3_P 0.000000, __DQ_S_IP_SD_5_P 0.000000, __DQ_S_IP_SP_10_P 0.000000, __DQ_S_IP_SP_25_P 0.000000, __DQ_S_IP_SP_5_P 0.000000, __FRAUD_NEGATE 0.000000, __FRAUD_PARTNERSHIP 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FUR_RDNS_SALESFORCE 0.000000, __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_MSGID 0.000000, __HAS_X_FF_ASR 0.000000, __HAS_X_FF_ASR_CAT 0.000000, __HAS_X_FF_ASR_SFV 0.000000, __HAS_X_PRIORITY 0.000000, __HIDDEN_HTML_CONTENT 0.000000, __HREF_LABEL_TEXT 0.000000, __HTML_AHREF_TAG 0.000000, __HTML_FONT_RED 0.000000, __HTML_HREF_TAG_X2 0.000000, __HTML_TAG_CENTER 0.000000, __HTML_TAG_DIV 0.000000, __HTML_TAG_IMG_X2 0.000000, __HTML_TAG_IMG_X5 0.000000, __HTML_TAG_TABLE 0.000000, __HTTPS_URI 0.000000, __HTTP_IMAGE_TAG 0.000000, __IMG_THEN_TEXT 0.000000, __IMP_FROM_NOTSELF 0.000000, __INBOUND_SOPHOS_EU_WEST_1 0.000000, __JSON_HAS_MODELS 0.000000, __JSON_HAS_SCHEMA_VERSION 0.000000, __JSON_HAS_SENDER_AUTH 0.000000, __JSON_HAS_TENANT_DOMAINS 0.000000, __JSON_HAS_TENANT_ID 0.000000, __JSON_HAS_TENANT_SCHEMA_VERSION 0.000000, __JSON_HAS_TENANT_VIPS 0.000000, __JSON_HAS_TRACKING_ID 0.000000, __MIME_HTML 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MODEL_THREAT_GE_25 0.000000, __MODEL_THREAT_SINGLE_GE_25 0.000000, __MTHREAT_30 0.000000, __MTL_30 0.000000, __MULTIPLE_URI_HTML 0.000000, __MULTIPLE_URI_TEXT 0.000000, __PHISH_COMPR_DIR_NAME 0.000000, __PHISH_LOGO 0.000000, __PHISH_SPEAR_CONSEQUENCES_B 0.000000, __PHISH_SPEAR_NEGATE 0.000000, __PHISH_SPEAR_SUBJECT 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __PHISH_SPEAR_SUBJ_PREDICATE 0.000000, __PHISH_SPEAR_SUBJ_SUBJECT 0.000000, __PHISH_SPEAR_TEAM 0.000000, __RCVD_FROM_DOMAIN 0.000000, __RCVD_PASS 0.000000, __SANE_MSGID 0.000000, __SCAN_DETAILS 0.000000, __SCAN_DETAILS_SANE 0.000000, __SCAN_DETAILS_TL_0 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_END2 0.000000, __SUBJ_HIGHBIT 0.000000, __SUBJ_TRANSACTIONAL 0.000000, __SUBJ_TR_GEN 0.000000, __TAG_EXISTS_BODY 0.000000, __TAG_EXISTS_HEAD 0.000000, __TAG_EXISTS_HTML 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NO_NAME 0.000000, __URI_HAS_HYPHEN_USC 0.000000, __URI_IMG_WIKI 0.000000, __URI_IN_BODY 0.000000, __URI_IN_BODY_HTTP_X10 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_MAILTO 0.000000, __URI_NS 0.000000, __URI_WITH_PATH 0.000000, __UTF8_SUBJ 0.000000, __X_FF_ASR_SCL_NSP 0.000000, __X_FF_ASR_SFV_NSPM 0.000000
                            X-LASED-ImpersonationFalse
                            X-LASED-SpamNonSpam
                            X-Sophos-MH-Mail-Info-KeyNFhDYjF4MTNYUHoxeG5OLTE3Mi4xOS4wLjEzNQ==
                            Return-Pathshashank.sharma@salesforce.com
                            X-MS-Exchange-Organization-ExpirationStartTime24 Sep 2024 09:59:49.3283 (UTC)
                            X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                            X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                            X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                            X-MS-Exchange-Organization-Network-Message-Id 4a2416c5-3a6f-431e-b122-08dcdc7fa09b
                            X-MS-Exchange-Organization-MessageDirectionalityIncoming
                            X-MS-Exchange-Transport-CrossTenantHeadersStripped DB1PEPF000509F9.eurprd02.prod.outlook.com
                            X-MS-PublicTrafficTypeEmail
                            X-MS-Exchange-Organization-AuthSource DB1PEPF000509F9.eurprd02.prod.outlook.com
                            X-MS-Exchange-Organization-AuthAsAnonymous
                            X-MS-Office365-Filtering-Correlation-Id-Prvs a3e2121d-fbf2-4baf-6ed2-08dcdc7f9af8
                            X-MS-Exchange-Organization-SCL-1
                            X-Microsoft-Antispam BCL:0;ARA:13230040|69100299015|35042699022|29132699027|5073199012;
                            X-Forefront-Antispam-Report CIP:198.154.180.194;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKN;H:mfid-euw1.prod.hydra.sophos.com;PTR:mfid-euw1.prod.hydra.sophos.com;CAT:NONE;SFS:(13230040)(69100299015)(35042699022)(29132699027)(5073199012);DIR:INB;
                            X-MS-Exchange-CrossTenant-OriginalArrivalTime24 Sep 2024 09:59:49.2814 (UTC)
                            X-MS-Exchange-CrossTenant-Network-Message-Id4a2416c5-3a6f-431e-b122-08dcdc7fa09b
                            X-MS-Exchange-CrossTenant-Id7956b84e-0c99-46b5-81c6-28689cfa7221
                            X-MS-Exchange-CrossTenant-AuthSource DB1PEPF000509F9.eurprd02.prod.outlook.com
                            X-MS-Exchange-CrossTenant-AuthAsAnonymous
                            X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                            X-MS-Exchange-Transport-EndToEndLatency00:00:03.9990505
                            X-MS-Exchange-Processed-By-BccFoldering15.20.7982.022
                            X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                            X-Microsoft-Antispam-Message-Info Herx5n9Uxr7hZd5JVY0r/YyKPvi9CWNhS12BKB7x9fV6iLIt0Taq5ElLzwtkjs+jqZQRnh2f8iLAvqMCHd0Sk+WiVwuTB67urKONmOGsflTDowiIFHdMhXdxn6Gzq2wLvW5FrwuLxQFIbYffu8Jv6OO8eT9DIRxzOY4/nesKwXCuOdMXsoardcttNFl0lZxt3M5+1vXirnYnijNvEUOEs9wXAgfa/gdbKZCzuKJnoIDdow9k8puIFo0++CQze+IvGyrSzjrqb2hVXs1WNX0adE/vHs0d3fo539EgUXSq/J3Tpfyj81Xab/yhFG0Twk3fsshQB6a0l5F8HPczdwvbxDACZSIHpLnlV8NrycIGJqwNqqJVdiSdY9LQrp50HiPAP6+GRGftKv3NsKOnbnq6sOKfn7I9W2VeBCxoJNd8hCNmml0FA2LJm7Kw6OaDUCDghHxVriWP1gptwXwTs8Lg8j7eAo/3aLmoMZQOVb27ropTIFPI1ai+ElnNy1rX+cKQmC+zPhhbUWb9Vhan7VShbdJKpgTW0WRpotTJDmdvvZmJjoMUfvT+tjEqaiBpMElURwcm/9UhazLcquo1mJQ+HxvmBOK60284RTZ9psSUJfkBI5CwGBYDlPegiZUfthVw9zRSAZ4uo3DnXQ7xq+ZUM5RrSVAMeY7efL3BBUAtAbUom6D6BWotjdHdfGmvvhIuL7wR+K0i9VuppffrnlPG25jhx7kWq3s3wdv5T5IOLfzlyT64BJp3pufrrZT0ux/H1ZTW+gcBT7Xj7OEK9lgU1tkmYRZgAfMeJHeyghdjJK/FuOKmNFVLTg964X784iBxJ0x7i2p/i/f+T3hYLdN5JYdGN/UySLSipaeY2CNdomvaA8V0U/xX4NKvAEdWQVTxEaJIIE8xThUBpK69mo+LuWTxZo5rZLV9Vmq0gpyl+9ycFXIE1wPYTGIVhs02a7Qi8Jw7v5Xo5n69sCdvGr1JhK56Guek6B0PHSHO70ufxIy8Vi5Pi+b1TjI8NB2Y+C6g9Dxw5H93y5gn365OhckPyWQvgjufr+M4W/rli9oopB7NdlwPW/0IMIHQcSUh/sJQKeCxe6RPLOG9p3H80aZDzqfoii97W3mnIVyFnRIDxq6fpLrLK1Q+mavtpBQ+9fFKoCg2VULJhM+uHZrBarN4S0J6kVlkc8noIHbj8uRTNcympsKurRTil4v52p5B6SXfIdvi6X5VldC0vHOhMq1RFEHUw8leSsTSxDwVCXkfg2C3mZFL5R2TG+YV9ThcD4QxAVG3uytdhKKkub+Z5BBTcXvtupIM9ssfgj52F+TPmkq1G2jWTn0FHFmCQd9SdhoZfJoxNpczKCyytLGTUgDcC01IoQzHZCsg4aAhcYXQAglbNjkcyRvCt0tGIBH65NXv68pTgguvh1A69BTIzsP6ALkDShoU62pw9AMQx+MWGd8hI2a+CR82vLwJPRZTxt+XMIFX63DdoW39czaqLsxZQE3KQIlstnF8JDlHTtFWy2KeFZwI5E01H7AgaUHHVdu8KtuI6C3oIddgoh6E2iTQtC5UoPtAKo2+EOSOtpN7qKtE4bfDG13ss5B1Xr0Ut4THi1iaOQMtuhZ+LQ7Z3uBaA0JHk32PCK1GnNBI+RngapUfeFjZWIeSmdtjiVR88bteq8sZIvcI/FbqF4kiDVjmx16rHffJs9x8dVC/sg2rwGPMJlAId5dFbqEPMGPrhbEVJT+2Utwi1/LGhVstaJ1riEKtTd7jZR2F0boI3NqXrd/KOE2QjndULXxxv/GLm4e0TazPd3X6kSHtqnydushPwhlyJhMjd/Rn/BUyhnsT96s8cQMNGY9GnxG/EJ7n4lbhChQZxkwH4FDNtLXJ/EkIZqfarp8r/orGp8ZvM4pFpqZ8/k15UoEmTpTrf1+7ELgX068VC2Y9DUAxQPNCN4JN4/1Ut86uEpGaT0jIXcItfk5TA6NTcQXptMGsqTL2BGa4cPMFZVabn1eWW8hhxNPqKiGT9G+BDXpET2kd2ay9arnlEEdtgbiCh0BM8ij4DDgkO0+CR1GAHZ8IncrpaUeIJQ/fV+eIJjzK7APbVQUP16IFIL8bPQZRuFI0iJ2KEDcX9436ofRHT+Ne2mWR5BO4ueZzv7UE/BI7g0+dSpigMUBcutlL/r3cykGGpZOz38iJ
                            MIME-Version1.0

                            File Icon

                            Icon Hash:46070c0a8e0c67d6