Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Driving a supply chain planning evaluation.eml

Overview

General Information

Sample name:Driving a supply chain planning evaluation.eml
Analysis ID:1563134
MD5:eaa9d54ffd5bd5f5b9b3b95151c9fbc3
SHA1:6feca152453ae4bf4876f2f32caef1139432ffa2
SHA256:c0c64f4b3ad0847e8493dcc8c13e4249b0ba3f8c7c87aaf1535028a12f76c67d
Infos:

Detection

Lure-BasedAttack
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6904 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Driving a supply chain planning evaluation.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7136 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FCDBD4DE-D1E6-48D1-A4F9-160FAD683B47" "FE2B78F1-0CDD-4B67-9BAE-40713CBEF856" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 2976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=marketmindsb2b.com&u=aHR0cDovL3RyYWNraW5nLm1hcmtldG1pbmRzYjJiLmNvbS90cmFja2luZy9jbGljaz9kPWV6ZnlmRzJFNFZQOWZjTkNZUlVIeEV3WjBYcTNzcGVDejBqbWo5bklCdk90aGJrMmtoeWVfSGZhTjZKTGRHUWJHdkhwVHdYY01wbzdadlBPTVFwNXE1VFQ0WXJZUFJlNEtDb01vUFZ5WDc1UWQ5a2dkRGZYS0lydDB5U3JnbWxjSWRueFg0QWh5N0NQTjdtV0JTZFJncTFZTVR3UTVXNlFwQUthT1RwbVhxOFFmcnRiTXNBYmZHVFJ4NjlpZUpCTXQ4QUJsczNzaWNwa2UyLWpqdm12N25kQ1VUR25xN3hlTlI0M2RubTFYVE9MX0pSRTVDQzJqN0FCbHRDZ0Z6QzRNZ25xRU9nQ2NnWVRJZ1kzZVFOZWlkSTE=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=d0plV0V6bVYrV1M5UVZ0bU94UXZ1N2NncVZJNVBSL01nd1h5VU5weDY1UT0=&h=80c9b6367fdb497fb8fa034ca1a5d2d5&s=AVNPUEhUT0NFTkNSWVBUSVb7ZaWQLzwVYTZMSsiVaSqfjTOnNIn3_yRToTM0b4suxQ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 6736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1996,i,10723237278413055132,2949394704765093116,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6904, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.17, DestinationIsIpv6: false, DestinationPort: 49702, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 6904, Protocol: tcp, SourceIp: 52.113.195.132, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-26T14:50:00.153176+010020283713Unknown Traffic192.168.2.174970252.113.195.132443TCP
2024-11-26T14:50:00.153176+010020283713Unknown Traffic192.168.2.174970252.113.195.132443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Email contains prominent button: 'download now'
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email contains multiple tracking links masked through Sophos protection, which is suspicious. The sender domain 'marketmindsb2b.com' appears to be a marketing company but is trying to appear as a legitimate automotive case study. The email structure and content follows typical marketing/phishing patterns with vague content and multiple unsubscribe/tracking links
Source: EmailClassification: Lure-Based Attack
Source: https://digitalzonemediaus.com/002/kinaxis-212/content/case-study-automotive-driving-supply-chain-revolution-kinaxis.pdfHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.17:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.231.128.66:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.231.128.66:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.231.128.66:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.206.197.11:443 -> 192.168.2.17:49739 version: TLS 1.2
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.17:49702 -> 52.113.195.132:443
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /tracking/click?d=ezfyfG2E4VP9fcNCYRUHxEwZ0Xq3speCz0jmj9nIBvOthbk2khye_HfaN6JLdGQbGvHpTwXcMpo7ZvPOMQp5q5TT4YrYPRe4KCoMoPVyX75Qd9kgdDfXKIrt0ySrgmlcIdnxX4Ahy7CPN7mWBSdRgq1YMTwQ5W6QpAKaOTpmXq8QfrtbMsAbfGTRx69ieJBMt8ABls3sicpke2-jjvmv7ndCUTGnq7xeNR43dnm1XTOL_JRE5CC2j7ABltCgFzC4MgnqEOgCcgYTIgY3eQNeidI1 HTTP/1.1Host: tracking.marketmindsb2b.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: eu-west-1.protection.sophos.com
Source: global trafficDNS traffic detected: DNS query: tracking.marketmindsb2b.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: digitalzonemediaus.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 52.113.195.132:443 -> 192.168.2.17:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.231.128.66:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.231.128.66:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.231.128.66:443 -> 192.168.2.17:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.17:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.206.197.11:443 -> 192.168.2.17:49739 version: TLS 1.2
Source: classification engineClassification label: mal48.winEML@26/17@10/191
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241126T0849530925-6904.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Driving a supply chain planning evaluation.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FCDBD4DE-D1E6-48D1-A4F9-160FAD683B47" "FE2B78F1-0CDD-4B67-9BAE-40713CBEF856" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FCDBD4DE-D1E6-48D1-A4F9-160FAD683B47" "FE2B78F1-0CDD-4B67-9BAE-40713CBEF856" "6904" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=marketmindsb2b.com&u=aHR0cDovL3RyYWNraW5nLm1hcmtldG1pbmRzYjJiLmNvbS90cmFja2luZy9jbGljaz9kPWV6ZnlmRzJFNFZQOWZjTkNZUlVIeEV3WjBYcTNzcGVDejBqbWo5bklCdk90aGJrMmtoeWVfSGZhTjZKTGRHUWJHdkhwVHdYY01wbzdadlBPTVFwNXE1VFQ0WXJZUFJlNEtDb01vUFZ5WDc1UWQ5a2dkRGZYS0lydDB5U3JnbWxjSWRueFg0QWh5N0NQTjdtV0JTZFJncTFZTVR3UTVXNlFwQUthT1RwbVhxOFFmcnRiTXNBYmZHVFJ4NjlpZUpCTXQ4QUJsczNzaWNwa2UyLWpqdm12N25kQ1VUR25xN3hlTlI0M2RubTFYVE9MX0pSRTVDQzJqN0FCbHRDZ0Z6QzRNZ25xRU9nQ2NnWVRJZ1kzZVFOZWlkSTE=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=d0plV0V6bVYrV1M5UVZ0bU94UXZ1N2NncVZJNVBSL01nd1h5VU5weDY1UT0=&h=80c9b6367fdb497fb8fa034ca1a5d2d5&s=AVNPUEhUT0NFTkNSWVBUSVb7ZaWQLzwVYTZMSsiVaSqfjTOnNIn3_yRToTM0b4suxQ
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1996,i,10723237278413055132,2949394704765093116,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=marketmindsb2b.com&u=aHR0cDovL3RyYWNraW5nLm1hcmtldG1pbmRzYjJiLmNvbS90cmFja2luZy9jbGljaz9kPWV6ZnlmRzJFNFZQOWZjTkNZUlVIeEV3WjBYcTNzcGVDejBqbWo5bklCdk90aGJrMmtoeWVfSGZhTjZKTGRHUWJHdkhwVHdYY01wbzdadlBPTVFwNXE1VFQ0WXJZUFJlNEtDb01vUFZ5WDc1UWQ5a2dkRGZYS0lydDB5U3JnbWxjSWRueFg0QWh5N0NQTjdtV0JTZFJncTFZTVR3UTVXNlFwQUthT1RwbVhxOFFmcnRiTXNBYmZHVFJ4NjlpZUpCTXQ4QUJsczNzaWNwa2UyLWpqdm12N25kQ1VUR25xN3hlTlI0M2RubTFYVE9MX0pSRTVDQzJqN0FCbHRDZ0Z6QzRNZ25xRU9nQ2NnWVRJZ1kzZVFOZWlkSTE=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=d0plV0V6bVYrV1M5UVZ0bU94UXZ1N2NncVZJNVBSL01nd1h5VU5weDY1UT0=&h=80c9b6367fdb497fb8fa034ca1a5d2d5&s=AVNPUEhUT0NFTkNSWVBUSVb7ZaWQLzwVYTZMSsiVaSqfjTOnNIn3_yRToTM0b4suxQ
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1996,i,10723237278413055132,2949394704765093116,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://tracking.marketmindsb2b.com/tracking/click?d=ezfyfG2E4VP9fcNCYRUHxEwZ0Xq3speCz0jmj9nIBvOthbk2khye_HfaN6JLdGQbGvHpTwXcMpo7ZvPOMQp5q5TT4YrYPRe4KCoMoPVyX75Qd9kgdDfXKIrt0ySrgmlcIdnxX4Ahy7CPN7mWBSdRgq1YMTwQ5W6QpAKaOTpmXq8QfrtbMsAbfGTRx69ieJBMt8ABls3sicpke2-jjvmv7ndCUTGnq7xeNR43dnm1XTOL_JRE5CC2j7ABltCgFzC4MgnqEOgCcgYTIgY3eQNeidI10%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    api.elasticemail.com
    		94.23.161.19
    		truefalse
      		unknown
      d35tlz0p71apkp.cloudfront.net
      		108.158.75.6
      		truefalse
        		unknown
        digitalzonemediaus.com
        		139.59.55.248
        		truefalse
          		unknown
          s-0005.s-dc-msedge.net
          		52.113.195.132
          		truefalse
            		high
            www.google.com
            		142.250.181.68
            		truefalse
              		high
              eu-west-1.protection.sophos.com
              		unknown
              		unknownfalse
                		high
                tracking.marketmindsb2b.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://tracking.marketmindsb2b.com/tracking/click?d=ezfyfG2E4VP9fcNCYRUHxEwZ0Xq3speCz0jmj9nIBvOthbk2khye_HfaN6JLdGQbGvHpTwXcMpo7ZvPOMQp5q5TT4YrYPRe4KCoMoPVyX75Qd9kgdDfXKIrt0ySrgmlcIdnxX4Ahy7CPN7mWBSdRgq1YMTwQ5W6QpAKaOTpmXq8QfrtbMsAbfGTRx69ieJBMt8ABls3sicpke2-jjvmv7ndCUTGnq7xeNR43dnm1XTOL_JRE5CC2j7ABltCgFzC4MgnqEOgCcgYTIgY3eQNeidI1false
                  • Avira URL Cloud: safe
                  		unknown
                  https://digitalzonemediaus.com/002/kinaxis-212/content/case-study-automotive-driving-supply-chain-revolution-kinaxis.pdffalse
                    		unknown
                    file:///C:/Users/user/Downloads/downloaded.pdffalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      108.158.75.6
                      		d35tlz0p71apkp.cloudfront.netUnited States
                      		16509AMAZON-02USfalse
                      172.217.19.206
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      20.189.173.6
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      172.217.17.46
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      172.217.17.35
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      216.58.208.227
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      139.59.55.248
                      		digitalzonemediaus.comSingapore
                      		14061DIGITALOCEAN-ASNUSfalse
                      74.125.205.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      52.113.195.132
                      		s-0005.s-dc-msedge.netUnited States
                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      52.109.28.47
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      52.109.32.97
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      142.250.181.68
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      199.232.210.172
                      		bg.microsoft.map.fastly.netUnited States
                      		54113FASTLYUSfalse
                      94.23.161.19
                      		api.elasticemail.comFrance
                      		16276OVHFRfalse
                      23.32.238.40
                      		unknownUnited States
                      		2828XO-AS15USfalse

                      Private

                      IP
                      192.168.2.17
                      192.168.2.5

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1563134
                      Start date and time:2024-11-26 14:49:18 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:25
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Sample name:Driving a supply chain planning evaluation.eml
                      Detection:MAL
                      Classification:mal48.winEML@26/17@10/191
                      Cookbook Comments:
                      • Found application associated with file extension: .eml

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe
                      • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.109.28.47, 23.32.238.40, 23.32.238.33, 199.232.210.172, 20.189.173.6, 216.58.208.227, 172.217.17.46, 74.125.205.84, 34.104.35.123, 23.52.182.8
                      • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, clientservices.googleapis.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, edgedl.me.gvt1.com, config.officeapps.live.com, ecs.office.
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • VT rate limit hit for: Driving a supply chain planning evaluation.eml

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:modified
                      Size (bytes):338
                      Entropy (8bit):3.4657220944431426
                      Encrypted:false
                      SSDEEP:
                      MD5:4DCC3C5454008D1C15AC099DC1B303D1
                      SHA1:96E991CDE9BAA36BDDD4171D36E7DD1237056DE9
                      SHA-256:128EC4EE440335549205CC96E32AABF027946FC5B1FBEF63887FBF72341BCCFC
                      SHA-512:641C8D43C339CE0BBD413A07AFC70F0BC0BDB4717EE7C815C5CCD85D74B8F065A9E5574F5644A01FDF8D6ECBE1481FBD2521E2A5D0B518584C76AB24E74E1941
                      Malicious:false
                      Reputation:unknown
                      Preview:p...... .........=...@..(...............................................B:.VZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):231348
                      Entropy (8bit):4.393357529967856
                      Encrypted:false
                      SSDEEP:
                      MD5:F8827D505973AD7189A8B14EDDE5EF16
                      SHA1:A974FE9685A07EDABAD955B243979B10A09DB873
                      SHA-256:78C07C1B1525F264DDE826FEA8162A8987926306694B6C4789C5950E9A52307F
                      SHA-512:7F061E084576C57A4563AAE02E14A80487785A0EA8055046C88913E76263656DF085D5B91C8A47CAEBA98C6D95122D8E5B5D9ABA69BD9A08C77747FA5265B61E
                      Malicious:false
                      Reputation:unknown
                      Preview:TH02...... .`....@......SM01X...,....m...@..........IPM.Activity...........h...............h............H..h\.........U...h............H..h\tor ...AppD...h ...0..........h...<...........h........_`.k...h..<@...I.+w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. h.qc..........#h....8.........$h........8....."h............'h..............1h...<<.........0h....4.....k../h....h......kH..h.j..p...\.....-h .............+h...<....P................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:dropped
                      Size (bytes):322260
                      Entropy (8bit):4.000299760592446
                      Encrypted:false
                      SSDEEP:
                      MD5:CC90D669144261B198DEAD45AA266572
                      SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                      SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                      SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                      Malicious:false
                      Reputation:unknown
                      Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):10
                      Entropy (8bit):2.721928094887362
                      Encrypted:false
                      SSDEEP:
                      MD5:935D66FBE51633C326743FD6E64BC53E
                      SHA1:7108B915A17E735788D81C5D761904B170972B58
                      SHA-256:52AA66FA0F06C553B4659CB17FB15123CA56F70DE00E49D84A00802B6B7AD23D
                      SHA-512:1274566C8E7378B816498D8B924DBAF2C978797929CADA393F933F030CA878D01B60F98C8D1978CC4F22DF29987F7108E9326AF39A96DB0E11DA5722CDA05A59
                      Malicious:false
                      Reputation:unknown
                      Preview:1732629001

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A38A8BA3-5DC2-4FC6-A310-31B340A409F2

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):181859
                      Entropy (8bit):5.295322410113357
                      Encrypted:false
                      SSDEEP:
                      MD5:E9EE4970CD55C0E952A3415A54955B92
                      SHA1:B8FC413DCF8245F3C6CA954DA2E53A90622551F2
                      SHA-256:CC91B2A233EBAE69BBAA8E160309F8EA6E9464B107BED7276CAFAF5CDA44AA5B
                      SHA-512:3DAD2B12B5836985CDB65F19775B6E51BF2DF837EC5ECEEBC7D0EA3A815643E76B951DD4F44FA0A79AAA43AED89169AF9248B545C2DC0A4EC28BBED03E5DCC0D
                      Malicious:false
                      Reputation:unknown
                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-26T13:49:57">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):4616
                      Entropy (8bit):0.13760166725504608
                      Encrypted:false
                      SSDEEP:
                      MD5:AEA9E5905387F9392AF81FF7069FF441
                      SHA1:81CDB7235FA4818F8851408C79B7E1DE6301E609
                      SHA-256:A77CDEA976D6F48D43C45DE91342D22D84C0E453ACA256385B140C053196D484
                      SHA-512:B1CFBD76DA187F660EDC3D3EF35BE2BE8D98054E807A38457705D5C6131CF8C15F4EA281680DD287D1CD8AF5597A312E9875DD0D235604B443ECF173B2640B98
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c......x<.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):2278
                      Entropy (8bit):3.8440788646619155
                      Encrypted:false
                      SSDEEP:
                      MD5:492B7DDCBE873DEB51E225E78EFF2886
                      SHA1:844DD6A288F8DA6A45DF86CE111D9DE73BB500D9
                      SHA-256:82CE7679455AF22794B10ECF4CC3B048360463F75D332BEDA2A596F81C2B0AF2
                      SHA-512:BE1E0C0F4DC5A894E62F170229D67CD4C3B61ACE83DEA36B2485B4B5F6E7CFE0EE9BEB1E707956302C3D511BA46E722E423DE45883E82CE2ACB84DA1AF834B4F
                      Malicious:false
                      Reputation:unknown
                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.J.y.8.d.x.J.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.0.h.i.+.S.

                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):2684
                      Entropy (8bit):3.896225846455217
                      Encrypted:false
                      SSDEEP:
                      MD5:D044A5F2FA659244E9F297B0316F9430
                      SHA1:2A5B3120FEA06B3C80AEDD4DE09D43BF994A1C57
                      SHA-256:E6C746854BAF51240727EF593ED44A614DF2E77A24815111CABE4FDEAE196686
                      SHA-512:B41999D22D83434E449AFC104FF97C4F79BFD9C9911CDCFC7585206CCB7219406A54DF2DDA62BE25306E3545D5A0DF9A67A8932FD0306E6404A0E47553865CD2
                      Malicious:false
                      Reputation:unknown
                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".E.r.X./.j.t.t.e.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.0.h.i.+.S.

                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):4542
                      Entropy (8bit):4.000259631140989
                      Encrypted:false
                      SSDEEP:
                      MD5:21007AFFFC42BA059E254F3924EB1419
                      SHA1:E7E6D84010DB26E31772C2C0EAEAC8FF225D4C38
                      SHA-256:05AA611EAE896EC168EBD133C071F91400B70A0CE3C719000A50FBE97564985A
                      SHA-512:372FEBABC3F3B409054D92885B207C9ADD68104998351094F0854FE1B1821760B9093CD32552C563906838107A45C63706DBFE4339E86AE54643B6E557E2A16E
                      Malicious:false
                      Reputation:unknown
                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".D.3.V.Z.X.Q.p.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.0.h.i.+.S.

                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):30
                      Entropy (8bit):1.2389205950315936
                      Encrypted:false
                      SSDEEP:
                      MD5:1C23018D663F47B50A4CE694BD59EBC1
                      SHA1:87959B3C846AFD8110B9D229D3786A8D10B16986
                      SHA-256:DFF7004C1715C7B708A30BA0BBE02998756D7345B9F5A97E0D8563360DF1AA88
                      SHA-512:241AD833A0E309F64750B431B297292841BB639E5198EA6EEC5EE50E4A155AF7D59B488358B6433E56070D28C1ADB200BE4B7E0791F78D97A88CDCFA33A7808C
                      Malicious:false
                      Reputation:unknown
                      Preview:..............................

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 12:50:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.9886913783342273
                      Encrypted:false
                      SSDEEP:
                      MD5:3726C13701B41933B91BD1A79A2AE7A3
                      SHA1:945C019928E82422E017F35D76399B83A6205C7D
                      SHA-256:56AA333746C2D3AA385D1A4552210678C9FDEEF3C93E68D473F489A6A9B6B875
                      SHA-512:BEB9CEC5A480E3D2D19D30FF18CCA218CE05E3845492FB43C61D64A97513A0485C8A048F1E3212C31A74189B9D1ADB8890456033DA85C1925390A3445429842C
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.........@......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IzY1n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYBn....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VzYBn....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VzYBn...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzYDn...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U^......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 12:50:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):4.005504274807649
                      Encrypted:false
                      SSDEEP:
                      MD5:9C7E95E7F3BB84ECC60DB6834F1BF69B
                      SHA1:4A8E69B7A93949ECA8470FD6E7E582BF08A8B1C9
                      SHA-256:36C4EB595045C6AD207815890BEFF880F69DF61FC7EFFCBAD1ABC8B4AAA86FB9
                      SHA-512:314D531E309A839435D777175DD963CA3F7AA11076F592DCAEFF2C253BBA8BC3406DDA87980D8BCDFDAC107011A7C73026555C8AFFAD6FC33A6F91826E6F8717
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....Ez...@......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IzY1n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYBn....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VzYBn....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VzYBn...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzYDn...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U^......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2693
                      Entropy (8bit):4.016888368112227
                      Encrypted:false
                      SSDEEP:
                      MD5:184A62AFA02B64D05E40DAE456B3774F
                      SHA1:45DB5ABCC84F58E7A7974FF7C7D6D43F7B81CFBD
                      SHA-256:1EE88D5F67F8EB877AA947762EDEFEC08384D426298B4A097E46769151985E4E
                      SHA-512:6EA9E68CE751146369A48ADB9B4487812BC038E41CD43922393D5167951EBBCFD232F17F4D31D408E43AE7EFB3B325CB57B9264F98069B4B69EDF2AEA73BA726
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IzY1n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYBn....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VzYBn....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VzYBn...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U^......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 12:50:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):4.005872770033822
                      Encrypted:false
                      SSDEEP:
                      MD5:68054BD7277B1B48794C9FA8EA503BB9
                      SHA1:019CBA5DE5830A17B802F91F84B18860D42280AA
                      SHA-256:0154AA8C72044EF96B9E44F9C7F711342ADB02F28593AE3FEF1AD0579BF2D5F0
                      SHA-512:30FC050D6DE31DF215D455BD9A742F6ECD91CAEF6C0A31D7C0DAD9F4BCB810E9D8E6D69C71F184C1CA17A878E6E9A725CB9E4C2A7D57DF6C707EED6834673981
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.........@......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IzY1n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYBn....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VzYBn....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VzYBn...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzYDn...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U^......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 12:50:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2681
                      Entropy (8bit):3.9937265388818526
                      Encrypted:false
                      SSDEEP:
                      MD5:67A2707390A0B88E6A9CCEF84624F0F8
                      SHA1:CA747744DAA623A563E38C378FB75AD865DBFBD7
                      SHA-256:FBC9E3ABDA4A64B071A5832C0DE61C3FF25231F4521F408813945F7C29576BA4
                      SHA-512:42EAC635E30C0263ECED6D9B5CB9C70CD6001F3592B7B9506A3CC947E9AAFB751F247BE562890ED81059FEC06AC96AE613ED9F28E96BB97A8408F2F3561BB01B
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.........@......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IzY1n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYBn....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VzYBn....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VzYBn...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzYDn...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U^......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 12:50:06 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2683
                      Entropy (8bit):4.002002079309743
                      Encrypted:false
                      SSDEEP:
                      MD5:8A4BCEDF497F38FA5B511D5EEEBCBFAA
                      SHA1:5F43EABBC0B160F12A9BF46326418A9AC297A33E
                      SHA-256:817A299770731674B26F7141064A5AD5F0F9512163B805F7E2740C51F0681B7C
                      SHA-512:917FCA3D96DC7D5EBFE67D514824E1C122F8F75E9B34E0F4872D5159C78C3427A20AE389841A6A341CA8529C3AEF123EB10D94B531FC0A1B0DBF4E52274E2856
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,...../...@......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IzY1n....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYBn....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VzYBn....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VzYBn...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VzYDn...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............U^......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\Downloads\downloaded.pdf (copy)

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PDF document, version 1.4
                      Category:dropped
                      Size (bytes):0
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:CB54475180FBA4914C6CAF1818A288D1
                      SHA1:AAF6237BE8C58F673A7BABAFC086BC1B7AE0C375
                      SHA-256:9E5FC07E0961349E3AABB5FCC0710F624F8D5526981AA4A88D07044DECEE2D81
                      SHA-512:61EFFC03D0FE8D0F6193E9E22F63BB42BB08AD1505A45964528D71B13D45AC68A675B9D4E862F882C3760B2DAF132F4BBC508A785AF40ECFAA3A5C02170BCEB9
                      Malicious:false
                      Reputation:unknown
                      Preview:%PDF-1.4.%......111 0 obj.<</Linearized 1/L 1810770/O 113/E 1738861/N 3/T 1808429/H [ 955 299]>>.endobj. ..xref..111 32..0000000016 00000 n..0000001425 00000 n..0000001584 00000 n..0000003180 00000 n..0000003766 00000 n..0000004187 00000 n..0000004301 00000 n..0000004396 00000 n..0000004888 00000 n..0000005478 00000 n..0000005567 00000 n..0000005918 00000 n..0000006377 00000 n..0000007120 00000 n..0000008039 00000 n..0000008824 00000 n..0000009539 00000 n..0000010196 00000 n..0000010918 00000 n..0000011601 00000 n..0000012382 00000 n..0000017231 00000 n..0000020346 00000 n..0000020472 00000 n..0000034995 00000 n..0000035034 00000 n..0000035112 00000 n..0000035368 00000 n..0000037994 00000 n..0001738799 00000 n..0000001254 00000 n..0000000955 00000 n..trailer..<</Size 143/Root 112 0 R/Info 39 0 R/ID[<3055898106D446DB977F29EB892505BC><FB4E995AE97D164493CDFE3F3A79A9AB>]/Prev 1808417/XRefStm 1254>>..startxref..0..%%EOF.. ..142 0 obj.<</C 225/Filter/FlateDecode/I 247/L

                      C:\Users\user\Downloads\downloaded.pdf.crdownload

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PDF document, version 1.4
                      Category:dropped
                      Size (bytes):1810770
                      Entropy (8bit):7.955360031866422
                      Encrypted:false
                      SSDEEP:
                      MD5:CB54475180FBA4914C6CAF1818A288D1
                      SHA1:AAF6237BE8C58F673A7BABAFC086BC1B7AE0C375
                      SHA-256:9E5FC07E0961349E3AABB5FCC0710F624F8D5526981AA4A88D07044DECEE2D81
                      SHA-512:61EFFC03D0FE8D0F6193E9E22F63BB42BB08AD1505A45964528D71B13D45AC68A675B9D4E862F882C3760B2DAF132F4BBC508A785AF40ECFAA3A5C02170BCEB9
                      Malicious:false
                      Reputation:unknown
                      Preview:%PDF-1.4.%......111 0 obj.<</Linearized 1/L 1810770/O 113/E 1738861/N 3/T 1808429/H [ 955 299]>>.endobj. ..xref..111 32..0000000016 00000 n..0000001425 00000 n..0000001584 00000 n..0000003180 00000 n..0000003766 00000 n..0000004187 00000 n..0000004301 00000 n..0000004396 00000 n..0000004888 00000 n..0000005478 00000 n..0000005567 00000 n..0000005918 00000 n..0000006377 00000 n..0000007120 00000 n..0000008039 00000 n..0000008824 00000 n..0000009539 00000 n..0000010196 00000 n..0000010918 00000 n..0000011601 00000 n..0000012382 00000 n..0000017231 00000 n..0000020346 00000 n..0000020472 00000 n..0000034995 00000 n..0000035034 00000 n..0000035112 00000 n..0000035368 00000 n..0000037994 00000 n..0001738799 00000 n..0000001254 00000 n..0000000955 00000 n..trailer..<</Size 143/Root 112 0 R/Info 39 0 R/ID[<3055898106D446DB977F29EB892505BC><FB4E995AE97D164493CDFE3F3A79A9AB>]/Prev 1808417/XRefStm 1254>>..startxref..0..%%EOF.. ..142 0 obj.<</C 225/Filter/FlateDecode/I 247/L

                      Static File Info

                      General

                      File type:RFC 822 mail, ASCII text, with CRLF line terminators
                      Entropy (8bit):5.994796936452229
                      TrID:
                      • E-Mail message (Var. 5) (54515/1) 100.00%
                      File name:Driving a supply chain planning evaluation.eml
                      File size:42'660 bytes
                      MD5:eaa9d54ffd5bd5f5b9b3b95151c9fbc3
                      SHA1:6feca152453ae4bf4876f2f32caef1139432ffa2
                      SHA256:c0c64f4b3ad0847e8493dcc8c13e4249b0ba3f8c7c87aaf1535028a12f76c67d
                      SHA512:61449e432f1ed68002d8b6be06399f0a48c353b8f5ea1f3497ebe7da3dcbb6036a7f401bd83c561477e9b9216a798db4ef9d38d44e2099de57b2c9b87606a717
                      SSDEEP:768:Ni4vtFc3B9jxxjLNDm6MmqNmuh+mVM4Bdwpn+96kan+NmQcnrxl9XmCy6m/kRmzG:NJU3HLRmnmGmu0mLwpn+9sn+NmXnrxlr
                      TLSH:B5135C9146805011E53604982A043E5DEAA0BE5F9BFB8DE0389F613B9F9F47B0F17B9D
                      File Content Preview:Received: from DB9PR03MB8235.eurprd03.prod.outlook.com (2603:10a6:10:306::13).. by DB8PR03MB6139.eurprd03.prod.outlook.com with HTTPS; Tue, 26 Nov 2024.. 10:25:13 +0000..Received: from DU2PR04CA0194.eurprd04.prod.outlook.com (2603:10a6:10:28d::19).. by DB

                      Static Mail

                      General

                      Subject:Driving a supply chain planning evaluation
                      From:Kevin Jones <kevin.jones@marketmindsb2b.com>
                      To:mark.micallef@cardfactory.co.uk
                      Cc:
                      BCC:
                      Date:Tue, 26 Nov 2024 10:24:53 +0000
                      Communications:
                      • CAUTION: This email originated from outside of the organisation. If in doubt please use the report message button to Security. Driving a supply chain planning evaluation One of the worlds largest automotive manufacturers was saddled with siloed divisions scattered across the world. For many years, it also lacked a universal supply chain management system. Kinaxis RapidResponse helped this company unify its supply chain and boost its competitiveness in an increasingly pressured, just-in-time global economy. <https://eu-west-1.protection.sophos.com?d=marketmindsb2b.com&u=aHR0cDovL3RyYWNraW5nLm1hcmtldG1pbmRzYjJiLmNvbS90cmFja2luZy9jbGljaz9kPWV6ZnlmRzJFNFZQOWZjTkNZUlVIeEV3WjBYcTNzcGVDejBqbWo5bklCdk90aGJrMmtoeWVfSGZhTjZKTGRHUWJHdkhwVHdYY01wbzdadlBPTVFwNXE1VFQ0WXJZUFJlNEtDb01vUFZ5WDc1UWQ5a2dkRGZYS0lydDB5U3JnbWxjSWRueFg0QWh5N0NQTjdtV0JTZFJncTFZTVR3UTVXNlFwQUthT1RwbVhxOFFmcnRiTXNBYmZHVFJ4NjlpZUpCTXQ4QUJsczNzaWNwa2UyLWpqdm12N25kQ1VUR25xN3hlTlI0M2RubTFYVE9MX0pSRTVDQzJqN0FCbHRDZ0Z6QzRNZ25xRU9nQ2NnWVRJZ1kzZVFOZWlkSTE=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=d0plV0V6bVYrV1M5UVZ0bU94UXZ1N2NncVZJNVBSL01nd1h5VU5weDY1UT0=&h=80c9b6367fdb497fb8fa034ca1a5d2d5&s=AVNPUEhUT0NFTkNSWVBUSVb7ZaWQLzwVYTZMSsiVaSqfjTOnNIn3_yRToTM0b4suxQ> Download Now 153 W 27th Street, 7th Floor Suite 700, New York, New York, 10001 <https://eu-west-1.protection.sophos.com?d=marketmindsb2b.com&u=aHR0cDovL3RyYWNraW5nLm1hcmtldG1pbmRzYjJiLmNvbS90cmFja2luZy9jbGljaz9kPWNQTVFoNGwzbzBnNXZPa3lZejdaS3lpYWx2Q1NVTXdMRFh5OGp0OUFZWUVlQmRzWXJWa2tVWEd0RDBkdkRPcV9zeG5WNjdybkxFb2d4cGtLWWk0U3hXZUlWY2pNUE1HZ09KaTVZaXEzU1RsN1IzMXdVS0l0SHB1R3FVYkxrNVRPTHZyeGxNTDJoRHRBb3BmQTdZalpfSDJLdlBuT2hHOWo5OHZ2Q2htd2J3NU5aSE9INjlwT0JqTFdaXzhFRUd1OE00MWRUaERzWWRKNC1RbUt3TlNHX29tcC14TkYwaHJJT05LUzUzQ1NDb0NLWENvUTFsZ2l4d0Y3aFpYOXlNbkdtcF9rNlV2em9YMVR1ckdoNkJ4QXRMbFI3c21kd2hucFlTS2M4VmhuTFprdTA=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=S2oxQ2thamNSaE1QMVhGaURvMklQa0ovOXM3WEFrVHljZWRkb2FYanVQMD0=&h=80c9b6367fdb497fb8fa034ca1a5d2d5&s=AVNPUEhUT0NFTkNSWVBUSVb7ZaWQLzwVYTZMSsiVaSqfjTOnNIn3_yRToTM0b4suxQ> Unsubscribe <https://eu-west-1.protection.sophos.com?d=marketmindsb2b.com&u=aHR0cDovL3RyYWNraW5nLm1hcmtldG1pbmRzYjJiLmNvbS90cmFja2luZy91bnN1YnNjcmliZT9kPXZqa0dfRTF0dE0wVS1JbXhldHRmT2hKbjNLbnZ4aEUtT0hhZEgxa2FJRDJubk9rQzN2bjVsVG9hTVVlUXp3alJxM012NGt2VkpKa3A4Rkx2aV9iYzBZLUl6eWZyYUo2QlpFQzlGVWdoTFlmaDA=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=ZDVPQnh6WTRER2hJL2dxclFQVmhMemRBZUhiYUdmZzVoZkQ4N1ZSM2RxND0=&h=80c9b6367fdb497fb8fa034ca1a5d2d5&s=AVNPUEhUT0NFTkNSWVBUSVb7ZaWQLzwVYTZMSsiVaSqfjTOnNIn3_yRToTM0b4suxQ> UNSUBSCRIBE <https://eu-west-1.protection.sophos.com?d=marketmindsb2b.com&u=aHR0cDovL3RyYWNraW5nLm1hcmtldG1pbmRzYjJiLmNvbS90cmFja2luZy9ib3RjbGljaz9tc2dpZD1MZlVlM2Z4alM5VHBLVXY2MndBNXRnMiZjPTE4NTg5MDcxMzM0MDAxOTA0NjM=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=d0JIWDZ4WVZ4cWJvVDdTaFVPVzJHdW01MHBISVozU2lGaVlMdDMrZ0VScz0=&h=80c9b6367fdb497fb8fa034ca1a5d2d5&s=AVNPUEhUT0NFTkNSWVBUSVb7ZaWQLzwVYTZMSsiVaSqfjTOnNIn3_yRToTM0b4suxQ>
                      Attachments:

                        Headers

                        Key Value
                        Receivedfrom u242.mxout.mta1.net (209.126.71.242) by AM4PEPF00027A61.mail.protection.outlook.com (10.167.16.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8207.12 via Frontend Transport; Tue, 26 Nov 2024 10:24:55 +0000
                        Authentication-Resultsspf=softfail (sender IP is 198.154.180.200) smtp.mailfrom=marketmindsb2b.com; dkim=fail (body hash did not verify) header.d=marketmindsb2b.com;dkim=fail (body hash did not verify) header.d=elasticemail.com;dmarc=none action=none header.from=marketmindsb2b.com;compauth=fail reason=001
                        Received-SPFPass (protection.outlook.com: domain of marketmindsb2b.com designates 209.126.71.242 as permitted sender) receiver=protection.outlook.com; client-ip=209.126.71.242; helo=u242.mxout.mta1.net; pr=E
                        X-Sophos-Product-TypeMailflow
                        X-Sophos-Email-ID80c9b6367fdb497fb8fa034ca1a5d2d5
                        Authentication-Results-Originalspf=pass (sender IP is 209.126.71.242) smtp.mailfrom=marketmindsb2b.com; dkim=pass (signature was verified) header.d=marketmindsb2b.com;dkim=pass (signature was verified) header.d=elasticemail.com;dmarc=none action=none header.from=marketmindsb2b.com;compauth=fail reason=001
                        DKIM-Signaturev=1; a=rsa-sha256; d=elasticemail.com; s=api; c=relaxed/simple; t=1732616693; h=from:date:subject:reply-to:to:list-unsubscribe:list-unsubscribe-post; bh=D14Ne5Qd6Wkh6fI3CpuY7U1tPIEjKFn1UhSNKkJ7vGw=; b=mnNLHM8Q8JMj90uzuaMUMvifoVyJx09cg0XZVsAux1dBViEVtgDLqDiNPMx6G+vjZtxvNjy25HW 1JMzjQsiNeIR22LUmBnPdiQ8qUWZzDHu+DL92MbhwYI+mE5D9u6n9dKZy4hIpglPFq2qWGuTzas+d xxxTC+6bKeMBpy1jwU4=
                        FromKevin Jones <kevin.jones@marketmindsb2b.com>
                        DateTue, 26 Nov 2024 10:24:53 +0000
                        SubjectDriving a supply chain planning evaluation
                        Message-Id<4uopx69dqg0b.LfUe3fxjS9TpKUv62wA5tg2@tracking.marketmindsb2b.com>
                        Reply-ToKevin Jones <kevin.jones@marketmindsb2b.com>
                        Senderkevin.jones@marketmindsb2b.com
                        Tomark.micallef@cardfactory.co.uk
                        List-Unsubscribe<mailto:unsubscribe+LfUe3fxjS9TpKUv62wA5tg2@bounces.elasticemail.net?subject=unsubscribe>, <http://tracking.marketmindsb2b.com/tracking/unsubscribe?msgid=LfUe3fxjS9TpKUv62wA5tg2&c=1858907133400190463>
                        List-Unsubscribe-PostList-Unsubscribe=One-Click
                        X-Msg-EIDLfUe3fxjS9TpKUv62wA5tg2
                        Content-Typemultipart/alternative; boundary="=-eZCfKGTg+3bKP82tM/0/QhzXhFZ19Ksxy3WKzQ=="
                        X-EOPAttributedMessage1
                        X-EOPTenantAttributedMessage7956b84e-0c99-46b5-81c6-28689cfa7221:1
                        X-MS-TrafficTypeDiagnostic AM4PEPF00027A61:EE_|VI1PR03MB6287:EE_|DB1PEPF000509F9:EE_|DB9PR03MB8235:EE_|DB8PR03MB6139:EE_
                        X-MS-Office365-Filtering-Correlation-Id3484b897-adc2-448e-3a06-08dd0e049ae9
                        X-Forefront-Antispam-Report-UntrustedCIP:209.126.71.242; CTRY:PL; LANG:en; SCL:5; SRV:; IPV:NLI; SFV:SPM; H:u242.mxout.mta1.net; PTR:u242.mxout.mta1.net; CAT:SPM; SFS:(13230040)(12012899012)(4022899009)(69100299015)(5073199012)(4076899003)(8096899003); DIR:INB;
                        X-Microsoft-Antispam-UntrustedBCL:0; ARA:13230040|12012899012|4022899009|69100299015|5073199012|4076899003|8096899003;
                        X-Microsoft-Antispam-Message-Info-Original jgZITPoFI/tHx1nSDQ4V5iMtZp2It0fxOm7yTWaKnxpift/rEoTK/eME0ZpKTy5ehlSS4ATaIC/MSGpJ5q7bsptIoDjzOTRhMCOP1FAoHkRp3YCXdRae9vjDUCvenbRikV0xFPIg+3T808jjxR0qLS52PSs3liUIn75oG2IFKpQ0gBoDnf/nr9x7xQm/LoQzC8wfdSAEai4SR5psoUaY41NOYHHRactqkpoFBusAt9eGbpKlSMQbHe++9RbVr74UEwKKyQQ6a0U0sHRPhtlz2vbAx6xJa38KIj+xpCd5KQbybO7auWraZOS3A6gqNsgZOrQJLmEV9omI2jR7lXPARbKH5AuF/cNX4wSRnchH6MAJjg4eFXWjSUC1jdjD0HA27AMiqPoNbylpD3VmVMSUG4TMolazL4nlLySPw6j1FtjCc8IUzNT60NuImGbvb3iY8pK2DMbO30e7y1pG+d9Ha0xt4Gam60WjzHa5Ef68jEhDHh2kfcyJOblea0EDJ6CqUcPfCvlyUQwOGJ6I/zFTHg2nF/R8x3ryEpAU4G0IAQB3ZF41tLR3bHl9x+f4furoQHLIlXpmMGTguSO1YuJppxKjqKjQmLQRmIhcJr9cKGrrzfPkE7dHE9hc6PJLMO3NSuwh45bwtbSn9u7dRkOnCBn+DAbbC8As4RyLtaXVbhGtDKzkirhA1nmPVPNynTJHtkA2eUZwIG0p3zhUYf7kBwfYlRNkaE0N+ouwl9QtzMfF5DT/hR5JhUOmJ4TPgCK0zEzOB3OtuPhyIZJqhK8JQB98o5svdKoBXqEAoKECTuKD/CErANppYOzxEqhHvNfjFKA5Gd3rLoRlhh5cpgxiRgU/4vTLgiyrLEroe5WXKWJjKSa2wMJBWiRQo1q5pKZF5/9SvDXLfpuswo4GwnXRiLVS7Ex9Llwu2sgQxdJ2ca5I0jVzZCNWVTyoJV2+7NrngYLB05m9uGtnm0sWpdiVNUeEFaSXaAju8fA5Q3zLBCUsHaU9BmKD8Y0fJWcL6aRZqFa+Z0FqL+0UngMA9DvlIQS3/TLAdHGTJTHV5roKo1sKxOc40ocL8TrLpG6PMkLdVuZI2z9xPnY4byCrBBMvbiN8ES+EI183WA9rdYmVQz9AdRFzQyk0KZgz1LL9s4rLeAvqI3iD23QbpW9GEmIhUkHRaXVDXaoIBIM0pMS27c35vmsNO2U8shz8WrrJhS9jmGQVK5T5AUDfbSzjOEV2Ni9hF0Ed+Od/VwtzGfq174k6j6pROKqL9spWFaxPMfWtu8WlW8F2a4JdXYfP9YDYNAS3D24lJgTGEL05Rf98oNDrG31NJrZ2Cpc0/+31ivEvvtEQD/PvPM/QhCbvLYMIxaMBfjeccwSPliiGTopei6Eddg6Egi0Qjb1c7UOxVAEdQ0f5BdWvT8uqtExASixa+qTrTOi1pJpLsD88apDD/7zypKEGk7MbwMZlViU1Ie6SWKrFxdxNIIHjA5FBmBtjOqXcmf/qcYawc4i/Ay36hasQ7yrLEFL456ow9Z8shkSXcB8PAG0stMO0/hnzb4Cb6Qnu4M4pbsNs8ohk5/qwdXbZHJHROeVYNOmSa4lMDoAnTQJDxAhfHTMZedSrNO+RhkiPHL+kVf+u5/sKSYrfElwoZOvN49zrrAxQjH9D0x/LeX0nBDKtve/nmwAyubWkS78YYf/XyLoWy4Vwyjnmd2BPIjo4F8ZweGciAzMR4pMUa0avu/uJ5Mcwam1Bvni+bw/sQvyAOxskxgw10FJeYWfDsQTbCGYLnmdhiXRtRuLgPcZt5imqOiv502ZWgmYHk5BS3GxcdG2E8asqXTnI/t9pkNaDnhcFeJN4xCVZ6m4lUxCUwP/JZfk52QEpcbnpAB49hoyCg/mFi8EJ6WruXBGuFkUoDspwG2tOWZ+Mwjerro0+fIPkAYIt73w5v09TYfeTUo7SdQ7R+sc9t61In4M9lbBRHga/9n+9utdonvn5Pirdo6UbGiMUjlrMYWj47T5jf+ccS+8uNSdC8AT/r7lsW3AVPPaozPzbsR9uw3tLPNvCNmYm39i1vRKSdbic63msE1Z98lqvnt08uBrGdrtKPUMvR3qYwnmgw2Jm9uYLTwgy6FyuX70fElz/jL6VKXLZjT8xZiS7gHZvhSyDX3PBAfpFUXe31jWVm6scfiPavhqA+OczTZcfpMajI/cwqvCwykCQlDue6ZhLjdDradx3jMw/JuXs6KQLCzxNQTWWdVV19V1BWkfeH9LAxBGw3JsIMQPyZyLpbnHZ62CCgsVXse28qb+Am0pKNmP4gxVg7mq6okx81BAPOi30EDXp8jOax0TNdWaOXaSca3JTkS0pV+rfstacQURTdABAa3pyHX0uGhxPcRR4FPYA4p42rgsap8yFTZnse0JSG9t7oKNi3uzkwz7RETYUVJjCPLSW34J5EPZKN/9pbQfnXOhH52BElfcw9pjuVEB3e954SfoPun+Albo+N3COBGBB63cR07YydUTwjgUugTSmbHoNLH3bGshCKdBYx9gPWPNGI+tHFHbGDST94OlQkcCvNXTp4uN1GjF7V/4a0btZuv8ZzavpI1dngqJLe4oM+UTHh6+gbOrjmj1rvjdpHRlyXgdUm9ekh1MG1msGc3GFUdvALQjWzQKiwZtmLElSnB/6Dvz54N2gDtNoYYv+OGlV6Wz8oVxJzo4pfDAz3VbsOKfD0l0jFnjMsork4T9zMUECnNSfTzVbiK5ew0VNAKuAfTbj8ZCF7/K6/nyNxsImavfnxJtnATuAc1apQot5mFqNI2cKnXOXAI8Kjh1O95c4sseeJA0QeSAl3CDnzrBOtwyNLPSGCi+FbTF7giEDXUv04AJ4hCwk4w/Qwso0Y483nuxDQHMC3L3iCanKjCPQA8aEQA==
                        X-MS-Exchange-Transport-CrossTenantHeadersStampedDB9PR03MB8235
                        Content-Transfer-Encoding8bit
                        X-Sophos-Email-Scan-Details27140d191540510e43465059144752097e74
                        X-Sophos-Email[eu-west-1] Antispam-Engine: 6.0.0, AntispamData: 2024.11.26.84546
                        X-Sophos-SenderHistoryip=209.126.71.242, fs=0, fso=64431276, da=226075313, mc=0, sc=0, hc=0, sp=0, re=31, sd=0, hd=2
                        X-Sophos-DomainHistoryd=marketmindsb2b.com, fs=6, fso=19314352, da=86818137, mc=1, sc=0, hc=1, sp=0, re=5, sd=0, hd=1
                        X-LASED-From-ReplyTo-DiffFrom:<cardfactory.co.uk>:15, From:<printcraft.co.uk>:15, Reply-To:<cardfactory.co.uk>:15, Reply-To:<printcraft.co.uk>:15
                        X-LASED-SpamProbability0.201813
                        X-LASED-HitsBODYTEXTH_SIZE_3000_MORE 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_10000_PLUS 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000, DQ_S_H 0.000000, FONT_STYLE_0PT 0.000000, HREF_LABEL_TEXT_NO_URI 0.000000, HREF_LABEL_TEXT_ONLY 0.000000, HTML_90_100 0.100000, HTML_FONT_INVISIBLE 0.100000, IMP_FROM_NOTSELF 0.000000, INBOUND_SOPHOS 0.000000, INBOUND_SOPHOS_TOP_REGIONS 0.000000, LINK_TO_IMAGE 0.000000, LIST_HEADER 0.000000, NO_FUR_HEADER 0.000000, OUTLOOK_VERDICT_SPAM 2.000000, REPLYTO_SAMEAS_FROM 0.000000, SINGLE_HREF_LABEL_PHISH_MED 0.000000, SINGLE_HREF_URI_IN_BODY 0.000000, STYLE_RATWARE_REF 0.000000, SUPERLONG_LINE 0.050000, TEXT_DIR_LTR_ONLY 0.000000, URI_WITH_PATH_ONLY 0.000000, __ANY_URI 0.000000, __ATTACH_CTE_BASE64 0.000000, __AUTH_RES_DKIM_PASS 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __CANPHARM_UNSUB_LINK 0.000000, __COURIER_PHRASE 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_ALT 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000, __DQ_D_H 0.000000, __DQ_IP_FSO_LARGE 0.000000, __DQ_IP_HIST 0.000000, __DQ_S_DOMAIN_100K 0.000000, __DQ_S_DOMAIN_10K 0.000000, __DQ_S_DOMAIN_1K 0.000000, __DQ_S_DOMAIN_HD_1_P 0.000000, __DQ_S_DOMAIN_HIST_1 0.000000, __DQ_S_DOMAIN_MC_1_P 0.000000, __DQ_S_DOMAIN_RE_49_L 0.000000, __DQ_S_DOMAIN_RE_99_L 0.000000, __DQ_S_DOMAIN_RE_9_L 0.000000, __DQ_S_DOMAIN_SP_0_P 0.000000, __DQ_S_HIST_1 0.000000, __DQ_S_HIST_2 0.000000, __DQ_S_IP_100K 0.000000, __DQ_S_IP_10K 0.000000, __DQ_S_IP_1K 0.000000, __DQ_S_IP_1MO 0.000000, __DQ_S_IP_2D 0.000000, __DQ_S_IP_RE_49_L 0.000000, __DQ_S_IP_RE_99_L 0.000000, __DQ_S_IP_SP_0_P 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_LIST_HEADER 0.000000, __HAS_LIST_UNSUBSCRIBE 0.000000, __HAS_LIST_UNSUBSCRIBE_POST 0.000000, __HAS_MSGID 0.000000, __HAS_REPLYTO 0.000000, __HAS_SENDER 0.000000, __HAS_X_FF_ASR 0.000000, __HAS_X_FF_ASR_CAT 0.000000, __HAS_X_FF_ASR_SFV 0.000000, __HIGHBITS 0.000000, __HIGHBIT_ASCII_MIX 0.000000, __HREF_LABEL_PHISH 0.000000, __HREF_LABEL_TEXT 0.000000, __HTML_AHREF_TAG 0.000000, __HTML_BAD_END 0.000000, __HTML_DIR_LTR 0.000000, __HTML_ENTITIES_X4 0.000000, __HTML_TAG_CENTER 0.000000, __HTML_TAG_DIV 0.000000, __HTML_TAG_IMG_X2 0.000000, __HTML_TAG_TABLE 0.000000, __HTTPS_URI 0.000000, __HTTP_IMAGE_TAG 0.000000, __IMG_THEN_TEXT 0.000000, __IMP_FROM_NOTSELF 0.000000, __INBOUND_SOPHOS_EU_WEST_1 0.000000, __JSON_HAS_MODELS 0.000000, __JSON_HAS_SCHEMA_VERSION 0.000000, __JSON_HAS_SENDER_AUTH 0.000000, __JSON_HAS_TENANT_DOMAINS 0.000000, __JSON_HAS_TENANT_ID 0.000000, __JSON_HAS_TENANT_SCHEMA_VERSION 0.000000, __JSON_HAS_TENANT_VIPS 0.000000, __JSON_HAS_TRACKING_ID 0.000000, __LEGIT_LIST_HEADER 0.000000, __MIME_HTML 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MTHREAT_0 0.000000, __MTL_0 0.000000, __MULTIPLE_URI_TEXT 0.000000, __RCVD_PASS 0.000000, __REPLYTO_SAMEAS_FROM 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __REPLYTO_SAMEAS_FROM_NAME 0.000000, __SANE_MSGID 0.000000, __SCAN_DETAILS 0.000000, __SCAN_DETAILS_SANE 0.000000, __SCAN_DETAILS_TH_SPAM 0.000000, __SCAN_DETAILS_TL_7 0.000000, __STOCK_PHRASE_7 0.000000, __STYLE_RATWARE 0.000000, __STYLE_RATWARE_NEG 0.000000, __STYLE_TAG 0.000000, __SUBJ_ALPHA_END 0.000000, __TAG_EXISTS_BODY 0.000000, __TAG_EXISTS_HEAD 0.000000, __TAG_EXISTS_HTML 0.000000, __TAG_EXISTS_META 0.000000, __TEXT_DIR_LTR 0.000000, __TO_MALFORMED_2 0.000000, __TO_NO_NAME 0.000000, __URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_IN_BODY_HTTP_X10 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __URI_WITH_PATH 0.000000, __X_FF_ASR_CAT_SPM 0.000000, __X_FF_ASR_SCL_SPM 0.000000, __X_FF_ASR_SFV_SPM 0.000000
                        X-LASED-ImpersonationFalse
                        X-LASED-SpamNonSpam
                        X-Sophos-MH-Mail-Info-KeyNFh5SmM1NDhHMHpuVFZyLTE3Mi4xOS4yLjIyNw==
                        Return-Pathkevin.jones@marketmindsb2b.com
                        X-MS-Exchange-Organization-ExpirationStartTime26 Nov 2024 10:25:09.8112 (UTC)
                        X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                        X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                        X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                        X-MS-Exchange-Organization-Network-Message-Id 3484b897-adc2-448e-3a06-08dd0e049ae9
                        X-MS-Exchange-Organization-MessageDirectionalityIncoming
                        X-MS-Exchange-Transport-CrossTenantHeadersStripped DB1PEPF000509F9.eurprd02.prod.outlook.com
                        X-MS-PublicTrafficTypeEmail
                        X-MS-Exchange-Organization-AuthSource DB1PEPF000509F9.eurprd02.prod.outlook.com
                        X-MS-Exchange-Organization-AuthAsAnonymous
                        X-MS-Office365-Filtering-Correlation-Id-Prvs 44b7f3de-73df-42c7-5f95-08dd0e0492a5
                        X-MS-Exchange-Organization-SCL-1
                        X-Microsoft-Antispam BCL:0;ARA:13230040|4022899009|69100299015|5073199012|35042699022|12012899012|4076899003|8096899003;
                        X-Forefront-Antispam-Report CIP:198.154.180.200;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKN;H:mfid-euw1.prod.hydra.sophos.com;PTR:mfid-euw1.prod.hydra.sophos.com;CAT:NONE;SFS:(13230040)(4022899009)(69100299015)(5073199012)(35042699022)(12012899012)(4076899003)(8096899003);DIR:INB;
                        X-MS-Exchange-CrossTenant-OriginalArrivalTime26 Nov 2024 10:25:09.7643 (UTC)
                        X-MS-Exchange-CrossTenant-Network-Message-Id3484b897-adc2-448e-3a06-08dd0e049ae9
                        X-MS-Exchange-CrossTenant-Id7956b84e-0c99-46b5-81c6-28689cfa7221
                        X-MS-Exchange-CrossTenant-AuthSource DB1PEPF000509F9.eurprd02.prod.outlook.com
                        X-MS-Exchange-CrossTenant-AuthAsAnonymous
                        X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                        X-MS-Exchange-Transport-EndToEndLatency00:00:03.9325902
                        X-MS-Exchange-Processed-By-BccFoldering15.20.8182.018
                        X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                        X-Microsoft-Antispam-Message-Info xo1VFJN+wC8utwUoYdofp0edU5IpXQGb6pjullFoaKUAvj2mGIp3TogyWw1V0B8W1EHnjNvgmrUmRlXsz7YTTruNaWO0Xg3AtcrKVDcyJDENPd2SEmkt5oQuOpALh3aB0W+IGr78KouYTvfbNthZJF5/b1QtUURhXVYmXMRaGD9YRsBX3rxXDnT2gwoM+LTfBLYRPs67Sa7H1Cy5ulXD4ksJAE6R7vPACLjdXJUNOmHmh68fIu2pZNviN1dOVt5cxYnKK5PcmeDvw1PbEAAtcFYDRet0kwOI8awV3X9Kxyg5pt3w0ywgLoZIHf5FLLb7plYlu7EYXuuyfouA2vcUlVMbMUKsMVmuNDBmqX0NFLYXmBe1yWlR5Dw/v+xaTtyC0q7hKcqZ+e6h5+2FF8b7PjxDPaq+k/3KdUcA8w3MaWOhsH6AodcJMxAOMbLIDEFdwsDavCCm4//+3s9tM39nDRvV2yRaDCEJEiwEaxwB0OhpPFukDZKZDSD1CYMJ6qImef0mwSa/a4FjUdnMFZL6a7FNKxd9x/37N+m4lznnv/aRy76QLsc/ZGjeb7+2QIl8TQWrmKawNfkV9aLRxSRkUyfVDDC/ofw1IXrkpeXcMzaZjwW54fG91tXKvHU0kg5nm2hN4duE67qfd6pYeixBHCIfNbueWO+cyqV2MOJTEv2Ipjss+yNz2hPUFNw26ig0IzftPR2lRqiw8utuIhtX8J7Ny8PQxm8mEIsmjRe1cAy2QWdrUoBesLdio4J4o3D5urE//VH3hYUXBBEOwginJnWpYOsN84iOJcs7awudsseK1XWZKy4fjswOa11P/GO+WVDN+thJu3RtRTBly9UaoKtH72CZC+W1PYsbbGmT490PYjkykRZjfWsg08kOwSJhvs+WV8hXvYu7fsyk+OY+XXU7wLEWzjFy41uU9mEcmkP68RlUEBafI3gqXGLapvt5DL+aalDkxkksNQe1xRv9KLPQi31OJUQlLboJQK508MBimnnjUB7Hxxb7Omls4/+408kPqChcjeNk6oKh2HxtSmbU1ZYIPdWCoqDw7fT4Y2KT8PaLUgI/Rjs2nsOWKC0AoLTAu9OlAdxGwIE9BonhkzlVY+ALOWRRfTLeU1V0uhH2mXr53p7uwQbe74Nsb+b1PV68ISK5b4adbSkHZhsgFMKDgk6BGrHAQ1TYMS4jjTGZwusNiWiiXiKgsFXDMB45cOk4kvyNawUDbEW7pO6tMmfQ360zhipgVaClJSZvE5gNY/eiWIiEGCeK6rZ+7nXL0UWM0J/cKfrut5CJ3fPVm/nBYQw4hvn9Zcip+C02+NKUHye4FAVnD87apAm7GvHNEfTy+Li4iMhb+l4yjTmO2k53xx65DzRYNa+HO4DSGPiyObMZTR7bAB1SOvqKQEI4U1YeX+QIIJzlLpsMUExrdbZMJX+uuSFFL5DWmrM9s9HcG6XssfGFsLgZ5N2BeWsy+xDjlZP07KaLPXquUc3ofPBbj8VlWODDtKvJqRaBqHQ/OLTCCmhVMO1I/8/NZFoL6dKVOdpGPLw3DN3HNtj88NyFr/jaJfwqGQ7q1L341Gofkun8VCPox/yq0UywSfzAXiUUxC1MqNcx07J78ydHFMwc1Rd2A6qp/4yU8/nFQqIWkNpj8p/RXI8Q6P7lU1DCA0Aw3Q0EAmCp8qrHt8AmynjU6Se7gXM7gXLXwImlBh3acim61CO7oXNRcK0uk0ucuZekcUyy3RpN0Hqy6MGyQiGbb8zqLquJ+ZijX6ZddF1dlpoiL8gmzrIfARbwG1IA7IOKQE+cMWTi+LBWcJVNICdVWJPJLa1dPUB6brgCKqzRk2J0/xn6xTlnawGw7ErBh3t6bBsvlb/z2Y2NEhat7Akj/D+lEt1ig6ixKfKNisB3lp0XFg+F5C9NeJGu2KyjduMtJDLyxsrbUs1JQ1PeNtpB8/hrq0uUY6pVZ5IpVo6bk2WIUfEI07TfkSsdRl1wsg3mhA/AuoceBd5mjaEP4Crr3PU83RoM/b6SS9ZNLeQyczHSScLwl/Gd3EHQvOuRVeQVzvE2oVcSHVzLC4AKUACQr9BhGSwsfCdNHG16neXqr399IaSgHOEoEbAuScuHXbT3vz3+BSiwEyhL/knscaScvzCxWvh0hJiAw6mNaQ4HPi/8VDI9KbHf40GY+JCRpcwXPwV7OWhot7QpY4In7eqHGSXn9ILrdouN/D6YjnORzwRZncL0xuqFgDe0Uz6REga1j4snw5KHEQT6yaCjs01VarZT0mOsrb9SmXVgyxnx19ct3eQLFQQIrwlszVvGz6UjKKG+HKlr+6uw+/JXHeipy9OailE2Q4NZzKuQdzndkBnhovnytQ0EWjTx3T2DlGXg87KEY+acDTxXQi+RHKi2L4oeUBPZQcM3Zdbx2Af7IxIs5BsLy6O22A1hKiboTWpAbpBpA30QJqd3BsIZWJTFlpkbQgGFULc0X8AnJsQjpTIOtoKytFXYVLpCt1v7kudqxmgPidRTQXvQpdo1kNF1i0q4hu5Due702NNOUiUBMQ7fo2iPSyDMUfAwI5A5oJsoHJoOhdZcaauPYwjqw8OuK4Ph7MxK+IA1GxqfGgX054w3B5FWnxnnP0ot96AnDqXiRbfLJWkKlEHeji8jdLxHVBahzzFnI58WT9SARDaq2nrCxQNWO9mSNbr8Q7JiZ25gTotXqhXZM6uRXzDNq56opUvS3JH914NkZiyiNiZrseW1wplXLgHcW4z+GuZi5Rdf38DwekPmX8VdMegNZg/ium9j1livEwJB5qxvF2hZDAUhtMjzsguNiQqwZmwQuzhF4dsaNRkP2RpVj08/CJoa3tvh81dCGTIRR9/0L+Ou9rSZAdjOioPWxrihYOiR9+CCiQenxUzEMo9md0YkhBoO3u88vrMY0qMFiaNO/Dos1nYy+RMtsy6ejuLpLri/GDAanJrSKuNF8DQ5bGEusDMCDlXeFaXAxOTjlX+gaPg=
                        MIME-Version1.0

                        File Icon

                        Icon Hash:46070c0a8e0c67d6