Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
[BULK] how aligning supply chain and digital transformation initiatives leads.eml

Overview

General Information

Sample name:[BULK] how aligning supply chain and digital transformation initiatives leads.eml
Analysis ID:1563148
MD5:d020b732b94f829d81969ac967de4894
SHA1:95441e23ea5a6ad46f7c4d7aac42571d130f420d
SHA256:8c4e1b503be20c059fd38b3c981a35d277aea90a52ee27ad5e86f2a112d35158
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6184 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\[BULK] how aligning supply chain and digital transformation initiatives leads.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6760 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "2058FDAE-A46B-41B2-8EAC-C746176A8CC1" "18351D5A-68E2-4625-9C2F-81EA9F739C49" "6184" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 3860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=benchurl.com&u=aHR0cHM6Ly9jbHQxNjY2MzA4LmJlbmNodXJsLmNvbS9jL2w_dT0xMUQzQzAzRSZlPTE5MEZCMDEmYz0xOTZEMDQmdD0wJmw9MTE4MUE2RjI3JmVtYWlsPXY1QzVNSXFzS0RRcHFLRHdEOGpaRUdnOHpqa01YdFlYWUxZWkZ6dDdONmslM0Qmc2VxPTE=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=T2JyRVF2d1IyZVVKME9hR3k3SE8zS3g0RHROWnRiRGxHY2twcU1oUFRPST0=&h=896a3615f4614642bb91c1745a40c843&s=AVNPUEhUT0NFTkNSWVBUSVanzsPvZrIhF9w0fiwC9I-6QettNLX0GHvdzaxOTUrH1IIJlJHj9JNyDqjTU5N_4rvHAsD0qKqPX0lk4emz3t_13soRRHdhNeRHfjSlFzPjiw MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 1228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1984,i,15013455823802519208,12748063394391518330,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6184, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Email contains prominent button: 'download now'
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email contains suspicious formatting and generic marketing content about visual communication without specific personalization. The sender domain 'fincorpb2b.com' appears unrelated to Canva, which the email claims to represent. The email contains suspicious reference numbers and encoded tracking URLs typical of mass phishing campaigns
Source: EmailClassification: PII Gathering
Source: https://digitalzonemediaus.com/002/kinaxis-170/content/forbes-digital-supply-chain-transformation-agility-resiliency-kinaxis.pdf?utm_source=BenchmarkEmail&utm_campaign=DZ2271124C_-_Kinaxis_Full_TAL_Q4%2724_-_November_2024_Digital_Transformation_For_The_Supply_Chain_A_Gu&utm_medium=emailHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: chrome.exeMemory has grown: Private usage: 1MB later: 27MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: eu-west-1.protection.sophos.com
Source: global trafficDNS traffic detected: DNS query: clt1666308.benchurl.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: digitalzonemediaus.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: classification engineClassification label: mal48.winEML@26/17@8/144
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241126T0905320382-6184.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\[BULK] how aligning supply chain and digital transformation initiatives leads.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "2058FDAE-A46B-41B2-8EAC-C746176A8CC1" "18351D5A-68E2-4625-9C2F-81EA9F739C49" "6184" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "2058FDAE-A46B-41B2-8EAC-C746176A8CC1" "18351D5A-68E2-4625-9C2F-81EA9F739C49" "6184" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=benchurl.com&u=aHR0cHM6Ly9jbHQxNjY2MzA4LmJlbmNodXJsLmNvbS9jL2w_dT0xMUQzQzAzRSZlPTE5MEZCMDEmYz0xOTZEMDQmdD0wJmw9MTE4MUE2RjI3JmVtYWlsPXY1QzVNSXFzS0RRcHFLRHdEOGpaRUdnOHpqa01YdFlYWUxZWkZ6dDdONmslM0Qmc2VxPTE=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=T2JyRVF2d1IyZVVKME9hR3k3SE8zS3g0RHROWnRiRGxHY2twcU1oUFRPST0=&h=896a3615f4614642bb91c1745a40c843&s=AVNPUEhUT0NFTkNSWVBUSVanzsPvZrIhF9w0fiwC9I-6QettNLX0GHvdzaxOTUrH1IIJlJHj9JNyDqjTU5N_4rvHAsD0qKqPX0lk4emz3t_13soRRHdhNeRHfjSlFzPjiw
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1984,i,15013455823802519208,12748063394391518330,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eu-west-1.protection.sophos.com/?d=benchurl.com&u=aHR0cHM6Ly9jbHQxNjY2MzA4LmJlbmNodXJsLmNvbS9jL2w_dT0xMUQzQzAzRSZlPTE5MEZCMDEmYz0xOTZEMDQmdD0wJmw9MTE4MUE2RjI3JmVtYWlsPXY1QzVNSXFzS0RRcHFLRHdEOGpaRUdnOHpqa01YdFlYWUxZWkZ6dDdONmslM0Qmc2VxPTE=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=T2JyRVF2d1IyZVVKME9hR3k3SE8zS3g0RHROWnRiRGxHY2twcU1oUFRPST0=&h=896a3615f4614642bb91c1745a40c843&s=AVNPUEhUT0NFTkNSWVBUSVanzsPvZrIhF9w0fiwC9I-6QettNLX0GHvdzaxOTUrH1IIJlJHj9JNyDqjTU5N_4rvHAsD0qKqPX0lk4emz3t_13soRRHdhNeRHfjSlFzPjiw
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1984,i,15013455823802519208,12748063394391518330,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d35tlz0p71apkp.cloudfront.net
108.158.75.6
truefalse
    		unknown
    digitalzonemediaus.com
    		139.59.55.248
    		truefalse
      		unknown
      www.google.com
      		142.250.181.68
      		truefalse
        		high
        default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        		84.201.208.66
        		truefalse
          		high
          prod-lb-track-204413666.us-west-2.elb.amazonaws.com
          		34.212.80.167
          		truefalse
            		unknown
            eu-west-1.protection.sophos.com
            		unknown
            		unknownfalse
              		high
              clt1666308.benchurl.com
              		unknown
              		unknownfalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                file:///C:/Users/user/Downloads/downloaded.pdffalse
                  		high
                  https://digitalzonemediaus.com/002/kinaxis-170/content/forbes-digital-supply-chain-transformation-agility-resiliency-kinaxis.pdf?utm_source=BenchmarkEmail&utm_campaign=DZ2271124C_-_Kinaxis_Full_TAL_Q4%2724_-_November_2024_Digital_Transformation_For_The_Supply_Chain_A_Gu&utm_medium=emailtrue
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    52.113.194.132
                    		unknownUnited States
                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    108.158.75.6
                    		d35tlz0p71apkp.cloudfront.netUnited States
                    		16509AMAZON-02USfalse
                    172.217.19.238
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    172.217.19.227
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    1.1.1.1
                    		unknownAustralia
                    		13335CLOUDFLARENETUSfalse
                    172.217.17.67
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    84.201.208.66
                    		default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comPoland
                    		34390NPLAYTELEKOM-AS-PONPLfalse
                    139.59.55.248
                    		digitalzonemediaus.comSingapore
                    		14061DIGITALOCEAN-ASNUSfalse
                    20.189.173.16
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    74.125.205.84
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    23.32.238.27
                    		unknownUnited States
                    		2828XO-AS15USfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    52.109.28.46
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    34.212.80.167
                    		prod-lb-track-204413666.us-west-2.elb.amazonaws.comUnited States
                    		16509AMAZON-02USfalse
                    142.250.181.68
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    52.109.76.243
                    		unknownUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                    Private

                    IP
                    192.168.2.16

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1563148
                    Start date and time:2024-11-26 15:05:04 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:19
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Sample name:[BULK] how aligning supply chain and digital transformation initiatives leads.eml
                    Detection:MAL
                    Classification:mal48.winEML@26/17@8/144
                    Cookbook Comments:
                    • Found application associated with file extension: .eml

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe
                    • Excluded IPs from analysis (whitelisted): 52.109.28.46
                    • Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • VT rate limit hit for: [BULK] how aligning supply chain and digital transformation initiatives leads.eml

                    Created / dropped Files

                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:modified
                    Size (bytes):338
                    Entropy (8bit):3.4797898089465846
                    Encrypted:false
                    SSDEEP:
                    MD5:453F60DB83EBF513BDF45146635F4D8F
                    SHA1:B0C8ACE65BA5C48139A2E0990F91E4BCD22D743C
                    SHA-256:8912D320F94520C8D2B8F522B368C6C0C09D65C567CBFE4F811ACC142138B7B4
                    SHA-512:220584BBE0C30A8C8D693A82CF16875906AE9033D7E2255497244F8099F4298C5A677A15EB1F1C4E3E9A72F2B90E1FA05B366A6253612F4D8100221635C7AAFF
                    Malicious:false
                    Reputation:unknown
                    Preview:p...... ........<..E.@..(..................................................^SZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):231348
                    Entropy (8bit):4.386242675061717
                    Encrypted:false
                    SSDEEP:
                    MD5:7A16DEFF93E1D9F82B82E4A1CE0585E2
                    SHA1:B30F11134327EABEC473E554DD7F0B6CBC36CE7E
                    SHA-256:F463CEF7A786CC511BC7E2D1D787058FAE1308B42EAE5F4AD932FB92ADA053FA
                    SHA-512:F57B0F67B838937797416AFDAF55CC8EE1EC70F1C0BA46B7CF51ED5AC61FAA18EF66324611DC00160F93BFE58E0AEEDEB53D1AE96D970D272F023092DE19BC0E
                    Malicious:false
                    Reputation:unknown
                    Preview:TH02...... . 7.7.@......SM01X...,...@.7.@..........IPM.Activity...........h...............h............H..h<.^.....v..p...h........@Y..H..h\cal ...pDat...h`...0.....^....h^..............h........_`Rk...h....@...I.lw...h....H...8.Wk...0....T...............d.........2h...............k..C.......7...!h.............. h..A.......^...#h....8.........$h@Y......8....."h.F......xG....'h..............1h^...<.........0h....4....Wk../h....h.....WkH..h....p...<.^...-h ........^...+h.......0.^......... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with very long lines (65536), with no line terminators
                    Category:dropped
                    Size (bytes):322260
                    Entropy (8bit):4.000299760592446
                    Encrypted:false
                    SSDEEP:
                    MD5:CC90D669144261B198DEAD45AA266572
                    SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                    SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                    SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                    Malicious:false
                    Reputation:unknown
                    Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):10
                    Entropy (8bit):2.7219280948873625
                    Encrypted:false
                    SSDEEP:
                    MD5:3489F36061131D9D3E87002A436BF0A7
                    SHA1:92D43E7D1DF88A9BC5A5B5E052C8A89EE928191D
                    SHA-256:D65F78A1B668874F2E2A6FE52FA1038B94B1287BC84E66318A746860638E9AD4
                    SHA-512:EE66684DD49FCE33413BF61BE8205ED0E979DB8FE4048DCE18384E026F58921D257F3CF5679A7EA53E9C822DF84375857E03D9AD065BE5FE5C6EF763838B113B
                    Malicious:false
                    Reputation:unknown
                    Preview:1732629938

                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\25CFFA8C-E314-4C3A-A197-BF91A5E251E0

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):181859
                    Entropy (8bit):5.295308806494344
                    Encrypted:false
                    SSDEEP:
                    MD5:C91D7F4C307725F3BEA29FDA34D34632
                    SHA1:8454F28B96BC7AF7215890F456522332C840D5F5
                    SHA-256:3DA862CC781A59B99FA53DA0A49A418AF02065CA8198736062C8A045C5FD96B3
                    SHA-512:DBFE46F0ED70973232D582DA8F1965FC9165D803F199AE9D4E75F6A038655DC739A2A04B372140631A070980AA84182F4670EBA2A72C694150102C838C8388A9
                    Malicious:false
                    Reputation:unknown
                    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-26T14:05:36">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:SQLite Rollback Journal
                    Category:dropped
                    Size (bytes):4616
                    Entropy (8bit):0.13760166725504608
                    Encrypted:false
                    SSDEEP:
                    MD5:8E036D278D91B13409EA0533A1D088C2
                    SHA1:A3770EE1E54C834345427E817BA911A7F40671B9
                    SHA-256:E606112FB946517E59051BE4286FF6902068AB4C6A532BA64CD0B27610E0A906
                    SHA-512:F6528214524D491E0068617A11E2836FE22800A4183F8EB24F0C96A56AC3D746FB3721B48988055C6E68D7D88D4654CF423CC67B0581EF40C0B989FE61B65D5D
                    Malicious:false
                    Reputation:unknown
                    Preview:.... .c.....I#xP....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):2278
                    Entropy (8bit):3.8468009507303123
                    Encrypted:false
                    SSDEEP:
                    MD5:3134745DB560B4914B486C605A792D31
                    SHA1:7D20ADC9FB7BBEE1EE17B9A6CF9F29A2D10F6158
                    SHA-256:E917B0E40AE28CB1D899D061E7234BE77B2D46CD0407C4DFD9E435AC6BA41BC1
                    SHA-512:B221BB62DC2AA0543F609CF7F5854C4E13D8B00E9AE451A6B4F65A7039CBAE7E923E0975308E6756033CBA8C9D8D184C0976E867847D4CA538DABCFF0CCE5F5D
                    Malicious:false
                    Reputation:unknown
                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.O.C.i.p.R.R.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.c.L.z.A.5.q.

                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):2684
                    Entropy (8bit):3.896809371930136
                    Encrypted:false
                    SSDEEP:
                    MD5:3179F77C7FB86C6164E0F0DB3D4488EB
                    SHA1:FF079AE98343F4C3E4BA7755F91DBA23235E2063
                    SHA-256:38FEC5FC4B103AAA4024338BFA7D247B4ECA09EF88E9F159168FA2E511E47D0D
                    SHA-512:654E0B34261E0E89839E5CB674CD1D364EC15FF71A31D152AB514EF2D74DE03321CA8A1975DFB10543D9C78B54CB22200E85A4A595CF76524739EDC83E9FF5B7
                    Malicious:false
                    Reputation:unknown
                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".b.6.L.e.v.N.1.e.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.c.L.z.A.5.q.

                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):4542
                    Entropy (8bit):4.001099200354955
                    Encrypted:false
                    SSDEEP:
                    MD5:B9F4AEBF1D755676401E7683E609CDF4
                    SHA1:84EAC8E75123AD072345A1CDADF0F746180E00A1
                    SHA-256:79ABCC2CDAE5B4C80BB17827A5E59F17DE4BF68A04D0712964AE36CC189D4F75
                    SHA-512:D6C37A0760E501D8BB890CBA01D749F06D39D5B7A4887B1BE6B56FAC173E0864B2D3B1190211E7616FE9066FEFAEDFA671DBE5AFE8C4A82DA60AC30808441D99
                    Malicious:false
                    Reputation:unknown
                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Z.8.V.v.i.w.x.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.c.L.z.A.5.q.

                    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                    Download File
                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):30
                    Entropy (8bit):1.2389205950315936
                    Encrypted:false
                    SSDEEP:
                    MD5:8F3F8EC39142F9F283DD57DDBD3A4474
                    SHA1:936D6C574AAE31F71900F6B992E4F5A2A01DAB79
                    SHA-256:7B07EC5291570C4C608D723B3A4B9408E80C1C8971667BE2531594C7789D1A56
                    SHA-512:E8001C6A38CAAACC27C1214E53BC84210335CC7756EF4FCAA4B93AAA0371E3F64A7C35E51537626997BBDECB81736A206EC8A7D2506AC15B835FC5132FDD605E
                    Malicious:false
                    Reputation:unknown
                    Preview:....A.........................

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 13:06:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2673
                    Entropy (8bit):3.982572911297088
                    Encrypted:false
                    SSDEEP:
                    MD5:9DA6BC76463DDF467CB9F27833C5B2B0
                    SHA1:674B6F6E493749CB42093751431369D46ECE0020
                    SHA-256:095B43AB033681632527C59CB8083EB13AAE53F4C950B6D1F07D82F4D1C276DF
                    SHA-512:6F721F2174FFE9E29C73906465E94F1261B78D839A2BA8BCF04BE6DE51D601B3797E3AAA0B3F73F322131E46BDA83674FC6691D67FA17BA138A65E6469D6D318
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,....wL.b.@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzY.p....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzY.p..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzY.p...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 13:06:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2675
                    Entropy (8bit):4.002274139695758
                    Encrypted:false
                    SSDEEP:
                    MD5:E19744FB60752637B063CB3FACF463E2
                    SHA1:5FF7F62F486B741DEE805D93C6E1D4B27819B58E
                    SHA-256:DEE63F6A269FCC9E66274D701B5D5CDC8331082FBAC9016E820D8CC2668EEA6E
                    SHA-512:937EF58E0D48D3FECA28FDC5F738D4464DFB0E6A0EB8656862F20D136CB143FC5F32132D4A0C0926AF83ACA8A954CD6B6E74C9B8AED46D6E6C7805186965D1B0
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,....<{.b.@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzY.p....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzY.p..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzY.p...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2689
                    Entropy (8bit):4.009118777813336
                    Encrypted:false
                    SSDEEP:
                    MD5:5C1ABBCE6F75E98B623E5D55F260812C
                    SHA1:193661A2CE03C7E945762FB3DCA1E693BB8951E6
                    SHA-256:E4370B768D19E2E858FA3DBF344722090838C405F3B0CDD01A73FD48631464D3
                    SHA-512:572337D33AEFA24CE2757C360E450A639D714F36F7E9F375CFAC52E23E7F43AB34839CE72E8FA884517F1C48E9C88ED578405FED7BA7BD2243271EE0F561C23D
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzY.p....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzY.p..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 13:06:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.9981685501666266
                    Encrypted:false
                    SSDEEP:
                    MD5:AEDFCEAAE36E436E4CF70C94555BFC72
                    SHA1:2A0C0845677CB1D065830DC898247EB1D18D4B8F
                    SHA-256:EA681BD7D79A78E50173352BBA7CDF1E30A07FAB22C9C9782C57FF397223184B
                    SHA-512:704510CE6DB4C779BBEADDC8EBDCFA4A06F3F01E8C6BBEBDF8AE3040C8F400DF3506FE3C913C2CA5DDE1E67598F97A1529778C9A0848650376420327934880CB
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,......b.@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzY.p....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzY.p..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzY.p...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 13:06:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.9871036879974326
                    Encrypted:false
                    SSDEEP:
                    MD5:B73BFD06958EA75F84B3C45E6714907D
                    SHA1:7072ECB332699DFEC2D40809AB8365EA81CCF0EA
                    SHA-256:B17C78967D4473F8AC546D8F244241B75A8F1A7B80D4B2FE807FA0AD4245F78C
                    SHA-512:F9590A3E13E66AE1BEA66D76CB5B22C931A825281861228652E366C31A3EE110ED5D794955575C26D652BC13145BC86868EA40670CBABF623D317788CD86DF78
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,......b.@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzY.p....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzY.p..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzY.p...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 13:06:27 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):3.9957807743706524
                    Encrypted:false
                    SSDEEP:
                    MD5:6310BC3A28D6B1C00F8A8896025E8652
                    SHA1:294DD8DC51CFF67DBF01B0BAA277186818DDC6A4
                    SHA-256:94F423E1E7878AD169717FA8C747E498DBE2754C66D01EFFA5A671E268D951CB
                    SHA-512:D418DD62B32B3EB3C736AA3E87733E8716D5BC8B5BE38F7A59C79321C527C5E53CC5A8BB4163BBE4BAB379B518C354F968D066D06870CBBDBAA9C13D6443923A
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.......b.@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY.p....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzY.p....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzY.p....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzY.p..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzY.p...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                    C:\Users\user\Downloads\3babea16-bf83-41a6-91d4-6c33557551e5.tmp

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PDF document, version 1.6 (zip deflate encoded)
                    Category:dropped
                    Size (bytes):1161081
                    Entropy (8bit):7.9855750332802415
                    Encrypted:false
                    SSDEEP:
                    MD5:3318CDFCF6C754122751389FD63DD3E3
                    SHA1:AB12374C60F4CACB4641766B546BAAE0FF0E56F6
                    SHA-256:85EC687E154212EF0794C7BABAA670AE593532D940C0CCFC9FAD5048F4458F94
                    SHA-512:BA736E9C16C45955EE5692C5C3E82E01A9CC605D4415F7C5575DBF22196FF8B0E4814CAC073BF08B0FB13E130DBC4C013D8252E383A4C694CC92B16B24F175F1
                    Malicious:false
                    Reputation:unknown
                    Preview:%PDF-1.6.%......621 0 obj.<</Linearized 1/L 1155306/O 623/E 113962/N 10/T 1154805/H [ 496 391]>>.endobj. .639 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<D6F76DB24A674055B7414F0F1F985F94><A18F0D395C3242E5B0BB4BC6D7D2F481>]/Index[621 26]/Info 620 0 R/Length 89/Prev 1154806/Root 622 0 R/Size 647/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``N...... 0..D2...$.H.....:`........L2.I.....lf2.dl..$....+......$.3.o...`.`7.'.endstream.endobj.startxref.0.%%EOF. .646 0 obj.<</C 332/Filter/FlateDecode/I 354/Length 297/S 222/V 310>>stream..h.b```....,.....D..@....Y.8.00..J35000....c...b.w[.........~....A.z..\...t..>..U...#6~!).1.#8.J..J]..N...eNWy.t.>/...b.{L'p.V'..#k#..8....t00..ut.).3......$T..H2.itt.t.P....\. -..2`..3.2.6,>`..o ^.....i!cjC..#.9.......RU=...A.!....<...g.<.f/.{...5.A.~ ......0Sg.......V..F...!j.^....-8[..endstream.endobj.622 0 obj.<</AcroForm 640 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Metadata 48 0 R/Pages 617 0 R/StructTreeRoot 7

                    C:\Users\user\Downloads\downloaded.pdf (copy)

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PDF document, version 1.6 (zip deflate encoded)
                    Category:dropped
                    Size (bytes):0
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:3318CDFCF6C754122751389FD63DD3E3
                    SHA1:AB12374C60F4CACB4641766B546BAAE0FF0E56F6
                    SHA-256:85EC687E154212EF0794C7BABAA670AE593532D940C0CCFC9FAD5048F4458F94
                    SHA-512:BA736E9C16C45955EE5692C5C3E82E01A9CC605D4415F7C5575DBF22196FF8B0E4814CAC073BF08B0FB13E130DBC4C013D8252E383A4C694CC92B16B24F175F1
                    Malicious:false
                    Reputation:unknown
                    Preview:%PDF-1.6.%......621 0 obj.<</Linearized 1/L 1155306/O 623/E 113962/N 10/T 1154805/H [ 496 391]>>.endobj. .639 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<D6F76DB24A674055B7414F0F1F985F94><A18F0D395C3242E5B0BB4BC6D7D2F481>]/Index[621 26]/Info 620 0 R/Length 89/Prev 1154806/Root 622 0 R/Size 647/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``N...... 0..D2...$.H.....:`........L2.I.....lf2.dl..$....+......$.3.o...`.`7.'.endstream.endobj.startxref.0.%%EOF. .646 0 obj.<</C 332/Filter/FlateDecode/I 354/Length 297/S 222/V 310>>stream..h.b```....,.....D..@....Y.8.00..J35000....c...b.w[.........~....A.z..\...t..>..U...#6~!).1.#8.J..J]..N...eNWy.t.>/...b.{L'p.V'..#k#..8....t00..ut.).3......$T..H2.itt.t.P....\. -..2`..3.2.6,>`..o ^.....i!cjC..#.9.......RU=...A.!....<...g.<.f/.{...5.A.~ ......0Sg.......V..F...!j.^....-8[..endstream.endobj.622 0 obj.<</AcroForm 640 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Metadata 48 0 R/Pages 617 0 R/StructTreeRoot 7

                    C:\Users\user\Downloads\downloaded.pdf.crdownload (copy)

                    Download File
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PDF document, version 1.6 (zip deflate encoded)
                    Category:dropped
                    Size (bytes):0
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:
                    MD5:3318CDFCF6C754122751389FD63DD3E3
                    SHA1:AB12374C60F4CACB4641766B546BAAE0FF0E56F6
                    SHA-256:85EC687E154212EF0794C7BABAA670AE593532D940C0CCFC9FAD5048F4458F94
                    SHA-512:BA736E9C16C45955EE5692C5C3E82E01A9CC605D4415F7C5575DBF22196FF8B0E4814CAC073BF08B0FB13E130DBC4C013D8252E383A4C694CC92B16B24F175F1
                    Malicious:false
                    Reputation:unknown
                    Preview:%PDF-1.6.%......621 0 obj.<</Linearized 1/L 1155306/O 623/E 113962/N 10/T 1154805/H [ 496 391]>>.endobj. .639 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<D6F76DB24A674055B7414F0F1F985F94><A18F0D395C3242E5B0BB4BC6D7D2F481>]/Index[621 26]/Info 620 0 R/Length 89/Prev 1154806/Root 622 0 R/Size 647/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``N...... 0..D2...$.H.....:`........L2.I.....lf2.dl..$....+......$.3.o...`.`7.'.endstream.endobj.startxref.0.%%EOF. .646 0 obj.<</C 332/Filter/FlateDecode/I 354/Length 297/S 222/V 310>>stream..h.b```....,.....D..@....Y.8.00..J35000....c...b.w[.........~....A.z..\...t..>..U...#6~!).1.#8.J..J]..N...eNWy.t.>/...b.{L'p.V'..#k#..8....t00..ut.).3......$T..H2.itt.t.P....\. -..2`..3.2.6,>`..o ^.....i!cjC..#.9.......RU=...A.!....<...g.<.f/.{...5.A.~ ......0Sg.......V..F...!j.^....-8[..endstream.endobj.622 0 obj.<</AcroForm 640 0 R/Lang(en-US)/MarkInfo<</Marked true>>/Metadata 48 0 R/Pages 617 0 R/StructTreeRoot 7

                    Static File Info

                    General

                    File type:RFC 822 mail, ASCII text, with very long lines (314), with CRLF line terminators
                    Entropy (8bit):5.781557010244006
                    TrID:
                    • E-Mail message (Var. 5) (54515/1) 100.00%
                    File name:[BULK] how aligning supply chain and digital transformation initiatives leads.eml
                    File size:53'270 bytes
                    MD5:d020b732b94f829d81969ac967de4894
                    SHA1:95441e23ea5a6ad46f7c4d7aac42571d130f420d
                    SHA256:8c4e1b503be20c059fd38b3c981a35d277aea90a52ee27ad5e86f2a112d35158
                    SHA512:1200e8ea149a3f00b06f2198910853b4f8bf73f188c1640030a002cfa65fbc818dadfe5b76a2f1844ca125c310780f55364c4ac8f652e156cdd7e541142dadcb
                    SSDEEP:768:2JOeZxc0CMJkjhV6QknmSmUmIH/Hf/qNciOKY4mg0m+pw:2Jv/8umUmtDOKNmg0m+pw
                    TLSH:C033E8828E82201AD47354592A163E6CABF07C1F67D64DA039DE727A2F8F0574627FCC
                    File Content Preview:Received: from PAWPR03MB9215.eurprd03.prod.outlook.com (2603:10a6:102:343::18).. by DB8PR03MB6139.eurprd03.prod.outlook.com with HTTPS; Tue, 26 Nov 2024.. 13:37:19 +0000..Received: from DB8PR09CA0019.eurprd09.prod.outlook.com (2603:10a6:10:a0::32).. by PA

                    Static Mail

                    General

                    Subject:[BULK] how aligning supply chain and digital transformation initiatives leads?
                    From:Christy Warner <christy.warner@fincorpb2b.com>
                    To:mark.micallef@cardfactory.co.uk
                    Cc:
                    BCC:
                    Date:Tue, 26 Nov 2024 08:37:00 -0500
                    Communications:
                    • CAUTION: This email originated from outside of the organisation. If in doubt please use the report message button to Security. 96 canvas new study explores the impact of visual communication across the workplace. hello , communicating visually is critical to how business leaders enable their organization to thrive. from simplifying complex ideas to connecting audiences and enhancing employee culture, visuals are the currency of communication[1] . the visual economy report by canva examines how organizations approach visual communication, ai, and other technologies, featuring insights from 3,707 global business leaders. here are some findings: the growth of design literacy: 92% expect employees in non-design roles to possess some design acumen in order to be effective communicators. ais role in the visual economy: 90% agree the quality of visual communication has been improved by generative ai. overcoming ai concerns: ai's potential is vast, so addressing legitimate concerns is key to its adoption. download the full report to uncover more insights into how your organization can win in todays visual economy [2] download now [3] . References: 1. u=11508ee9 2. u=11508ee9 3. u=11508c45 You can modify/update your subscription via the link below. Unsubscribe from all mailings https://eu-west-1.protection.sophos.com?d=benchurl.com&u=aHR0cHM6Ly9jbHQxNjY2MzA4LmJlbmNodXJsLmNvbS9jL3N1P2U9MTkwRkIwMSZjPTE5NkQwNCZsPTExODFBNkYyNyZlbWFpbD12NUM1TUlxc0tEUXBxS0R3RDhqWkVHZzh6amtNWHRZWFlMWVpGenQ3TjZrJTNEJnJlbGlkPUFGQTExQzE=&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=WmxXOUdEdHJ1MEV3Y3JaWDcveDZPVWRCcVFjQkFZOVpTcUhzWmcvYTRjTT0=&h=896a3615f4614642bb91c1745a40c843&s=AVNPUEhUT0NFTkNSWVBUSVanzsPvZrIhF9w0fiwC9I-6QettNLX0GHvdzaxOTUrH1IIJlJHj9JNyDqjTU5N_4rvHAsD0qKqPX0lk4emz3t_13soRRHdhNeRHfjSlFzPjiw 153 W 27th Street, 7th Floor Suite 700, New York, New York, 10001 Email Marketing benchmarkemail.com [https://eu-west-1.protection.sophos.com?d=benchurl.com&u=aHR0cHM6Ly9jbHQxNjY2MzA4LmJlbmNodXJsLmNvbQ==&p=m&i=NjFiMTQ3MGI2Zjk0N2UwZTYxYjViM2Qy&t=RmczZzFpRitFd1g3RVpDa0I1SkF1NTVLdnd6WWtpL1lVWVFDd3BFekNkdz0=&h=896a3615f4614642bb91c1745a40c843&s=AVNPUEhUT0NFTkNSWVBUSVanzsPvZrIhF9w0fiwC9I-6QettNLX0GHvdzaxOTUrH1IIJlJHj9JNyDqjTU5N_4rvHAsD0qKqPX0lk4emz3t_13soRRHdhNeRHfjSlFzPjiw]
                    Attachments:

                      Headers

                      Key Value
                      Receivedfrom pmta362.dedicated.bmsend.com (216.4.238.193) by AMS0EPF0000019A.mail.protection.outlook.com (10.167.16.246) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8207.12 via Frontend Transport; Tue, 26 Nov 2024 13:37:03 +0000
                      Authentication-Resultsspf=softfail (sender IP is 198.154.180.200) smtp.mailfrom=r1666308.fincorpb2b.com; dkim=fail (signature did not verify) header.d=fincorpb2b.com;dkim=fail (signature did not verify) header.d=bmsend.com;dmarc=fail action=none header.from=fincorpb2b.com;compauth=fail reason=001
                      Received-SPFPass (protection.outlook.com: domain of r1666308.fincorpb2b.com designates 216.4.238.193 as permitted sender) receiver=protection.outlook.com; client-ip=216.4.238.193; helo=pmta362.dedicated.bmsend.com; pr=C
                      X-Sophos-Product-TypeMailflow
                      X-Sophos-Email-ID896a3615f4614642bb91c1745a40c843
                      Authentication-Results-Originalspf=pass (sender IP is 216.4.238.193) smtp.mailfrom=r1666308.fincorpb2b.com; dkim=pass (signature was verified) header.d=fincorpb2b.com;dkim=pass (signature was verified) header.d=bmsend.com;dmarc=pass action=none header.from=fincorpb2b.com;compauth=pass reason=100
                      DKIM-Signaturev=1; a=rsa-sha256; d=bmsend.com; s=bmdeda; c=relaxed/relaxed; t=1732628220; h=subject:from:reply-to:to:date:message-id:feedback-id:list-unsubscribe: content-type:mime-version; bh=Oq08qXQyc9yyBVHlervCW1+sJRuae8vq/rCHTuOtL9g=; b=ZUfWjPN8smWS2p2vQQ9iYcItKI/HlxnBaFGqrdBhNaSv1IGfTtWc3M9OJCZqgeh7ia9WHUQqL+M dMKbhDhiQHA2N+nZapfbB2zf8hsZJ/akiVsCWXSXLDj/z9ZsYTtN7I9Qv352o26fzznLFW9POF1eZ 9SA3fE5kCukO9SP6vpg=
                      FromChristy Warner <christy.warner@fincorpb2b.com>
                      DateTue, 26 Nov 2024 08:37:00 -0500
                      Subject[BULK] how aligning supply chain and digital transformation initiatives leads?
                      Message-Id<0ed557ee25c54bc0b160c734e69fba93@fincorpb2b.com>
                      Reply-ToChristy Warner <christy.warner@fincorpb2b.com>
                      X-Identify<17309704_4699352871@benchmarkemail.com>
                      X-CMC1559C72.1181A6F27
                      X-Campaignid17309704
                      X-SentFromRelaypmta362.dedicated.bmsend.com
                      X-SentFromServer216.4.238.193
                      X-Report-Abusehttps://clt1666308.benchurl.com/Abuse?9tSN8Jgb1CaOSko%2BvS7dD%2Fz5moo3Gb%2Fv%2Bm8s7YuEzomynLSytSaQpbuMueMNRmfdHK%2FG7%2B7EuZQnsFETSYGku4FRcQUPYOFc
                      X-BM-User196D04
                      Feedback-ID1666308:17309704:us:benchmarkemail
                      X-MailerBME Mailer - **BME17309704-1666308-4699352871**
                      List-ID4699352871BM list <4699352871.1666308@benchmarkemail.com>
                      List-Unsubscribe<https://clt1666308.benchurl.com/ud?9tSN8Jgb1CaOSko%2BvS7dD%2Fz5moo3Gb%2Fv%2Bm8s7YuEzomynLSytSaQpbuMueMNRmfdHK%2FG7%2B7EuZQnsFETSYGku4FRcQUPYOFc>
                      List-Unsubscribe-PostList-Unsubscribe=One-Click
                      Tomark.micallef@cardfactory.co.uk
                      Content-Typemultipart/alternative; boundary="=-IILreIz4i4zp2rEhL3DIjA=="
                      X-EOPAttributedMessage1
                      X-EOPTenantAttributedMessage7956b84e-0c99-46b5-81c6-28689cfa7221:1
                      X-MS-TrafficTypeDiagnostic AMS0EPF0000019A:EE_|VI1PR03MB10157:EE_|DU6PEPF00009524:EE_|PAWPR03MB9215:EE_|DB8PR03MB6139:EE_
                      X-MS-Office365-Filtering-Correlation-Id204b70f4-9b9b-4e25-d6fa-08dd0e1f7137
                      X-Forefront-Antispam-Report-UntrustedCIP:216.4.238.193; CTRY:US; LANG:en; SCL:5; SRV:; IPV:NLI; SFV:SPM; H:pmta362.dedicated.bmsend.com; PTR:pmta362.dedicated.bmsend.com; CAT:SPM; SFS:(13230040)(2092899012)(5073199012)(69100299015)(5063199012)(4123199012)(4022899009)(12012899012)(1032899013)(4076899003)(2066899003)(8096899003); DIR:INB;
                      X-Microsoft-Antispam-UntrustedBCL:0; ARA:13230040|2092899012|5073199012|69100299015|5063199012|4123199012|4022899009|12012899012|1032899013|4076899003|2066899003|8096899003;
                      X-Microsoft-Antispam-Message-Info-Original 9iO00w0FOGt/Auvo+gaOd7XuWr5pIgbPQbxVk4eJC/cBSD0g9O5Q/KdEYTBfASy4pyOk8dZF4ehP8zC5aGhyWTeGVQKp73sU7ZKS+wT967ZbCHaA5dL2qwXSOdumUfeymS9+GcpO6tKAaJujaECl96W662aW1YpFgm1NiGxvOjsSHNIW/Z95SVEky1db9zfqKkT8upikd76z0elRmqp0qQi7XgSbUDEVq9KU1XlMJLfv8YjhfeixKx5SAwv786NMUIcj7By6GGMQmyMNPguRy/Fq4Q5XFB4c4V/mfruVdakUAyaqpFqA3CCktPlgpVg9w3KOAMO6mmaUWwgBPaHda7m6eYLoC2YzPpTT9ZQw++ECiC0pLWEP7J9lTKzBWpM5Fp+54hgu2L9Lb5UZYFvFNbAaYKWRJUHov4zPSBE9o09xfH5caXsGx9C5IItGkjcSQlBPU2EeQCXZGP1AJEDH13sxZEwf+twViioh7VIIp/fJ04nxkxQ8REit2mbTHtvjsbmxYYdxagetkFSjk9lrIGzhL5kYiug3PCQZw2iPcwQBvC5L/6Z0mKHKP2FRtAy5k1WSuVVTTfLy25b5bHK+S51jAH15bJMT/qR/5MDWtCSYp4vYTj40NR5yNsBkFKUrVm2rh/ob5cUorFkOxu5PooBy7YW1jVcewK/+AZWG840atRjrsd+ghHIr4QBZXfI3woysV13xYTyENhtgTAmrqnPSWatWhX/xzEICcQNtHp9UzswSpK5ecxRKmBVQhuVY6Jra5DFTyqmvN2FfXWiUmHmsb5DQPmiWEy/dRYJNrNHe2/hWPmMFiM5Kz3bidQY3Ah7zJi1wd4Vzrv/9EQuBhgTVVsLSGjShmvda+cKyHeqBsaFNvSDPYjcAYCZ+Y25Eng9FJTGl2wJ827lqTC3BYCA6gf2ywrG3xqc0U3D7PUXHpo+YSVnMGCAWly/5D9oCJGZ9lDfftHuzngFXoFKWWTprWMEoD4c6YGR94KEX6fp4BtJbJcM09l0Zs7U2e0ZoA/stlbcEsKLdv/RCuxxfspSK2CeDzhzHBjBxgFMFzKOtLhTTqErSD2c7u78+Kc+AuffA7ln439ZbEnfnubr2apCZHMiGJbEr5LCUQcXDbZ0qiMBzofo8gspVhrNTKhBppOds1RpZDjmwlgXMqM600oHUziKsBVZdR1UlbDhT5mWzbT9Xu+qXiX/WY7QxYnzQH7YmzqTZ8awCUPO8akIHXubHxbQwUPEWag/lhc3nzFELzHbh9vaGFMgIR2iNvf58E8TehGOjZgMgqbrLPWx+rY+HrxdzWvU1DSr2udHW7IuZjC7ongYZeA2Q1gkXfJtHDfsb8kYoYde/SoU7mdaADst+x+s5UHDfEtd4BP6Hrio+/KN4vNss28x7pIAEKbuBQKxvLy9T7YxQIb3HnxRrSh/tywAd4fU+IFYydUq8DWEWfb3YttuBud7MWkZ7un5hdgcTLpLR0peG4ENjmAVnkGr9xdfcTBr0UwroUALR/v1khH5+CtRg2F1K6oRmXOItiixbzhTYKruEwQjZwfAEQsxSKAoe5lLqQw3e51PhbR/gS5YD7uRXVfHtKy/4eQk8LFgdw5or6OHKRWOiXAFyY368qey5p5WoV5IXZbB3tmhoPr2Xf5BPqNoiHu8TcHwKUexTFsS4r7aVfEsiBcagyH8Dr/85WI5WqWz3VWaGuBKzqGLLgvFacUQtM93Ch4gj7QUVtWQhBkfWQVLZirqZTim1nPxRe+TZJjY6JHMnuTLPIKTu9WZJUBsFgYpC9Dokx1iSlPU62DfUcImyTWOX6r5E5gz7a6qwP6xtscxX1we/RrChVU4CDQXmL6WXMqxF22+lz45jSlsfUSItlc+deES8StOhivuBSVfof/m7YuKMjJFs3LXi55Y3nqCvIzYaXj0gNgCLFWb4TXBYjTWy8qX78uvnYyT9wxkH7bLQR9d+wfHaxT67CShTZ1kV3QvI2kWaJBjAcNwyZDgye8CYlB6qGF7AdsMy+55z/4DEac7WFctu+QIzi21UvbuqLRPS5xFe1kiNM3Zf4tAw1GEtHMEdMFX6fFfOP9ohc58MNRbKe/9HG1V5+tAcUfqnP57zxkaSQD3mM14tbXAgNnZXK5GuUOKbEA91hLapDlemwkN20+SPVZUqwNSv868T9B/6NiM/E1YP1KlFIqCgY6aay/QUAYCX0J4sT1pG6KuGjEtOZ1SSAE3wZjntsD2SY5ax7RP68fh97KlziPX6VjxnZphMSNv9yadJfHRggJAchlAkfb6iBAPd2mOk0C+6Qd28PWHvPOJoqKwuSLeW6sebNea+rUq5TFEXKoHJUvYxxg0IaMyV+UoZ/ytm/RhX2OL+tGhbevz4kYYncQcbvMKKv0jdzmIZYLHNezgss3NcGCekqyk4jhPfsUzLm5bToBnSKAN2v75jlrreRruyMyZ6oGnnbnwnEw3rbUgfgert27taQrKyYgnBkdvCio7bTyVcZ7fRXfeE0JgZ0LWESmT6KT9Ti6+AEKz5GJPmlcQLobY=
                      X-MS-Exchange-Transport-CrossTenantHeadersStampedPAWPR03MB9215
                      Content-Transfer-Encoding8bit
                      X-LASED-MailTypeBULK
                      X-Sophos-Email-Scan-Details27140d1e1540510e5d57435f51475a5a571540586e3671
                      X-Sophos-Email[eu-west-1] Antispam-Engine: 6.0.0, AntispamData: 2024.11.26.101546
                      X-Sophos-SenderHistoryip=216.4.238.193, fs=1210623, fso=70855175, da=226086841, mc=58, sc=0, hc=58, sp=0, re=100, sd=0, hd=7
                      X-Sophos-DomainHistoryd=fincorpb2b.com, fs=3880, fso=16752864, da=86829665, mc=6, sc=0, hc=6, sp=0, re=16, sd=0, hd=2
                      X-LASED-From-ReplyTo-DiffFrom:<printcraft.co.uk>:11, Reply-To:<printcraft.co.uk>:11
                      X-LASED-SpamProbability0.231475
                      X-LASED-HitsAUTH_RES_PASS 0.000000, BODYTEXTH_SIZE_3000_MORE 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_10000_PLUS 0.000000, BULK_EMAIL_SENDER 0.000000, DATE_TZ_NA 0.000000, DATE_TZ_NEG_0500 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000, DQ_S_H 0.000000, HTML_90_100 0.100000, HTML_95_100 0.100000, HTML_98_100 0.100000, HTML_99_100 0.100000, HTML_NO_HTTP 0.100000, HTML_TAG_NAME_RND_CAP 0.000000, IMP_FROM_NOTSELF 0.000000, INBOUND_SOPHOS 0.000000, INBOUND_SOPHOS_TOP_REGIONS 0.000000, KNOWN_FREEWEB_URI 0.050000, LEGITIMATE_SIGNS 0.000000, LIST_HEADER 0.000000, NO_FUR_HEADER 0.000000, OBFUSCATION 0.000000, OUTLOOK_VERDICT_SPAM 2.000000, REPLYTO_SAMEAS_FROM 0.000000, SUPERLONG_LINE 0.050000, SXL_IP_TFX_ESG 0.000000, __ANY_URI 0.000000, __ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __AUTH_RES_DKIM_PASS 0.000000, __AUTH_RES_DMARC_PASS 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __CP_NAME_BODY 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_ALT 0.000000, __DC_PHRASE 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000, __DQ_D_H 0.000000, __DQ_IP_FSO_LARGE 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __DQ_S_DOMAIN_100K 0.000000, __DQ_S_DOMAIN_10K 0.000000, __DQ_S_DOMAIN_HD_1_P 0.000000, __DQ_S_DOMAIN_HIST_1 0.000000, __DQ_S_DOMAIN_MC_1_P 0.000000, __DQ_S_DOMAIN_MC_5_P 0.000000, __DQ_S_DOMAIN_RE_49_L 0.000000, __DQ_S_DOMAIN_RE_99_L 0.000000, __DQ_S_DOMAIN_SP_0_P 0.000000, __DQ_S_HIST_1 0.000000, __DQ_S_HIST_2 0.000000, __DQ_S_IP_1MO 0.000000, __DQ_S_IP_MC_10_P 0.000000, __DQ_S_IP_MC_1_P 0.000000, __DQ_S_IP_MC_5_P 0.000000, __DQ_S_IP_RE_100_P 0.000000, __DQ_S_IP_SP_0_P 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_LIST_HEADER 0.000000, __HAS_LIST_ID 0.000000, __HAS_LIST_UNSUBSCRIBE 0.000000, __HAS_LIST_UNSUBSCRIBE_POST 0.000000, __HAS_MSGID 0.000000, __HAS_REPLYTO 0.000000, __HAS_X_FF_ASR 0.000000, __HAS_X_FF_ASR_CAT 0.000000, __HAS_X_FF_ASR_SFV 0.000000, __HAS_X_MAILER 0.000000, __HIGHBIT_ASCII_MIX 0.000000, __HTML_BAD_END 0.000000, __HTML_STYLE_DEF_HIDDEN 0.000000, __HTTPS_URI 0.000000, __IMP_FROM_NOTSELF 0.000000, __INBOUND_SOPHOS_EU_WEST_1 0.000000, __JSON_HAS_MODELS 0.000000, __JSON_HAS_SCHEMA_VERSION 0.000000, __JSON_HAS_SENDER_AUTH 0.000000, __JSON_HAS_TENANT_DOMAINS 0.000000, __JSON_HAS_TENANT_ID 0.000000, __JSON_HAS_TENANT_SCHEMA_VERSION 0.000000, __JSON_HAS_TENANT_VIPS 0.000000, __JSON_HAS_TRACKING_ID 0.000000, __KNOWN_FREEWEB_URI1 0.000000, __LEGIT_LIST_HEADER 0.000000, __LEO_OBFU_DATE_0500 0.000000, __MIME_BOUND_26 0.000000, __MIME_HTML 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MSGID_32HEX 0.000000, __MTHREAT_0 0.000000, __MTL_0 0.000000, __MULTIPLE_URI_TEXT 0.000000, __RCVD_PASS 0.000000, __REPLYTO_SAMEAS_FROM 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __REPLYTO_SAMEAS_FROM_NAME 0.000000, __SANE_MSGID 0.000000, __SCAN_DETAILS 0.000000, __SCAN_DETAILS_SANE 0.000000, __SCAN_DETAILS_TH_MARKETING 0.000000, __SCAN_DETAILS_TL_0 0.000000, __STOCK_PHRASE_7 0.000000, __STYLE_RATWARE_NEG 0.000000, __STYLE_TAG 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_ALPHA_START 0.000000, __TAG_EXISTS_HEAD 0.000000, __TAG_EXISTS_HTML 0.000000, __TAG_EXISTS_META 0.000000, __TO_MALFORMED_2 0.000000, __TO_NO_NAME 0.000000, __URI_IN_BODY 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_MAILTO 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __URI_WITH_PATH 0.000000, __X_FF_ASR_CAT_SPM 0.000000, __X_FF_ASR_SCL_SPM 0.000000, __X_FF_ASR_SFV_SPM 0.000000
                      X-LASED-ImpersonationFalse
                      X-LASED-SpamNonSpam
                      X-Sophos-MH-Mail-Info-KeyNFh5TnNtMFMzQ3puVFZnLTE3Mi4xOS4yLjIyNw==
                      Return-Path BOUNCE.1082008.1181A6F27.1559C72.196D04.bme@r1666308.fincorpb2b.com
                      X-MS-Exchange-Organization-ExpirationStartTime26 Nov 2024 13:37:16.2738 (UTC)
                      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                      X-MS-Exchange-Organization-Network-Message-Id 204b70f4-9b9b-4e25-d6fa-08dd0e1f7137
                      X-MS-Exchange-Organization-MessageDirectionalityIncoming
                      X-MS-Exchange-Transport-CrossTenantHeadersStripped DU6PEPF00009524.eurprd02.prod.outlook.com
                      X-MS-PublicTrafficTypeEmail
                      X-MS-Exchange-Organization-AuthSource DU6PEPF00009524.eurprd02.prod.outlook.com
                      X-MS-Exchange-Organization-AuthAsAnonymous
                      X-MS-Office365-Filtering-Correlation-Id-Prvs 05a3da1f-becf-4a8f-e08a-08dd0e1f69e9
                      X-MS-Exchange-Organization-SCL-1
                      X-Microsoft-Antispam BCL:0;ARA:13230040|4022899009|5063199012|5073199012|4123199012|2092899012|12012899012|35042699022|69100299015|1032899013|4076899003|2066899003|8096899003;
                      X-Forefront-Antispam-Report CIP:198.154.180.200;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKN;H:mfid-euw1.prod.hydra.sophos.com;PTR:mfid-euw1.prod.hydra.sophos.com;CAT:NONE;SFS:(13230040)(4022899009)(5063199012)(5073199012)(4123199012)(2092899012)(12012899012)(35042699022)(69100299015)(1032899013)(4076899003)(2066899003)(8096899003);DIR:INB;
                      X-MS-Exchange-CrossTenant-OriginalArrivalTime26 Nov 2024 13:37:16.2269 (UTC)
                      X-MS-Exchange-CrossTenant-Network-Message-Id204b70f4-9b9b-4e25-d6fa-08dd0e1f7137
                      X-MS-Exchange-CrossTenant-Id7956b84e-0c99-46b5-81c6-28689cfa7221
                      X-MS-Exchange-CrossTenant-AuthSource DU6PEPF00009524.eurprd02.prod.outlook.com
                      X-MS-Exchange-CrossTenant-AuthAsAnonymous
                      X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                      X-MS-Exchange-Transport-EndToEndLatency00:00:03.3617839
                      X-MS-Exchange-Processed-By-BccFoldering15.20.8182.018
                      X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                      X-Microsoft-Antispam-Message-Info /7jpC2rh1MR/xPRmcLBPe3mj1POrqDEg5nZ+UJZyNDdcLUL2bm6cjDc045+/PrSmybxR3HvGfJB7AkG3oTSLrTZZFyTjSUwDOQyJuzm5xeB5li4d0uFXliyyxIRuZVJjosfvIwx+X7dhHS3QoO9VN+S08qcprTxk+gs5mXhVxC5SD4YJYLlRAS3XiZ3rAhuDuA1XH6grywlUWsICou5d6wJOIeGEE0FlhetftxAYBkZS3yXu4+G5yDz20WnvMtuyVDb16GWQkjuffP5s31t+7pO14Ms8/+jYL4jGanU72WvJcb4F626dfUbexcD43i3sWbTUBjeYCKHrEsiKCvi8P9I+F8x7gBiJsgYdxEPAQOTJ5kbryivf98WSlppgtPBOwxcTA14nlfX3cjYoTR3YKqVoBEq4vXewvI9Y1JQM22aXD4cJLBuNtq9D3AcAb1NZTfbXUW+CKXUyR4mfz1BXaYot1FTd23g3aQVSCc1EDk88SE/rLpjtZ2mx0axWwCK36TJog5klKluSW6TF/+az8MjYq+Tt81KF41q5idVfzSlQEAMkLTZ1YDv8hzjJB1RJvBg7u7AwiSgkmEUW47uBE2DYrZQCcOvOaBNZpHLY/RnQSKdQ9bP2HR+xVrAY+cI67nwasmIWM2cpQosrzQ7Ji9h6vz0Fovnd1jys+rfeJ0nR1rWHlofB4tv4oWk7lg5M5dkLjgAadBAcwP7CQYPLcOCdhQMUvoGrYHA20RSseuMbjHaqJ4rPGTUUP5/ty2iWQrYa9nek4pa4ZGFEAeCBjt3GUyN3qzh8ulp5UBDOJcIBMJ9Wx8lS1Mq38JoPsgGvzJ/MV9DBtnfMxvC/ElzBzefZuF1VspQUsidPGqdpvw24CgjQ+syJXzUlNRNpFCmi5JAF0dYTnGmH4e/vmD14MlAG86iC9QbmRwlKUAxV9S5oWIDeyWWXkYp/tAQYIQYpv0txN+d/EbYiGeqQN6ree7gyttItX5OrFdhNmIGSZ2VOnL0gVHicaA76QybF+0wfiz8EU2CY5dm4FYrsndtbxtWAYrQrk3o2LitwZnrlUwqwIO3EjT1gQUUe7cCnwX8/WK7IRX1UbNSOt6vDCqMMe9NcQfOGKGyNpc79y8IHz0EquhkTVYEef7jGN9ra4dHB7IhS3C8KlaPFA6zjrn6khzdz9sa7D2L1hnz947GxP+2Cru8OAzD+b3g1krW1MLeDyuovpo0ZYxqI2DcsmaUl3egBqu4QPlfF/hr7v8nBuBDQSS7J/TmbdHaiK55FXo8GJvFvDjed+CovNguVgn0ZvG/scscFYLq3+HDhMhOQQpqvGls8vrnCqEav+v1OUtPOxV8mJl0uiDomn+7Hs8hO+aBtaAwJtaSEYYAl6N5O1eU9YgFA/aE6eZZTzC0QihrhxZMqNsZt0bS3l6dvvxYw0cUohQLbi6c1YQWrI6Set9Pf/knl/UG2rDyJ2ekzdXp+MCX4f0TNzdo88s+yCRkg0lhg94IPbTy/pmbETDCxs41959mEpZwEKGXIGJpuLokny3Kf3gZp+E8KgNM5zDXD4lLnEZQGpwwq/ywZi6gnUlW/bvv/FImiYVNPqozomCwU0ue8/0DrtnDXI4FB6qGA8Ep6STzbFI/1uIONtOF+09nOxMs0jE8ToMmrOmJfmZGeaFqMrw3aoqFIji5zB1pBzZXHz/lyInrZQdNoAlR2RNie/VD4nIFZkBUd7c2cZGuTaTZKheNCg9iUpcHRwIWZHAzlo27/x6lvQMLsnMq+UMiD0Y9Lu7Y4MR7BR0LRd3W4k9piTU6A/qqRhH8JnF74qmErxklU+4NQzEI/JP6K5h68qj5bo7cVgs0MucWRzZH+UnOxxZHMMurPyrK6nijzs899ecv+P0Q4wK+P4mZLfpDsKOO90P5k6piZt9w4MdZOrUxQmEjKWycoXdXEOxeeH1Qp61Y8MCTL9Uroz4j64UhVFBCm0rL8IpgsSXJ8xupoSOcgNB4PPkffI88Du/zYegg1a9YajoH5UpSAH/MPLrrzCTIJHTkATn2vLEYjEjznhBXxC7lw06YzJ6Jzu3pwGN4QFEeaf/zgnt4Q1M/PgoBJmBI0wK1EAEPMSP0nMum4V1lECajQajKvoiIMSq54JH8kJ7AXf0lFyI9ECspjAGrJOBdxyZypPcSsNqamipcQkmLAWtys6YYspmnhhJDmCzjqchf0tOHYMnzoBoceKotGdEbjElcyGV1K5SqGZU1EW/4pYsBbcXPL3WWQLAiRXrzwKPHDM/AEQpGGwHb6ud6Sid+SaDIjcwrBe9FWkeJqkS1C6rh1KyNbVk/gWir+OemHTa0lGpiVLzd/p+mER7PskIzEN+r0+1J4BZ1JxJ8ip0pGZE594qyy8WZqccxr6eipv8MGvY8Y5j+5B7zeZsFQQ5P8RVfmbCs5O/Q27GhIAa3xlpmG+mhQ/NWu09JB/gvCezExwsjUsw2+y5NMgIRzY2/yrUyyTQoT4ibhnuqSw0BhrmrxJ66fLegvPvMYKe/4aAkFSs4sCG6Sz0b9HALpA819PiOzdx2czmpj13xx/by3HQvflmH/Oma4F1ipJl8H+lAhLbDZZ1+CcGOY6/eZt2AQOYTmgPgzhJoV5XuftSFZiu68/OiRLJdUeheAB/MNzfsJ4xWbgPxuyTff3YI86rdqCh/VbL8b7SHDioKcEEIcepUFVwbkDegXE1zoZBfPY3O5bym4ouLpwe5rVWxaaYkB9eUpmCHaQtPLKvswQjNNG0NdgWeoOM9kWWKSIUkztJ8iQUmnXvGrFe96XNukS+hMz8dkeKy8/3PcwKRdrMRMJ3HZBm8FcDidLecH5KaqY673oZKRjirnO/oa6E5LxB109w0Sn29Ng/01iDHPBAfg1amC2tGQl8xpksx1AX546ICyJoSac6taHddqS27KO8trp0gWt0wQJVL/PuwcHijA49BogcclH8Kveeez6eO6Nveiyje6BXHZfIg10VpY//6GoD8rvKfF9GspKy1TMtvJL2k/D6WpW3/ibpQaNo8HLT3EnP3w+1BHJDgmtgQ=
                      MIME-Version1.0

                      File Icon

                      Icon Hash:46070c0a8e0c67d6