Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
attachment.eml

Overview

General Information

Sample name:attachment.eml
Analysis ID:1575748
MD5:a48040f44818fae9d7247f88f4f6449e
SHA1:9b962750ad12df9c8f2a5dc67d204a7d14bc5203
SHA256:ed1179bc602b363bf56309ac5a34f4943acd7758fb9c73fad07a6b82339ea08a
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected potential phishing Email
AI detected suspicious Javascript
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7112 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\attachment.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6276 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E6F12EB1-7E32-4A29-B85D-218C1259A993" "45022F01-3652-4D85-8D5C-2B45247F8748" "7112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dskdjk3432.blogspot.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 5316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1964,i,914751726984315554,11708344721199851135,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: The sender email address (giovacaddeo@pec.libero.it) does not match the legitimate domain of Intesa Sanpaolo. The email contains a suspicious link to a blogspot domain instead of official Intesa Sanpaolo website. The email creates urgency by claiming account access has been disabled and requires immediate verification
AI detected suspicious Javascript
Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://dskdjk3432.blogspot.com/... The script redirects the user to an untrusted domain, which is a high-risk indicator. This could potentially be a phishing attempt to steal user credentials or other sensitive information.
Source: EmailClassification: Credential Stealer
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.53.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: global trafficDNS traffic detected: DNS query: dskdjk3432.blogspot.com
Source: global trafficDNS traffic detected: DNS query: home-online-richiesta-intesasanpaolo-web.codeanyapp.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: classification engineClassification label: mal48.winEML@51/20@6/148
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241216T0342140579-7112.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\attachment.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E6F12EB1-7E32-4A29-B85D-218C1259A993" "45022F01-3652-4D85-8D5C-2B45247F8748" "7112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dskdjk3432.blogspot.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1964,i,914751726984315554,11708344721199851135,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E6F12EB1-7E32-4A29-B85D-218C1259A993" "45022F01-3652-4D85-8D5C-2B45247F8748" "7112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://dskdjk3432.blogspot.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1964,i,914751726984315554,11708344721199851135,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
blogspot.l.googleusercontent.com
172.217.21.33
truefalse
    		unknown
    home-online-richiesta-intesasanpaolo-web.codeanyapp.com
    		198.199.109.95
    		truefalse
      		unknown
      www.google.com
      		142.250.181.68
      		truefalse
        		high
        dskdjk3432.blogspot.com
        		unknown
        		unknowntrue
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          52.113.194.132
          		unknownUnited States
          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          172.217.19.206
          		unknownUnited States
          		15169GOOGLEUSfalse
          172.217.19.238
          		unknownUnited States
          		15169GOOGLEUSfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          172.217.17.35
          		unknownUnited States
          		15169GOOGLEUSfalse
          20.42.72.131
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          23.218.208.109
          		unknownUnited States
          		6453AS6453USfalse
          52.109.68.129
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          198.199.109.95
          		home-online-richiesta-intesasanpaolo-web.codeanyapp.comUnited States
          		14061DIGITALOCEAN-ASNUSfalse
          172.217.21.33
          		blogspot.l.googleusercontent.comUnited States
          		15169GOOGLEUSfalse
          142.250.181.68
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          172.217.21.35
          		unknownUnited States
          		15169GOOGLEUSfalse
          173.194.222.84
          		unknownUnited States
          		15169GOOGLEUSfalse

          Private

          IP
          192.168.2.8
          192.168.2.16

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1575748
          Start date and time:2024-12-16 09:41:41 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:15
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample name:attachment.eml
          Detection:MAL
          Classification:mal48.winEML@51/20@6/148
          Cookbook Comments:
          • Found application associated with file extension: .eml

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.113.194.132
          • Excluded domains from analysis (whitelisted): ecs.office.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, ecs-office.s-0005.s-msedge.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtQueryAttributesFile calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadVirtualMemory calls found.
          • VT rate limit hit for: blogspot.l.googleusercontent.com

          Created / dropped Files

          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):231348
          Entropy (8bit):4.377096098333299
          Encrypted:false
          SSDEEP:
          MD5:830698AD55AAA132F74E2ACA976C5DE4
          SHA1:542CA0C6B40669473A5875D28AAB5E86EE523754
          SHA-256:2889792913270A4215FC08FEF47D765FEDA2A08FDD3522E7A99EF9EDF24F3324
          SHA-512:89F28292775B0656950F4D53E81014146F223234F84DDD58964C29C864FFE1EC46AB249EE15045540BE10AF3114DE180A727E5AF7489227AC4BE56D05C59D6CE
          Malicious:false
          Reputation:unknown
          Preview:TH02...... ...0].O......SM01X...,.....$].O..........IPM.Activity...........h...............h............H..h........'......h.........k..H..h\cal ...pDat...h.y..0...x......h/..............h........_`Pk...h....@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. hAFC...........#h....8.........$h.k......8....."hX;.......;....'h..............1h/...<.........0h....4....Uk../h....h.....UkH..h.b..p.........-h .............+h.................... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

          C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:JSON data
          Category:dropped
          Size (bytes):521377
          Entropy (8bit):4.9084889265453135
          Encrypted:false
          SSDEEP:
          MD5:C37972CBD8748E2CA6DA205839B16444
          SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
          SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
          SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
          Malicious:false
          Reputation:unknown
          Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

          C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
          Category:dropped
          Size (bytes):773040
          Entropy (8bit):6.55939673749297
          Encrypted:false
          SSDEEP:
          MD5:4296A064B917926682E7EED650D4A745
          SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
          SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
          SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
          Malicious:false
          Reputation:unknown
          Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.04591939678467531
          Encrypted:false
          SSDEEP:
          MD5:0ACD0B3164DBEC5C45F25263323C54D6
          SHA1:963EDD2B10CBC026DF122EF2F740AF04F03876D4
          SHA-256:AF28D1C002858768AA358663ADC73C4DA9AF3DE92C61EE13B68078E1F3B83551
          SHA-512:5C12D8A891234E8B59F2C328A46E99F40A67E1FC98BBAB45E8EB3D20536A18135BA6428C2977C2C8300172E8836A05249331B2B20675AE2E8918D6F2328C4170
          Malicious:false
          Reputation:unknown
          Preview:..-.....................b.d^.N.l...9.].T.n.....[..-.....................b.d^.N.l...9.].T.n.....[........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:SQLite Write-Ahead Log, version 3007000
          Category:modified
          Size (bytes):49472
          Entropy (8bit):0.48394527936711557
          Encrypted:false
          SSDEEP:
          MD5:FC08DFF51293A39445009CD0998CC264
          SHA1:2469D7D0C6E7634A9D27A5AD3514CDDAFBEA912C
          SHA-256:CC70259C512C3D1007D0FF666EC2AE3B0253E9C7F0ADCB4DB2C768D8CF150B46
          SHA-512:58E775378450E45D36CFA3489E7A2E0C07B46FECDC3CBE0C8922A2C4061C4D31E42B9E572273300188848845DBDF4480C12EE7415A3FEBEEB340EBA5BD3BDAF4
          Malicious:false
          Reputation:unknown
          Preview:7....-.............9.].T..!...Vi...........9.].T|...#0.#SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\CD1458C5.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:PNG image data, 600 x 150, 8-bit/color RGBA, non-interlaced
          Category:modified
          Size (bytes):73081
          Entropy (8bit):7.990334866101179
          Encrypted:true
          SSDEEP:
          MD5:894C94B0F370CFCC032E4BCDE392D51C
          SHA1:7E754DA4EF483B9F9BEDD0773B0193AA5C764C77
          SHA-256:7EF1847A16E30D4A7BC5A3AD8D014BE06863CEDC351999DA3B32461208ADFE5F
          SHA-512:CDFDF78DEAE18B214F60FC87BF5545EE2E3E0C78BCCB3B2C8E91A4AD0BF8723AA203EBF49120F896C66642246CD13B2EB8654EF1A050E54CE44FA0385D34CF2B
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...X............1....sRGB....... .IDATx^.}..]U..:..)....@...#..6Dl..CEE...P....H.....*..".(.D:..t..@HoSn;....9....d.3.|....I........1.$I.?....F@#....h.4.....a./....h.4.....F@...K..F@#....h.4...qF@..q.T_N#....h.4.....&XZ.4.....F@#.....3..`.3..r....F@#....h.4..2....h.4.....F`....k.....h.4.....F@#.......F@#....h.4..&X.....F@#....h.4...M...h.4.....F@#...g.4..g@..4.....F@#....h..e@#....h.4.....8#...8../....h.4.....F@.,-.....F@#....h....M...P}9..F@#....h.4..`i...h.4.....F@#0..h.5...i.4.....F@#....K.F@#....h.4...qF@..q.T_N#....h.4.....&XZ.4.....F@#.....3..`.3..r....F@#....h.4..2....h.4.....F`....k.....h.4.....F@#.......F@#....h.4..&X.....F@#....h.4...M...h.4.....F@#...g.4..g@..4.....F@#....h..e@#....h.4.....8#...8../....h.4.....F@.,-.....F@#....h....M...P}9..F@#....h.4..`i...h.4.....F@#0..h.5...i.4.....F@#....K.F@#....h.4...qF@..q.T_N#....h.4.....&XZ.4.....F@#.....3..`.3..r....F@#....h.4..2....h.4.....F`....k.....h.4.....F@#0n.+I..O.1.c.....5G..h.6..^......7

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2164734B-1662-4DBB-9006-B92849036951}.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):5020
          Entropy (8bit):2.913324523385446
          Encrypted:false
          SSDEEP:
          MD5:D6CFA4D8028DE715500B0E1B0A3A8E06
          SHA1:3C2117DB1A005A5FD9E32BC33D8C7C3D9D576FCA
          SHA-256:D339838AA6A669B0984C7BF44C215D74346A364ACD9ED4CD68B1A463736AFCB0
          SHA-512:E76FA3D353AFAF94D64ED21DEDB73B3DBF3FBAC59C7617DBD8E161FBAF0329A5424F2BDFE8B25E9F2F045E4076EA7153A368F17FC36D1D80A3A5239F8E553E5B
          Malicious:false
          Reputation:unknown
          Preview:....I.N.C.L.U.D.E.P.I.C.T.U.R.E. .".c.i.d.:.d.o.w.n.l.o.a.d...p.n.g.". .\.*. .M.E.R.G.E.F.O.R.M.A.T.I.N.E.T... . .......................................................................................................................................................................................................................................................................................................................................................................................................................................0...`..."........................................................................................................................................................................................................................................................................................................................................................................................................................................................-D..M..........

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1734338534785511700_98235053-C96F-488B-A94B-6A62023BA0A0.log

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:ASCII text, with very long lines (28769), with CRLF line terminators
          Category:dropped
          Size (bytes):20971520
          Entropy (8bit):0.16376229789945349
          Encrypted:false
          SSDEEP:
          MD5:53836445C4A722EE8E0624AF41CFFDDD
          SHA1:19F8CAD5E9DA0AADC36835FA0AE763C021AA5741
          SHA-256:E724CCF180D1AF7D24E75FBCED23EE37BB3FACE4F65EE1E2BF819DB6D0A79614
          SHA-512:6CFEF1B364870C5FC5F781DA4F30EC096607BE5DAC16298A7EF278828AF6DDE457E8DA719E4047C3F140BC087ED7478579E55116C471860E735C29594790418C
          Malicious:false
          Reputation:unknown
          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/16/2024 08:42:14.817.OUTLOOK (0x1BC8).0x1BCC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2024-12-16T08:42:14.817Z","Contract":"Office.System.Activity","Activity.CV":"U1AjmG/Ji0ipS2piAjugoA.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...12/16/2024 08:42:14.833.OUTLOOK (0x1BC8).0x1BCC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2024-12-16T08:42:14.833Z","Contract":"Office.System.Activity","Activity.CV":"U1AjmG/Ji0ipS2piAjugoA.4.12","Activity.Duration":10756,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1734338534786164700_98235053-C96F-488B-A94B-6A62023BA0A0.log

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):20971520
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241216T0342140579-7112.etl

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:modified
          Size (bytes):106496
          Entropy (8bit):4.496334763619109
          Encrypted:false
          SSDEEP:
          MD5:55C5059616D52D7A8AC8D02EFA453F88
          SHA1:6D460C9FA35E19C383C4BC79FE439FF0D9A09081
          SHA-256:9803AF8AAD87835D2FA9C4F1928538FD4F3817D8F7AF4ED553C986C2EEA8D655
          SHA-512:B64216B17819FAC686081C4C81EBEC359F4173D65BF1BEC19C9945506CDA3249449AE85BCFDB8AAB07919E75886575F791F99B532B027F1A9B3D53E973E4DA8A
          Malicious:false
          Reputation:unknown
          Preview:............................................................................`...........#..g.O..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................G..Y..........#..g.O..........v.2._.O.U.T.L.O.O.K.:.1.b.c.8.:.b.7.6.d.5.5.8.1.1.e.2.2.4.5.c.c.b.0.c.5.0.4.a.2.2.9.d.f.2.2.0.f...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.2.1.6.T.0.3.4.2.1.4.0.5.7.9.-.7.1.1.2...e.t.l.......P.P.........#..g.O..........................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):30
          Entropy (8bit):1.2389205950315936
          Encrypted:false
          SSDEEP:
          MD5:2C4E2C56C875E59B155128049B82EAFA
          SHA1:A46F94AF26958D12D4AF75ED417B8EE57FF7296B
          SHA-256:C1A6CB4965906C1E1F57109621D145182DB04644297EB73A413D1AE146B773FD
          SHA-512:DDC00D1827F01D903C891D970B63138B2917AFD371DC2EB06A915DE34B332B5E681FD54F1A80D7B19FC71A8E67BBC25EAC55A3CA704E776AD243659304BB3F15
          Malicious:false
          Reputation:unknown
          Preview:..............................

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 07:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2673
          Entropy (8bit):3.981415709906608
          Encrypted:false
          SSDEEP:
          MD5:47DD52C0700015B89EC0F84E6AB9AED1
          SHA1:58ABEF5F7F06AAB7C3A571F8E10BBED944EFEB34
          SHA-256:FCD224CD78912F2130370085AF6D9ED275FE984BB5066143E52763DFD0D65FEB
          SHA-512:B301DAD39179809AB970DD6710A1EBF0B3A854A45EBE9F6005832BE4FC7984267284265C62B1D55AAE42040EFF388B09D866CED33DEE851A81350A40A0A6D537
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,......l.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y;E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YJE....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YJE....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YJE..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YLE...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k..Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 07:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2675
          Entropy (8bit):3.997255339737231
          Encrypted:false
          SSDEEP:
          MD5:2E01BD6E8A694677034D2C03C0BF94F2
          SHA1:DFADF16A177D232999305F8D88E5AE4FCEB8A873
          SHA-256:28BA00044E14B8D010126B62719F2E4BBFECE494CA7614513FE597B551CD877A
          SHA-512:40D39845149E426A3B3795C09E9073FB82B1E1670A605663C602D7BD5103E21D1BA01E2E3E98BDDACC8D3072326A0941D91C5BAB82D5631DFBA1E48B67E2BEA2
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......l.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y;E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YJE....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YJE....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YJE..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YLE...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k..Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2689
          Entropy (8bit):4.006034197242522
          Encrypted:false
          SSDEEP:
          MD5:305D85E1235617D1CEEE4DBDDEF7E66A
          SHA1:D14E83359CD45353B942FDD4390EB1CF051EE008
          SHA-256:B06AEA303738781E9CFE499E2915F62AEC7ED5F9ABBAF3BD6433BF893318A451
          SHA-512:55A67AED103A55439F29B3DF4A14A0DDE78A64DFBBE8AE345D8008584A10486E5DD724E376C7EF4E542C01551BDC321212DA54531D132FDEA35A46999A1684AC
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y;E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YJE....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YJE....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YJE..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k..Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 07:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.995945626794846
          Encrypted:false
          SSDEEP:
          MD5:069E5A2FDD6CB2F6D7331CF34114A559
          SHA1:0843A9D2C62A8B81ED8119EEE10720534DD9DE83
          SHA-256:0E1BA09B94762B28594F60739F79673BA798AA525A1365BEDD9C4E24C21425B7
          SHA-512:CDCAC7882E3B11845341AEF041F520C0FF7B33B940740858DFC74399ABB4AC4C27E851629D3A6878C0459B57686226DCA39E44D057CC6CD7E597978FC7E0EF9F
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......l.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y;E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YJE....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YJE....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YJE..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YLE...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k..Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 07:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.983814813400492
          Encrypted:false
          SSDEEP:
          MD5:63B5D830099496E7142A1A894DA6E9E6
          SHA1:72D06B6912D860CA24CA83F73A11694078322C9E
          SHA-256:9AB99FF4A3989DE1DA395A9EE8BFC52609A1AA9538170EA56D0C3E1D732E7D37
          SHA-512:2193AE5B8EE23098F42A836B756CA6B9AFB377396C623B0ECFE6E1463720C6698C58069E2649CBF801EBAB9D75E5EA927A6CE6C2CB823100C57D3E55FC156A79
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......l.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y;E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YJE....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YJE....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YJE..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YLE...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k..Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 16 07:42:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.9916385857695915
          Encrypted:false
          SSDEEP:
          MD5:307C1AC8EAB7B87379E47FC99DC67AAE
          SHA1:B8EB411E55F6F822B2665F2AF37D313053E8D0A0
          SHA-256:305D12F33F62C7996A20A46B14027CF5CFF27791D982754675A5E41A604187EA
          SHA-512:907E148AA7BF747C1EA5D35FAED7C9E7DBC77D3C6AD4A33B9AC281550515B1808842E6AEC3B58FD4652DA4274855CB76C7DBD629F5BFF6B5DA50DA95277F9690
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....(.l.O..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y;E....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.YJE....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.YJE....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.YJE..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.YLE...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........k..Y.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:Microsoft Outlook email folder (>=2003)
          Category:dropped
          Size (bytes):271360
          Entropy (8bit):5.6166128570634495
          Encrypted:false
          SSDEEP:
          MD5:4AAF2344B4B332F7F53F016F87463A85
          SHA1:B3296E90BB88368A35B1C180A2069A71CD190794
          SHA-256:BC0D9FD573E93ABCC6A12850738044F443DB4AB66FA067111917D4FC3C3E9EC6
          SHA-512:C6511AEBED70ABA75584907ECD62558D20F64733ED52430019C8AC99B3D8598734A0248CFD18FFA6FFA330B01A13271F08B62EB8A9341C767E8F2B4AADE2AB24
          Malicious:true
          Reputation:unknown
          Preview:!BDN[...SM......\.......................[................@...........@...@...................................@...........................................................................$.......D.......2...................................................................................................................................................................................................................................................................................................................................,..D{-.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):262144
          Entropy (8bit):5.040493353182439
          Encrypted:false
          SSDEEP:
          MD5:0FCCF4860F39AA5C7FFB081501BFFF01
          SHA1:531B85E16161211DCA823500972C40204DE43D75
          SHA-256:E5FE3D78E17252A0C5ADCD524642A65086EB6C0B620CDA53BDD552F91AF6DCFD
          SHA-512:079E9BC38B22BECA319129D3D7FEA70E30FF71C01105642E6931EBFF35222AB4A1DCB99DD1D41F825E8071899188DF74926F819BAF9FFFDCD00CECFA49B5D43B
          Malicious:true
          Reputation:unknown
          Preview:ls..C...{.............g.O....................#.!BDN[...SM......\.......................[................@...........@...@...................................@...........................................................................$.......D.......2...................................................................................................................................................................................................................................................................................................................................,..D{-...g.O.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

          Chrome Cache Entry: 62

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (8177)
          Category:downloaded
          Size (bytes):71330
          Entropy (8bit):5.422886126598468
          Encrypted:false
          SSDEEP:
          MD5:C0D7C3E89C6ACE86E6BFABACD172B1E8
          SHA1:D4049B0E094AB5D28004573CADEECE1A96E0DF51
          SHA-256:E8FED6DE2127C42994E3C6946E26A2F9F67E9BB90AC0515FF9ED6BA23114E043
          SHA-512:7BF184B0C4AD41E18C48139751877EF36ADA71E9D0D35919F18C4D4E02031A2D2633ED01446B3E6D1044F5EEBD5C6B19AAE2FF3FE7314A257225A126FE48DC50
          Malicious:false
          Reputation:unknown
          URL:https://dskdjk3432.blogspot.com/
          Preview:<!DOCTYPE html>.<html dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'>.<head><script type='text/javascript'> window.location.href = "https://home-online-richiesta-intesasanpaolo-web.codeanyapp.com/it/web/login.php"; </script>.<meta content='width=device-width, initial-scale=1' name='viewport'/>.<title>sublas</title>.<meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/>. Chrome, Firefox OS and Opera -->.<meta content='#444444' name='theme-color'/>. Windows Phone -->.<meta content='#444444' name='msapplication-navbutton-color'/>.<meta content='blogger' name='generator'/>.<link href='https://dskdjk3432.blogspot.com/favicon.ico' rel='icon' type='image/x-icon'/>.<link href='https://dskdjk3432.blogspot.com/' rel='canonical'/>.<link rel="alternate" type="application/atom+xml" title="sublas - Atom" href="https://dskdjk3432.blogspot.c

          Static File Info

          General

          File type:RFC 822 mail, ASCII text, with CRLF line terminators
          Entropy (8bit):6.165707565549434
          TrID:
          • E-Mail message (Var. 5) (54515/1) 100.00%
          File name:attachment.eml
          File size:142'023 bytes
          MD5:a48040f44818fae9d7247f88f4f6449e
          SHA1:9b962750ad12df9c8f2a5dc67d204a7d14bc5203
          SHA256:ed1179bc602b363bf56309ac5a34f4943acd7758fb9c73fad07a6b82339ea08a
          SHA512:1e3232b11a3b39730190b4e42fde4b2ca630ad502bfabbb7053f898bbe3918752a8cb97361a6a13959f18e6bd6819dba5fa61fb2836cdf0f290fec7b8a7d6ee6
          SSDEEP:3072:/ev9KZZ0r8uIfpAd7X16dt/2lpZjLPdDXWvv3HWe:MI2Ead78d0lpZjL1DXWvvGe
          TLSH:BAD38D0992538F91003AB1E1F8DB07D431724F5BDE2256E267FE77A6EB4DA2021917F8
          File Content Preview:Received: from [4.232.138.190] (4.232.138.190) by mail.postacert.it.net (authenticated as giovacaddeo@pec.libero.it).. id 673DF5DD004ED61E for beantech@pec.it; Sat, 14 Dec 2024 11:48:10 +0100..From: Intesa sanpaolo <giovacaddeo@pec.libero.it>..To:

          Static Mail

          General

          Subject:Intesa Sanpaolo: Urgente Verifica delle Informazioni del tuo Conto.
          From:Intesa sanpaolo <giovacaddeo@pec.libero.it>
          To:"beantech@pec.it" <beantech@pec.it>
          Cc:
          BCC:
          Date:Sat, 14 Dec 2024 11:48:10 +0100
          Communications:
          • Gentile beantech Ti informiamo che l'accesso e le funzionalit del tuo conto Intesa Sanpaolo sono state temporaneamente disabilitate. Questa misura stata adottata poich non hai ancora effettuato la verifica obbligatoria del tuo profilo di Online Banking, nonostante le nostre precedenti comunicazioni. Per ripristinare l'uso della tua carta e l'accesso ai servizi, abbiamo bisogno che tu confermi la tua identit compilando alcuni dati gi registrati sul nostro sito al momento della tua iscrizione. Ti invitiamo a cliccare sul pulsante seguente e seguire le istruzioni: PROCEDI Ti ricordiamo che l'accesso ai servizi di Intesa Sanpaolo (come prelievi, pagamenti e altre operazioni) rimarr limitato finch la verifica non verr completata correttamente. Per qualsiasi chiarimento o necessit, il nostro Servizio Clienti a tua completa disposizione. Cordiali saluti, Intesa Sanpaolo - Servizio Clienti Il tuo consulente personale sempre a tua disposizione. giovacaddeo@pec.libero.it Prima di stampare, pensa all'ambiente ** Think about the environment before printing Il presente messaggio, inclusi gli eventuali allegati, ha natura aziendale e potrebbe contenere informazioni confidenziali e/o riservate. Chiunque lo ricevesse per errore, pregato di avvisare tempestivamente il mittente e di cancellarlo. E strettamente vietata qualsiasi forma di utilizzo, riproduzione o diffusione non autorizzata del contenuto di questo messaggio o di parte di esso. Pur essendo state assunte le dovute precauzioni per ridurre al minimo il rischio di trasmissione di virus, si suggerisce di effettuare gli opportuni controlli sui documenti allegati al presente messaggio. Non si assume alcuna responsabilit per eventuali danni o perdite derivanti dalla presenza di virus. Per lo svolgimento delle attivit di investimento nel Regno Unito, la societ autorizzata da Banca d'Italia ed soggetta alla vigilanza limitata della Financial Conduct Authority ( FCA ) e della Prudential Regulation Authority ( PRA ) . Maggiori informazioni in merito ai poteri di vigilanza della Financial Conduct Authority ( FCA ) e della Prudential Regulation Authority ( PRA ) sono a disposizione previa richiesta. Nel Regno Unito Intesa Sanpaolo S.p.A. opera attraverso la filiale di Londra, sita in 90 Queen Street, London EC4N 1SA, registrata in Inghilterra & Galles sotto No.FC016201, Branch No.BR000036 In osservanza dei requisiti imposti da Internal Revenue Service (Agenzia delle Entrate degli Stati Uniti), qualunque discussione relativa a temi di natura fiscale contenuta in questo messaggio o nei suoi allegati non intesa n stata scritta per essere utilizzata, n pu essere utilizzata, per (i) evitare limposizione di gravami fiscali secondo il codice tributario vigente negli Stati Uniti o (ii) per promuovere, sollecitare o raccomandare una operazione finanziaria o altra transazione indirizzata a un altro destinatario. Nella Repubblica dIrlanda, Intesa Sanpaolo Bank Ireland plc regolamentata dalla Banca Centrale dIrlanda ed parte del Gruppo Bancario Intesa Sanpaolo S.p.A. Registrata in Irlanda come societ numero 125216 IVA Reg. IE4817418C IE, sita in 2nd Floor, International House, 3 Harbourmaster Place, IFSC, Dublino 1, D01 K8F1, Irlanda. This email (including any attachment) is a corporate message and may contain confidential and/or privileged and/or proprietary information. If you have received this email in error, please notify the sender immediately, do not use or share it and destroy this email. Any unauthorised use, copying or disclosure of the material in this email or of parts hereof (including reliance thereon) is strictly forbidden. We have taken precautions to minimize the risk of transmitting software viruses but nevertheless advise you to carry out your own virus checks on any attachment of this message. We accept no liability for loss or damage caused by software viruses. For the conduct of investment business in the UK, the Company is authorised by Banca dItalia and subject to limited regulation in the UK by the Financial Conduct Authority ( FCA ) and the Prudential Regulation Authority ( PRA ). Details about the extent of our regulation by the Financial Conduct Authority ( FCA ) and the Prudential Regulation Authority ( PRA ) are available from us on request. In the UK Intesa Sanpaolo S.p.A. operates through its London Branch, located at 90 Queen Street, London EC4N 1SA. Registered in England & Wales under No.FC016201, Branch No.BR000036 To comply with requirements imposed by the IRS, we inform you that any discussion of U.S. federal tax issues contained herein (including any attachments) was not intended or written to be used, and cannot be used by you, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. In the Republic of Ireland, Intesa Sanpaolo Bank Ireland plc is regulated by the Central Bank of Ireland and is a member of the Intesa Sanpaolo Group. It is registered in Ireland as company no.125216 VAT Reg. No. IE 4817418C and located at 2nd Floor, International House, 3 Harbourmaster Place, IFSC, Dublin 1, D01 K8F1, Ireland. Gentile beantech Ti informiamo che l'accesso e le funzionalit del tuo conto Intesa Sanpaolo sono state temporaneamente disabilitate. Questa misura stata adottata poich non hai ancora effettuato la verifica obbligatoria del tuo profilo di Online Banking, nonostante le nostre precedenti comunicazioni. Per ripristinare l'uso della tua carta e l'accesso ai servizi, abbiamo bisogno che tu confermi la tua identit compilando alcuni dati gi registrati sul nostro sito al momento della tua iscrizione. Ti invitiamo a cliccare sul pulsante seguente e seguire le istruzioni: PROCEDI Ti ricordiamo che l'accesso ai servizi di Intesa Sanpaolo (come prelievi, pagamenti e altre operazioni) rimarr limitato finch la verifica non verr completata correttamente. Per qualsiasi chiarimento o necessit, il nostro Servizio Clienti a tua completa disposizione. Cordiali saluti, Intesa Sanpaolo - Servizio Clienti Il tuo consulente personale sempre a tua disposizione. giovacaddeo@pec.libero.it Prima di stampare, pensa all'ambiente ** Think about the environment before printing Il presente messaggio, inclusi gli eventuali allegati, ha natura aziendale e potrebbe contenere informazioni confidenziali e/o riservate. Chiunque lo ricevesse per errore, pregato di avvisare tempestivamente il mittente e di cancellarlo. E strettamente vietata qualsiasi forma di utilizzo, riproduzione o diffusione non autorizzata del contenuto di questo messaggio o di parte di esso. Pur essendo state assunte le dovute precauzioni per ridurre al minimo il rischio di trasmissione di virus, si suggerisce di effettuare gli opportuni controlli sui documenti allegati al presente messaggio. Non si assume alcuna responsabilit per eventuali danni o perdite derivanti dalla presenza di virus. Per lo svolgimento delle attivit di investimento nel Regno Unito, la societ autorizzata da Banca d'Italia ed soggetta alla vigilanza limitata della Financial Conduct Authority ( FCA ) e della Prudential Regulation Authority ( PRA ) . Maggiori informazioni in merito ai poteri di vigilanza della Financial Conduct Authority ( FCA ) e della Prudential Regulation Authority ( PRA ) sono a disposizione previa richiesta. Nel Regno Unito Intesa Sanpaolo S.p.A. opera attraverso la filiale di Londra, sita in 90 Queen Street, London EC4N 1SA, registrata in Inghilterra & Galles sotto No.FC016201, Branch No.BR000036 In osservanza dei requisiti imposti da Internal Revenue Service (Agenzia delle Entrate degli Stati Uniti), qualunque discussione relativa a temi di natura fiscale contenuta in questo messaggio o nei suoi allegati non intesa n stata scritta per essere utilizzata, n pu essere utilizzata, per (i) evitare limposizione di gravami fiscali secondo il codice tributario vigente negli Stati Uniti o (ii) per promuovere, sollecitare o raccomandare una operazione finanziaria o altra transazione indirizzata a un altro destinatario. Nella Repubblica dIrlanda, Intesa Sanpaolo Bank Ireland plc regolamentata dalla Banca Centrale dIrlanda ed parte del Gruppo Bancario Intesa Sanpaolo S.p.A. Registrata in Irlanda come societ numero 125216 IVA Reg. IE4817418C IE, sita in 2nd Floor, International House, 3 Harbourmaster Place, IFSC, Dublino 1, D01 K8F1, Irlanda. This email (including any attachment) is a corporate message and may contain confidential and/or privileged and/or proprietary information. If you have received this email in error, please notify the sender immediately, do not use or share it and destroy this email. Any unauthorised use, copying or disclosure of the material in this email or of parts hereof (including reliance thereon) is strictly forbidden. We have taken precautions to minimize the risk of transmitting software viruses but nevertheless advise you to carry out your own virus checks on any attachment of this message. We accept no liability for loss or damage caused by software viruses. For the conduct of investment business in the UK, the Company is authorised by Banca dItalia and subject to limited regulation in the UK by the Financial Conduct Authority ( FCA ) and the Prudential Regulation Authority ( PRA ). Details about the extent of our regulation by the Financial Conduct Authority ( FCA ) and the Prudential Regulation Authority ( PRA ) are available from us on request. In the UK Intesa Sanpaolo S.p.A. operates through its London Branch, located at 90 Queen Street, London EC4N 1SA. Registered in England & Wales under No.FC016201, Branch No.BR000036 To comply with requirements imposed by the IRS, we inform you that any discussion of U.S. federal tax issues contained herein (including any attachments) was not intended or written to be used, and cannot be used by you, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. In the Republic of Ireland, Intesa Sanpaolo Bank Ireland plc is regulated by the Central Bank of Ireland and is a member of the Intesa Sanpaolo Group. It is registered in Ireland as company no.125216 VAT Reg. No. IE 4817418C and located at 2nd Floor, International House, 3 Harbourmaster Place, IFSC, Dublin 1, D01 K8F1, Ireland. Gentile beantech Ti informiamo che l'accesso e le funzionalit del tuo conto Intesa Sanpaolo sono state temporaneamente disabilitate. Questa misura stata adottata poich non hai ancora effettuato la verifica obbligatoria del tuo profilo di Online Banking, nonostante le nostre precedenti comunicazioni. Per ripristinare l'uso della tua carta e l'accesso ai servizi, abbiamo bisogno che tu confermi la tua identit compilando alcuni dati gi registrati sul nostro sito al momento della tua iscrizione. Ti invitiamo a cliccare sul pulsante seguente e seguire le istruzioni: PROCEDI Ti ricordiamo che l'accesso ai servizi di Intesa Sanpaolo (come prelievi, pagamenti e altre operazioni) rimarr limitato finch la verifica non verr completata correttamente. PROCEDI https://dskdjk3432.blogspot.com/ Per qualsiasi chiarimento o necessit, il nostro Servizio Clienti a tua completa disposizione. Cordiali saluti, Intesa Sanpaolo - Servizio Clienti Il tuo consulente personale sempre a tua disposizione. giovacaddeo@pec.libero.it giovacaddeo@pec.libero.it mailto:giovacaddeo@pec.libero.it Prima di stampare, pensa all'ambiente ** Think about the environment before printing Prima di stampare, pensa all'ambiente ** Think about the environment before printing Il presente messaggio, inclusi gli eventuali allegati, ha natura aziendale e potrebbe contenere informazioni confidenziali e/o riservate. Chiunque lo ricevesse per errore, pregato di avvisare tempestivamente il mittente e di cancellarlo. E strettamente vietata qualsiasi forma di utilizzo, riproduzione o diffusione non autorizzata del contenuto di questo messaggio o di parte di esso. Pur essendo state assunte le dovute precauzioni per ridurre al minimo il rischio di trasmissione di virus, si suggerisce di effettuare gli opportuni controlli sui documenti allegati al presente messaggio. Non si assume alcuna responsabilit per eventuali danni o perdite derivanti dalla presenza di virus. Per lo svolgimento delle attivit di investimento nel Regno Unito, la societ autorizzata da Banca d'Italia ed soggetta alla vigilanza limitata della Financial Conduct Authority ( FCA ) e della Prudential Regulation Authority ( PRA ) . Maggiori informazioni in merito ai poteri di vigilanza della Financial Conduct Authority ( FCA ) e della Prudential Regulation Authority ( PRA ) sono a disposizione previa richiesta. Nel Regno Unito Intesa Sanpaolo S.p.A. opera attraverso la filiale di Londra, sita in 90 Queen Street, London EC4N 1SA, registrata in Inghilterra & Galles sotto No.FC016201, Branch No.BR000036 In osservanza dei requisiti imposti da Internal Revenue Service (Agenzia delle Entrate degli Stati Uniti), qualunque discussione relativa a temi di natura fiscale contenuta in questo messaggio o nei suoi allegati non intesa n stata scritta per essere utilizzata, n pu essere utilizzata, per (i) evitare limposizione di gravami fiscali secondo il codice tributario vigente negli Stati Uniti o (ii) per promuovere, sollecitare o raccomandare una operazione finanziaria o altra transazione indirizzata a un altro destinatario. Nella Repubblica dIrlanda, Intesa Sanpaolo Bank Ireland plc regolamentata dalla Banca Centrale dIrlanda ed parte del Gruppo Bancario Intesa Sanpaolo S.p.A. Registrata in Irlanda come societ numero 125216 IVA Reg. IE4817418C IE, sita in 2nd Floor, International House, 3 Harbourmaster Place, IFSC, Dublino 1, D01 K8F1, Irlanda. Il presente messaggio, inclusi gli eventuali allegati, ha natura aziendale e potrebbe contenere informazioni confidenziali e/o riservate. Chiunque lo ricevesse per errore, pregato di avvisare tempestivamente il mittente e di cancellarlo. E strettamente vietata qualsiasi forma di utilizzo, riproduzione o diffusione non autorizzata del contenuto di questo messaggio o di parte di esso. Pur essendo state assunte le dovute precauzioni per ridurre al minimo il rischio di trasmissione di virus, si suggerisce di effettuare gli opportuni controlli sui documenti allegati al presente messaggio. Non si assume alcuna responsabilit per eventuali danni o perdite derivanti dalla presenza di virus. Per lo svolgimento delle attivit di investimento nel Regno Unito, la societ autorizzata da Banca d'Italia ed soggetta alla vigilanza limitata della Financial Conduct Authority ( FCA ) e della Prudential Regulation Authority ( PRA ) . Maggiori informazioni in merito ai poteri di vigilanza della Financial Conduct Authority ( FCA ) e della Prudential Regulation Authority ( PRA ) sono a disposizione previa richiesta. Nel Regno Unito Intesa Sanpaolo S.p.A. opera attraverso la filiale di Londra, sita in 90 Queen Street, London EC4N 1SA, registrata in Inghilterra & Galles sotto No.FC016201, Branch No.BR000036 In osservanza dei requisiti imposti da Internal Revenue Service (Agenzia delle Entrate degli Stati Uniti), qualunque discussione relativa a temi di natura fiscale contenuta in questo messaggio o nei suoi allegati non intesa n stata scritta per essere utilizzata, n pu essere utilizzata, per (i) evitare limposizione di gravami fiscali secondo il codice tributario vigente negli Stati Uniti o (ii) per promuovere, sollecitare o raccomandare una operazione finanziaria o altra transazione indirizzata a un altro destinatario. Nella Repubblica dIrlanda, Intesa Sanpaolo Bank Ireland plc regolamentata dalla Banca Centrale dIrlanda ed parte del Gruppo Bancario Intesa Sanpaolo S.p.A. Registrata in Irlanda come societ numero 125216 IVA Reg. IE4817418C IE, sita in 2nd Floor, International House, 3 Harbourmaster Place, IFSC, Dublino 1, D01 K8F1, Irlanda. Intesa Intesa Intesa Sanpaolo Sanpaolo Sanpaolo intesa intesa intesa Intesa Intesa Intesa Sanpaolo Sanpaolo Sanpaolo Intesa Intesa Intesa Sanpaolo Sanpaolo Sanpaolo This email (including any attachment) is a corporate message and may contain confidential and/or privileged and/or proprietary information. If you have received this email in error, please notify the sender immediately, do not use or share it and destroy this email. Any unauthorised use, copying or disclosure of the material in this email or of parts hereof (including reliance thereon) is strictly forbidden. We have taken precautions to minimize the risk of transmitting software viruses but nevertheless advise you to carry out your own virus checks on any attachment of this message. We accept no liability for loss or damage caused by software viruses. For the conduct of investment business in the UK, the Company is authorised by Banca dItalia and subject to limited regulation in the UK by the Financial Conduct Authority ( FCA ) and the Prudential Regulation Authority ( PRA ). Details about the extent of our regulation by the Financial Conduct Authority ( FCA ) and the Prudential Regulation Authority ( PRA ) are available from us on request. In the UK Intesa Sanpaolo S.p.A. operates through its London Branch, located at 90 Queen Street, London EC4N 1SA. Registered in England & Wales under No.FC016201, Branch No.BR000036 To comply with requirements imposed by the IRS, we inform you that any discussion of U.S. federal tax issues contained herein (including any attachments) was not intended or written to be used, and cannot be used by you, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. In the Republic of Ireland, Intesa Sanpaolo Bank Ireland plc is regulated by the Central Bank of Ireland and is a member of the Intesa Sanpaolo Group. It is registered in Ireland as company no.125216 VAT Reg. No. IE 4817418C and located at 2nd Floor, International House, 3 Harbourmaster Place, IFSC, Dublin 1, D01 K8F1, Ireland. This email (including any attachment) is a corporate message and may contain confidential and/or privileged and/or proprietary information. If you have received this email in error, please notify the sender immediately, do not use or share it and destroy this email. Any unauthorised use, copying or disclosure of the material in this email or of parts hereof (including reliance thereon) is strictly forbidden. We have taken precautions to minimize the risk of transmitting software viruses but nevertheless advise you to carry out your own virus checks on any attachment of this message. We accept no liability for loss or damage caused by software viruses. For the conduct of investment business in the UK, the Company is authorised by Banca dItalia and subject to limited regulation in the UK by the Financial Conduct Authority ( FCA ) and the Prudential Regulation Authority ( PRA ). Details about the extent of our regulation by the Financial Conduct Authority ( FCA ) and the Prudential Regulation Authority ( PRA ) are available from us on request. In the UK Intesa Sanpaolo S.p.A. operates through its London Branch, located at 90 Queen Street, London EC4N 1SA. Registered in England & Wales under No.FC016201, Branch No.BR000036 To comply with requirements imposed by the IRS, we inform you that any discussion of U.S. federal tax issues contained herein (including any attachments) was not intended or written to be used, and cannot be used by you, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. In the Republic of Ireland, Intesa Sanpaolo Bank Ireland plc is regulated by the Central Bank of Ireland and is a member of the Intesa Sanpaolo Group. It is registered in Ireland as company no.125216 VAT Reg. No. IE 4817418C and located at 2nd Floor, International House, 3 Harbourmaster Place, IFSC, Dublin 1, D01 K8F1, Ireland. Intesa Intesa Intesa Sanpaolo Sanpaolo Sanpaolo Intesa Intesa Intesa Sanpaolo Sanpaolo Sanpaolo Intesa Intesa Intesa Sanpaolo Sanpaolo Sanpaolo
          Attachments:
          • download.png

          Headers

          Key Value
          Receivedfrom [4.232.138.190] (4.232.138.190) by mail.postacert.it.net (authenticated as giovacaddeo@pec.libero.it) id 673DF5DD004ED61E for beantech@pec.it; Sat, 14 Dec 2024 11:48:10 +0100
          FromIntesa sanpaolo <giovacaddeo@pec.libero.it>
          To"beantech@pec.it" <beantech@pec.it>
          SubjectIntesa Sanpaolo: Urgente Verifica delle Informazioni del tuo Conto.
          Thread-TopicIntesa Sanpaolo: Urgente Verifica delle Informazioni del tuo Conto.
          Thread-IndexAQHmAy6ZPBh9JUVgYEW0c2fwYPg9WQ==
          X-MS-Exchange-MessageSentRepresentingType1
          DateSat, 14 Dec 2024 11:48:10 +0100
          Message-ID <C03858E5.0002044A.C4C86FC7.91A1EF66.posta-certificata@postacert.it.net>
          X-MS-Has-Attachyes
          X-MS-TNEF-Correlator
          X-MS-Exchange-Organization-RecordReviewCfmType0
          Content-Typemultipart/related; boundary="_002_C03858E50002044AC4C86FC791A1EF66postacertificatapostace_"; type="text/html"
          MIME-Version1.0

          File Icon

          Icon Hash:46070c0a8e0c67d6