Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml

Overview

General Information

Sample name:10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml
Analysis ID:1579872
MD5:37c71c10b25013ca045958ebf00e4495
SHA1:8354a5026af12f96a927896a42a158182f4bd158
SHA256:1407bb11fc70b330018f3d319c6791a176aeb2550460fca1024b43240c0646e7
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

  • System is w10x64
  • OUTLOOK.EXE (PID: 7520 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7992 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "53A83CD3-29D4-475C-BEDE-AA9C7217A78D" "ED936F4F-E059-49C7-A7A0-9E6969A037F8" "7520" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup
No configs have been found
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7520, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: EmailJoe Sandbox AI: Page contains button: 'VISUALIZZARE IL DOCUMENTO' Source: 'Email'
Source: EmailJoe Sandbox AI: Email contains prominent button: 'visualizzare il documento'
Source: EmailJoe Sandbox AI: Detected potential phishing email: Email sent to 'Undisclosed recipients' which is a common phishing tactic. Subject line contains random numbers and is in all caps, typical of phishing attempts. Despite professional-looking signature, the domain 'laimilano.it' combined with a PowerApps portal link is suspicious
Source: EmailClassification: Credential Stealer
Source: 10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml, ~WRS{A9802F9B-24AD-4EB6-8308-3890DAA46C28}.tmp.0.drString found in binary or memory: https://laimilano.powerappsportals.com/
Source: 10aabab2-6acc-5db8-1bf1-5bfd27e650f1.emlString found in binary or memory: https://laimilano.powerappsportals.com=
Source: classification engineClassification label: mal48.winEML@3/12@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241223T0721010531-7520.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "53A83CD3-29D4-475C-BEDE-AA9C7217A78D" "ED936F4F-E059-49C7-A7A0-9E6969A037F8" "7520" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "53A83CD3-29D4-475C-BEDE-AA9C7217A78D" "ED936F4F-E059-49C7-A7A0-9E6969A037F8" "7520" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Process Injection
LSASS Memory13
System Information Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://laimilano.powerappsportals.com=10aabab2-6acc-5db8-1bf1-5bfd27e650f1.emlfalse
    unknown
    https://laimilano.powerappsportals.com/10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml, ~WRS{A9802F9B-24AD-4EB6-8308-3890DAA46C28}.tmp.0.drfalse
      unknown
      No contacted IP infos
      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1579872
      Start date and time:2024-12-23 13:19:56 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 43s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:5
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml
      Detection:MAL
      Classification:mal48.winEML@3/12@0/0
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • Found application associated with file extension: .eml
      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
      • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.109.28.47, 13.89.179.9, 20.231.128.67, 13.107.246.63, 172.202.163.200
      • Excluded domains from analysis (whitelisted): ecs.office.com, otelrules.azureedge.net, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprdcus09.centralus.cloudapp.azure.com, uks-azsc-000.roaming.officeapps.live.com, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com
      • Report size getting too big, too many NtQueryAttributesFile calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtReadVirtualMemory calls found.
      • VT rate limit hit for: 10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml
      No simulations
      No context
      No context
      No context
      No context
      No context
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):231348
      Entropy (8bit):4.387016052906464
      Encrypted:false
      SSDEEP:3072:NLgtv8gymiGu2IqoQ+rt0Fv5ZDDlTUz9q:Niqmi2VHDDlAz8
      MD5:D561D28A1B550B14F100E3E9E575D00D
      SHA1:6763BA45DE5D5F16D71F4FDAC82292929BF64F7E
      SHA-256:6353E0ACBF86F23B15D0A4A941F35FA852A9A0A9D3B64928614F85EE002B859B
      SHA-512:15F0773E4953534353C6921CD31D07AB30BD184E62E3AEEC317A9995E5FB393103F8D2CD9DA8B32E949740D2A93A391E0AF3701DF6CCEB5F89FB54A6DA34045E
      Malicious:false
      Reputation:low
      Preview:TH02...... ..G..5U......SM01X...,......5U..........IPM.Activity...........h...............h............H..h........B.Z....h............H..h\alf ...AppD...h....0...h......hZ.............h........_`.j...h...@...I..v...h....H...8..j...0....T...............d.........2h...............k..............!h.............. h..............#h....8.........$h........8....."h..............'h..............1hZ..<.........0h....4.....j../h....h......jH..h.O..p.........-h .............+h".................. ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
      Category:modified
      Size (bytes):1869
      Entropy (8bit):5.089005242262636
      Encrypted:false
      SSDEEP:48:cGaYdypdSyrvnzy7Syc0JdyYIdydASyNdyrwnzyrMdnzyDkSyrXnzyO:zEpdbT27bHEhEdAbNEs2Yd2IbT2O
      MD5:D7FFEFB97867E1F5595FAA0F0A3D9736
      SHA1:7BA4645545584BFB344664B78B843FED3A29E933
      SHA-256:61D0A3373C83A9724516223C7DAB53A651D428FAB2F07A239AEAC85D305D27BA
      SHA-512:FD5E5D898988F11E9A391D3FE72ADA1636D71C9CD49DA241989BBA992401ED8D7747F9930B642672D4244F50547E9923713BC45C90753BCCA5C75AFF12792CB7
      Malicious:false
      Reputation:low
      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-12-23T12:21:08Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-04T14:08:57Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-04T14:08:57Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-04T14:08:57Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_26215682</Id><LAT>2024-12-23T12:21:08Z</LAT><key>31169036496.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2024-12-23T12:21:08Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876226<
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):0.04616353740967531
      Encrypted:false
      SSDEEP:3:GtlxtjlNS7gG85t18b/LlxtjlNS7gG85t18b/Q/1R9//8l1lvlll1lllwlvlllgM:Gtgk52gk5z9X01PH4l942wU
      MD5:82FED02B38D0E248EB62C387184E4A03
      SHA1:F490B97D3640DC9B94DE9B79B103A2D7501611CB
      SHA-256:8ADAAEB7C4C20B0DCCA2FF4D1353384D5C74C2F9EB6E21F4F0F8A69BE92E8FBB
      SHA-512:BC166A80D171D2E05C8FF9EA0171E8D1947089C547CEC2656BABB55DB69E2A0ADBB73D191F50D676A7D8C367966A462BD2B1E157BAD5264AF492669C482752AB
      Malicious:false
      Reputation:low
      Preview:..-.......................wq.$...#Y`s.UGX.4..C....-.......................wq.$...#Y`s.UGX.4..C..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:SQLite Write-Ahead Log, version 3007000
      Category:dropped
      Size (bytes):49472
      Entropy (8bit):0.4823309214849139
      Encrypted:false
      SSDEEP:48:uAC+nQ1Fm9Ull7DYMFhTzO8VFDYMF+XoqBO8VFDYML:uA1QHm6ll4IhvjVGI+XXjVGC
      MD5:7D90E8A127E8EB394BD7D497831B95B1
      SHA1:58319495156AC1C225554C45C3A1BB70D0C30C47
      SHA-256:74ACBDB5C202009C7C174BD3BB0A02B88FE68969225C1F0BB8671144A7D6C819
      SHA-512:D68943EF23A706D5F8E3EB7A0F6C68DD6138DFA2C7C6706A46E873044594C09CBDD8056E7F22850F1667515DF5BC804B698A2B843FA00AF5395EB65FD9ECFBEA
      Malicious:false
      Reputation:low
      Preview:7....-...........#Y`s.UG5@&.4}...........#Y`s.UG.!...l1SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:PNG image data, 805 x 722, 8-bit/color RGBA, non-interlaced
      Category:dropped
      Size (bytes):122015
      Entropy (8bit):7.938170558222048
      Encrypted:false
      SSDEEP:3072:WAwNy9URgGvNmVvMU0ThjkrE8dRUGkfAJFTieaNl7p1xDG:WAcyeR1NCOWdRUGk4ieOjxDG
      MD5:B59DDE1FA585F38DB5705FCE5A451714
      SHA1:667DE5E7FF465B9FA2A740FEBE4C572320873FA4
      SHA-256:22514C540E3046E44E12718ED98E0B5952B7EFC8790A87C941B30A55D048C468
      SHA-512:5305203256F7541692C37563B0083AEF907CCABF9399A572372974481A058814BFD8989A067F2F73D3AA3472E7B1AC37596EA20D5FC468C76632FD9060550A0A
      Malicious:false
      Reputation:low
      Preview:.PNG........IHDR...%..........t~.....sRGB.........gAMA......a.....pHYs............e....IDATx^....%..../.y.id).-...(GY.{R...O.A(Wu.>.t}.4V...&&&.@b..ZU..?...................%.............+J...........>.W.\\\\\\\\\\\|(.(............P\Qrqqqqqqqqqq..............CqE...........................%.............+J...........>.W.\\\\\\\\\\\|(.(............P\Qrqqqqqqqqqq..............CqE...........................%.............+J...........>.W.\\\\\\\\\\\|(.(............P\Qrqqqqqqqqqq..............CqE...........................%.............+J...........>.W.\\\\\\\\\\\|(.(............P\Qrqqqqqqqqqq..............CqE...........................%.............+J...........>.W.\\\\\\\\\\\|(.(............P\Qrqqqqqqqqqq..............CqE...........................%.............+J...........>.W.\|8..~..~..~..c?O......%..................|q.-qE...~..~..~..~>..>_\|K\Qr.............<......W.\|8..~..~..~..c?O......%..................|q.-qE...~..~..~..~>..>_\|K\Qr.........
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):3784
      Entropy (8bit):3.0633593936382786
      Encrypted:false
      SSDEEP:48:rN+G7LHhCwzrM0fzvsn/NhgggggYBAo1Amuszai2u3AIjAI/UT4OA:BPhCu7KhgggggYbxii26v
      MD5:34789FB220EAC9BC5C89282F9A011A3D
      SHA1:4E5B49130CFF292D263B80B941E1E73719ED55E8
      SHA-256:B64DD98000F347DF6E0BB242AC076060B3D387E4B08A70F99AAEC6AAAF60D971
      SHA-512:8EA381D66F5C593BE2D582B322B613B3B576BCAAA3E5640786062D85193DF6E2F18B3D69B65A60C4D99AF727FA6E7D73EE2817155165DCAAE5AB67C701CB2296
      Malicious:false
      Reputation:low
      Preview:....M.I.T.T.E.N.T.E. .E.S.T.E.R.N.O...A.T.T.E.N.Z.I.O.N.E.:. .p.o.r.r.e. .l.a. .m.a.s.s.i.m.a. .c.a.u.t.e.l.a. .s.u. .l.i.n.k. .e.d. .a.l.l.e.g.a.t.i.......H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.l.a.i.m.i.l.a.n.o...p.o.w.e.r.a.p.p.s.p.o.r.t.a.l.s...c.o.m./."...............................................................................................................................................................................................................................................................................................................v...........*...........................................................................................................................................................................................................................................................................................................................................................*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4........a
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:ASCII text, with very long lines (28774), with CRLF line terminators
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.16250019614800137
      Encrypted:false
      SSDEEP:1536:B/L0bIWhTWU43wtxR2ig9hAXgPvNXyXdHp8jnB6zanfWlkGc3BraOSA:CIOp43YDexs
      MD5:A32D3A27B13E48A5AB5B88DC63F6A996
      SHA1:9B19E1F08DBD25E8A5B252BF7E4552CD8ECF8F5F
      SHA-256:CA1C6AF87E756394140A680DAC724E6FBAB05C2C9824518F719725CCA14576BD
      SHA-512:4D504EBBB3AD880FF52A496C1F114A6D5878BA0234E76A62276FABA96859A53CE21407F61AACCCD4A52F86BB2819B1D890D5FBACB93E18DA888A83BF6B02E103
      Malicious:false
      Reputation:low
      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/23/2024 12:21:02.999.OUTLOOK (0x1D60).0x1D64.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-12-23T12:21:02.999Z","Contract":"Office.System.Activity","Activity.CV":"UQPXCUH/mUe5JciVoNA9RA.4.9","Activity.Duration":19,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...12/23/2024 12:21:03.031.OUTLOOK (0x1D60).0x1D64.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-12-23T12:21:03.031Z","Contract":"Office.System.Activity","Activity.CV":"UQPXCUH/mUe5JciVoNA9RA.4.10","Activity.Duration":14284,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:3::
      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
      Malicious:false
      Reputation:high, very likely benign file
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):110592
      Entropy (8bit):4.504634330491184
      Encrypted:false
      SSDEEP:768:w/MUa6U4VUQYvyfpO+fR2Va44TO9trTBvlQPZXkmWpoD+5vfBrWbWlLW8WgIctBs:74FpfRd44TO9tr96XAHs
      MD5:C23F3C96AA8B1DF5F1436FE4DC7F9115
      SHA1:87441AF7FF597D0C99E1239BB2939A2EBB7F7EA9
      SHA-256:A526D0C3ECD844EDA8834AA91C3206ECCE0D325B311D5BC8315D9B53C0F072CC
      SHA-512:09F529FA1101FA030E85CAF02C720EB9019C9321F2779AED0CCE9DDA6C140285870E3B4B44D3C500DF8D20DF76D4843DAD6FCB9BD9AD1B738068D1E30714C340
      Malicious:false
      Preview:............................................................................d...d...`...(.%!5U..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................(.............(.%!5U..........v.2._.O.U.T.L.O.O.K.:.1.d.6.0.:.3.b.5.4.5.2.0.9.3.b.3.c.4.0.e.8.b.e.5.3.b.3.9.8.e.3.e.e.9.a.e.b...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.2.2.3.T.0.7.2.1.0.1.0.5.3.1.-.7.5.2.0...e.t.l...........P.P.d...`...~\B!5U..................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):30
      Entropy (8bit):1.2389205950315936
      Encrypted:false
      SSDEEP:3:fMml7l1:kS7l
      MD5:03F3916CEF04ED2FA924165AB850E5B1
      SHA1:671968D6C8CC2ECCC4C70A7A0B42102ABFA27A5C
      SHA-256:EDC8FDCA194AF0CA69343128A18E4BF6BF373F3CB6AD71284E9A3B017ECC7D59
      SHA-512:F1CDC83DF1F7BFCA0F599DB30B63C2129AE6DF74CA629D5ED72A8280849B31687F782CE435E5077EA63CEF0338A96A7C84078B380EFF087955579019A850F4E7
      Malicious:false
      Preview:.....i........................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Microsoft Outlook email folder (>=2003)
      Category:dropped
      Size (bytes):271360
      Entropy (8bit):6.410330622693441
      Encrypted:false
      SSDEEP:6144:Swvi4M+C4nnAwq4IOmVfSJxYhGiV+c3DgL:hzzC4hcZ9UxYhGiQ
      MD5:3EEABF79DA02C581074DBDCE27A29430
      SHA1:1D8F90076551DE6A8611EB5011CE0C95C8084243
      SHA-256:01DD6B6FC827F2A88BFF9840C383259BEDB5ED015FB1891BA5965CEDDCDA5D31
      SHA-512:AEBD8D4092B8B7956E8A80D3CAF4D94C5EA4175FF952E18D3F0637577757F9DD427F768005676ABAECF241A87E5BF1A30EF68880A0AFB48563FF74BE08DB3B2C
      Malicious:true
      Preview:!BDN.D..SM......\...OV..................\................@...........@...@...................................@...........................................................................$.......D...............................|..........................................................................................................................................................................................................................................................................................................TQ..*.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):262144
      Entropy (8bit):6.11759105742767
      Encrypted:false
      SSDEEP:6144:+q+c7MYhG6vixO+nNnngwd4wOJZfFJtEQ:KGMYhGWqlnNB5qJ3
      MD5:BC9F2D69943D570284FC3FA5F967740D
      SHA1:3514866D88952993AD09E3055A307B9AAFED7125
      SHA-256:602E2073770D5D7BEE76A486B70ED65BFD994CAECDF90B34A946500CEFC42807
      SHA-512:380E38F7FBDFA6B41044E44639DB1B423E199E753C2D36E5C48CCF493D91A2E0564F21B8DCB5FB7BF1A81F9A8FBD827A23057BA6831B70E3AC3FF1064BEBEEED
      Malicious:true
      Preview:...EC...........`.....3.5U....................#.!BDN.D..SM......\...OV..................\................@...........@...@...................................@...........................................................................$.......D...............................|..........................................................................................................................................................................................................................................................................................................TQ..*.....3.5U.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................
      File type:ASCII text, with very long lines (347), with CRLF line terminators
      Entropy (8bit):6.120915835292264
      TrID:
        File name:10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml
        File size:189'276 bytes
        MD5:37c71c10b25013ca045958ebf00e4495
        SHA1:8354a5026af12f96a927896a42a158182f4bd158
        SHA256:1407bb11fc70b330018f3d319c6791a176aeb2550460fca1024b43240c0646e7
        SHA512:1d22b3da02da220cb8e503a2f6a6e3cdeb7305cb73a5c907a79218a1440c6762d84704aedee28b1e33c2da162c2d86929b915edcbcc5e708c7ab817d6ed0de59
        SSDEEP:3072:br62dCuURZ30qIkR+hFOTroaAuZb8VhKPwdqQxGTmzUE8zG2STpKGTv1BEH9UyS:br62do3tIkcOroaz+hKIdrxS8UESbSTh
        TLSH:EC04023D6DBB6121C09535EC2C10F8035D899AE315138239B64DE5AA3CCE1EB5EFE81E
        File Content Preview:ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=pBTKkxkTSApiWiqnllbUEsj5HUU/owUSp2fjqpUXVUVBPwGfpuzvje8hnIvLJsVdn3DGbb1b06KBgNM/wxweARMwc2sqzjLjTgWoAHMhUkCGezT7XpX8RH7bT9v/pVWc2CoId0hUG2ooq0sOPN7OzxL3MFLekgl2r5ujQiLmcTugj/yY
        Subject:Re: CONFERMA D'8177373
        From:Nicola Lizzadro <nicola.lizzadro@laimilano.it>
        To:Undisclosed recipients:;
        Cc:
        BCC:
        Date:Tue, 17 Dec 2024 12:56:55 +0000
        Communications:
        • MITTENTE ESTERNO ATTENZIONE: porre la massima cautela su link ed allegati [cid:image001.png@01DB508A.735F3590]<https://laimilano.powerappsportals.com/> Distinti saluti Nicola Lizzadro LIZZADRO AMMINISTRAZIONI IMMOBILIARI s.r.l. Nuovo codice SDI condomini BA6ET11 AMMINISTRAZIONE CONDOMINIALE: C.F. - P.IVA 09854040962 Sede legale: Via G. Cimabue, 15 - 20823 Lentate sul Seveso (MB) Email: nicola.lizzadro@laimilano.it<mailto:nicola.lizzadro@laimilano.it> - Pec: lizzadro.amministrazioni@pec.it<mailto:lizzadro.amministrazioni@pec.it> Tel. 03621400001 - Cell. 3472351107 Fax 0362 - 471549 Professione esercitata ai sensi della legge 14/01/2013, n.4 (G.U. n 22 del 26/01/2013)
        Attachments:
        • image001.png
        Key Value
        ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BOfI/9XJ5/rawStTW0LbpBrji70LccNVMtKOMzZBRbfazRR7WWRqF2QEJTl+KK4xYZzcFJU9kS7BdlOsvoIRCTN5rVu2URLr/wgnHkUbVXIf/DpyVNZgUpPIiOcHUORJi4RYuVD+p4mRjubiHxYgsLcPfHBZ69OgVu5dG/E3O0KAw0fUqP5CJJgvqNn/p2XDahCxcHjOzThPv3rUJEUOiKOzcxCb0ptuZAnKSBS084MYNr5+iuHWwNP5vNco9Fx/lLwdM+gIobnsBdrxil9reJkM1M0xpgWoZJaJ+F9Ta496VKAx9nsFr/a3HQxNKOr82EPb92FzyFpSB5ih9FJPng==
        ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=izkeKnIIPuuxUwgxaTtYP6m7fVpxNMj9CcapWztm9hE=; b=aPgFHufywKLNFR9uJCWUPU7WrEK3+UA/xbC7lpAPk6bpwTnJx5dAt8gQ6DVDJ2XaqRJsDDxVC10bbBWvtC1X28TR0eQV9GknBikGpzMoAO85gb0B0J4tZlQaAQpnLKDeEiMlFwvc/D7RUlnbAYpugxtvBBQyBkZUNiayDtGcP/CytzLjfnubJpTkQ4uAJi2lJR/b2Dcyxw2uob+Z++0ySr3cjy5I8XoPovIkS3tH99bA+n/ZbOzIocqq4nFiSOG39RV3LbquOb/jjVxgv0LJ+4208ATcELbC24XWscD+7MPKVCO0iyo+WpNe8j4B2CA+iTMH4RY1MrVROyHXYbL4yQ==
        ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=laimilano.it; dmarc=pass action=none header.from=laimilano.it; dkim=pass header.d=laimilano.it; arc=none
        Receivedfrom AM7P191MB0931.EURP191.PROD.OUTLOOK.COM ([fe80::99e4:c684:682f:bb8e]) by AM7P191MB0931.EURP191.PROD.OUTLOOK.COM ([fe80::99e4:c684:682f:bb8e%7]) with mapi id 15.20.8251.015; Tue, 17 Dec 2024 12:56:55 +0000
        Authentication-Resultsspf=pass (sender IP is 40.107.249.126) smtp.mailfrom=laimilano.it; dkim=pass (signature was verified) header.d=laimilano.it;dmarc=bestguesspass action=none header.from=laimilano.it;compauth=pass reason=109
        Received-SPFPass (protection.outlook.com: domain of laimilano.it designates 40.107.249.126 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.249.126; helo=EUR02-DB5-obe.outbound.protection.outlook.com; pr=C
        DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=laimilano.it; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=izkeKnIIPuuxUwgxaTtYP6m7fVpxNMj9CcapWztm9hE=; b=J/A+AvJJ8ZeupcVoQmSyQtebFfs6erHIm9hFKmj28z6r+FDoZr988XXgFIoaJiFiYmcmjg6JlqzOgrlKbepuWZZXQcRfM+mZXO1bcZ+ByJ0ozLG6HDH2oL2Sb3lfIwOFDjPKQA9PddQNWKpGUq14taaj2B0b1cBAzOLuhQazK9RsyASCpx5bUYxQ21caHr3an37DC1kVAzp/cF8RJ4RSc38stwyaGK1stT0DJAEMbx11mm8Iy+KYu5K5g/KKDYkJ1F/TX7+5Lfow0LJtOUSbRamLSMxpxXn81t4SCFSMrKDdOCjJ60XyZsP3QlidDYmvq0tzdr02ET4jIaRSXrDJJQ==
        FromNicola Lizzadro <nicola.lizzadro@laimilano.it>
        SubjectRe: CONFERMA D'8177373
        Thread-TopicRe: CONFERMA D'8177373
        Thread-IndexAdtQgckPbuvN0394QmS9WESFlAz6VAAAIBYgAAAJV5AAAAAiIA==
        DateTue, 17 Dec 2024 12:56:55 +0000
        Message-ID <AM7P191MB09313A3269ED6BC94388EDDB90042@AM7P191MB0931.EURP191.PROD.OUTLOOK.COM>
        Accept-Languageit-IT, en-US
        Content-Languageen-US
        X-MS-Has-Attachyes
        X-MS-TNEF-Correlator
        Authentication-Results-Originaldkim=none (message not signed) header.d=none;dmarc=none action=none header.from=laimilano.it;
        x-ms-traffictypediagnostic AM7P191MB0931:EE_|DB9P191MB2121:EE_|AMS0EPF00000194:EE_|AM0PR09MB4018:EE_
        X-MS-Office365-Filtering-Correlation-Ide9fb2cf8-7b2e-4036-b42b-08dd1e9a4a79
        x-ms-exchange-senderadcheck1
        x-ms-exchange-antispam-relay0
        X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|1800799024|376014|7416014|4073399012|366016|8096899003|38070700018;
        X-Microsoft-Antispam-Message-Info-Original ZuG2NkU1DJm8+5deXjkIrQpO6cFV25wdWBiylg7SgAUJbBDSURoBXe9XrIcFAZmJnhCniNbsK2wg/Ph4fA0Gtzv2m3HlWgJwzLnZjRmZgAtW3Ha1e5Ba9ZnjsK2AeMdEw0VBGqfAZ6R+TKklEYly2Ym14msgYpKTmW2WE0STs7q7ljuH2eJRwHYrhZi4BU0ePHltPupfvpGJx2brVcl011mP7RWmTHEL8MMmjAy3v5nF/eQd3MrsYnbMgRlWj+SkDzU7EYKQ9GkGWuyud260rIc+SlfcQ7yU1QqtTVcc1St9oGi+KLxWTzCSvcUqaivGFZyu/lzEWAYMExBoOW9zeh7lvXtVBH4F6OkNJYO+v8g8UVUE+ZZ5jgax5M9e3v8oqXviNLqXEFW5ZwsNzWiBwdI3nlpA1ZRGpqkZY21XQ4Hs9XzVEtL8pON3MG5P4h3Jji0b7tZlzyVhQVNjU1Z6CdP0V9SY0otFGHQZ3wcCyTJ80Ffi4PmfuHSyQo2imKBDEAyq/UuftwOgktHDVR1WP7l0g6/5BrZwlyzok+naS2FVb7Dq5nmILMb+N+TrLocxzdwxuhhgSPqtKSMr5jwSBLAqN4ImLrWHGvlqKJwmKogrS4CnqWpa76ZcUS6VRyXbo63H2eyrQ3ddf2orNqc52mRYrdCU7fPWx5AunYqvQS50oMiNl3ysyHPfeaHbx5wNAGRa4627DqSHngtY3SJcnatROoaLZxL7AvyLYbqO7Cs2SiM2xU1GhA5xOhm1j4LdtP0Dv9pD7rLYCNzAJeSov2GNjxn+T/d3kiHWkefQEcpxyICpjKDeFJH0qJs6WHDZQ5JOE8JFu9C1ze+aBlRLfr6nC4Ymszh+Hem3gJ3bkf2m/MCOLLx7lVlKDQh42tFfubsVCLqpFXKMfmTb5hwqf5ElcW3+xezQStp2CkxvH8NURf9TaoQ/SvuRv82sOJGTje9YxfZmiNAXlB6aD8gwSAD40ddlftnthim+M97c/U86+TClDL9CD8V08brkyLcwrfCGB5DgbmihV0eKMvg7JZ7PlRIxrVWK5BnKunpghB2FkC/kTwiKFT2iqIQhIEVoJKJqphZomqdlVpMFmnfIPICa5LM9oUumUuyhL91wa1vU3SlJWB1sZXIILKpQHTWox27FlGLFcs7MhiYKAp0BbsI54PdmEpRR6ZbJlNKJ1u6u8UZ8I5OT68yOUJ3QcarQASjLZKR+lvclV+ZpWLWl4g3FTl2QJSKEiJspZcDvmdUgXCt5g1D/0YYJU4p9hBU1w956VndZt3zsEjoi86hLSrG/ZNa2oH9/zXOxgxXCN0ohzw+rZWgvrxDhgFTPxZl1KhKfIy6POF9nFgX6F1EOHbqZV1YNIB45poGzA9IoiufQIPByZ5tXL8zu9xaQNJBY2SJIMTaHLPwm6VcBJ7mwUw==
        X-Forefront-Antispam-Report-Untrusted CIP:255.255.255.255;CTRY:;LANG:it;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7P191MB0931.EURP191.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(4073399012)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1102;
        X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount1
        X-MS-Exchange-AntiSpam-MessageData-Original-0 xPzJ5p1Oao8WjBWe0xqsJM0lVsSiICN3C+Sea96QnddyrlxMacLfLqmul62K1EZzVXeX4rpo4bvYYx9P7VqRlh2g1NGODUKUbvZaIOKscdikd4eZkCZecsc/x7xnW8n7GT7cgaMRO9eVcEf9i4vaIfzGtU/5vSh3gAJhqinII8iPTw0wFSgeFLjWWsn2jxh4VX180qYpNavDHXB60MMHMQ0VN/cfZU2igO5enxmXYj/gcjPVmr0wK8FGFjtxK7RE+d8CSi2+s4JcZj0vLDX9CC9SjL3IYCI2UCm+KrNvIaGZbeSnRFFxQeEJ3LBwroZM/6YlnReqA0bAjkQeBboWR9zWWyfJGmbV5/YlnxmjpkqG/FNLtyTLMsRajh9ivd2k0E+TZ96zoEw7xNbyWiCJ4ecjd3sYEy5zkdBnqeLpaadVRtN+2VWFY7k4WdykFRAnocfVbIDjVPWdmcs6i2H5UqsXJDfiSWSpOj+4xTsICABHuDu34O6aKdrLovA3NQhYQ4uaqPMZyw+ajARNcxvCrbNaIoZreCu+5nc4y5o6ITDbyJvZtq6f/naMEIfptTgnWeByR/extip2pjpDQGxdAAHItCcx2L/vguIYOzxb6vNhkgQip6bV/UMLQ+6GVlvkD8AM+lOcPDmRBOTzyUz2BtoKNRwszUnZahXZICIcry0wWzrNllMHdr48ZtnogiZR757Nta81HUNRFxbfzG0lSedygfBOk+LM5MP9KLrfW6tyWmpwIG7r7f0Z6NMKZ+XRXkSs5MnsruXk64I8lzUWmrQT5se6EhBNWhituLzYD80UfVAqzoXMJk/IMPqPP5YGQKz+NHtfBZoQF9ApvrKuHpImD+wZRMwgjcBvM+raejx9cRu6RSXZ0pytUStudjsrp0sac50Y3/DJa/WsUY1TEjbFngnnegIWWe1AyaXdNrYjrgZ5RjVnb/uPXbZEQGuvI09NcmalUFOiXDntzjQhRGIUXX98wqFnBBUUesPi53x2SVEdxmPg34b0EtLQT8YgQvpZ3B+dlr6Cqtu4+pw6hjRoePIhr5yoxKfv+PwgnE6ygFrJMKkZYmxx1NxCcIafALy9RFtrMLYDYkN7eRjZtRlG8qVKW0Wcyy0xwVeauu+XrN7tpY44lgeMJxpzPR9EFLfayEqsXtoUCbhURiUygNrH8L6p76hN1f+YfaW92I0U9VBzgeAaiOSna/h4OiekFALq1MOzfOa0id37Frjbqhu9jmJAusZ3smlmAPWLhwL6Pg8x6IbTKoBq1KCXTtXHzPy4qs2xpbyslgZxw8m+sh6pAbW7vPY538b+s4LG/PXn+UqpMQX/lEUGFOWVJIZ2cf0xAlJT7LVjCH5PKWXZ4pAawkih3vSyGt4H4H1Kul8fT4UO7c9qyPZt2BS2+jpbWeZANe4CXq59I1++VCdDwGzpSMVxed6a50vpItDBZrFCcG8YN5sSk2DlwDSuEH79H7jSRBAJPAlTc41mmttsBE54SXrhM2wbfFuZUqrTIWejjHuZPQyV3dGbpRHYjWVu80vvGVsBeXi5DxyWG4NAHwuEwybQckd1MMW8kJpsRdgAFqntDMfbel/zh0BL4ixY
        Content-Typemultipart/related; boundary="_004_AM7P191MB09313A3269ED6BC94388EDDB90042AM7P191MB0931EURP_"; type="multipart/alternative"
        MIME-Version1.0
        X-MS-Exchange-Transport-CrossTenantHeadersStampedDB9P191MB2121
        ToUndisclosed recipients:;
        Return-Pathnicola.lizzadro@laimilano.it
        X-EOPAttributedMessage0
        X-EOPTenantAttributedMessage5d760c6c-e5b2-4790-a143-013580cc70c6:0
        X-MS-Exchange-Transport-CrossTenantHeadersStripped AMS0EPF00000194.eurprd05.prod.outlook.com
        X-MS-Exchange-Transport-CrossTenantHeadersPromoted AMS0EPF00000194.eurprd05.prod.outlook.com
        X-MS-PublicTrafficTypeEmail
        X-MS-Office365-Filtering-Correlation-Id-Prvs 95b60ac0-0cc1-47c7-0120-08dd1e9a48bf
        X-MS-Exchange-AtpMessagePropertiesSA|SL
        X-Forefront-Antispam-Report CIP:40.107.249.126;CTRY:IE;LANG:it;SCL:8;SRV:;IPV:NLI;SFV:SPM;H:EUR02-DB5-obe.outbound.protection.outlook.com;PTR:mail-db5eur02on2126.outbound.protection.outlook.com;CAT:HPHISH;SFTY:9.25;SFS:(13230040)(4073399012)(22003199012)(4073199012)(5073199012)(5063199012)(35042699022)(35112699012)(4076899003)(8096899003);DIR:INB;
        X-Microsoft-Antispam BCL:0;ARA:13230040|4073399012|22003199012|4073199012|5073199012|5063199012|35042699022|35112699012|4076899003|8096899003;
        X-Microsoft-Antispam-Message-Info F/kTLk/tuXcqaWqoe+DiBQhBPfO3qLSXmGv12XNICnVbDOkNRN9jUxfmcXWWWu2zs42vWiASYFuBpolZxVIEasjaiXlor/w+SmqnuehMkHVsxCtbc6JI6zarZOvrPCbaHIyn4rV2U3G2kvC9ecGfFoYde1wF5XyDRrFnUC+zsV45GXqsJu5ogy0GrfcY0dme9AQq3hbaRwIpVMclbgqPu0yeVwewOMcbLxoviRz8S5BUmDR9BepayUQ/e6y1AHcQvwqK0PdrQZT4sLPeo/6hch/fSod00OoCshs2BxJMpU5zUmaAcQ8RAyXY0ovF1M+FkakMKswx6CH6cs/63ywQpu8o7vu/86EfudU9LQeQoB+PAGCTHPa1NmL4N+8ID7ZcG1xcak68SRTFIAv7F4LnqfDRw7vbwl9B5Qx7wWY35K6rRWZdmBdSgfx1AbfUmpvwqlXAOn8KdEFZLoPgcgT3oQh4C4UgSnVXGQZl3bSRHhootSdvcZ14RcbpdM02pVgP9PYRiMqowmoavqVkvb6gFauToA1/YH2QfyWany8quR8XLL6Hz4rQIIJUrZ3IRFhsbC8qMJ1QoALObI7Ciecvzzt5D6IerMGqev857HLUh9wCNJqs7vw+TP9x+v+LJrRweIYzXcjMRUjxbmPaxStXJMJBkOz3OuD1u7q4mXhqUHslheL26J/uJ01aONaXksEiR2XP0j0Y4Yf4UG/i0bzGm5SuKD4nEWNeTm94XETlr5VWXJ5otbJUg6/jFu7llmUsoIqGuqjNez5krYrQ3ee5q+fYy/xiaf6s8kuThylA37lHgRB7fNPrSfAjm3rNXt80CjRB8eN7t5g7/jq6oBUib0mkDPV/n/FvOIwI/iQTseDDkYjFxszL8qPR6jzmm7PuGXTUjtcWBQXGfMFq9uGLBwstfD3FacTgLCciyc2PDE07URO5OFJiMfj9U3XuWO07pVyc660qypN2y949muJyiIOS7ZRsuoKhN+1XqZrxQJpx66RCVMriJrOzVb9o54Vd5jWbYNhHxbpyBlwe6ZUCX5qpAJC0K4LkpkFTxFsjVvP0uDuEPBgzkYtBT1M9KwOJGH3b3wRSE6fS2X3Mg2gv+qJYpCL9c41WRpcAtNJhjOrdCaZr7T74Y/7lU2i3YUgANgNL7sZa9THFG//2h9/UzsNyEbUhhjr/kXWDnYg11e46Pcp3Mq7EHTka481dDn3iOJJFpveapFFO4Mhr/Wgu70jD5jkbA6SKJPtbe1IzMzCaxR9lUerGXj48ftHiFDGOOtjP0gTwlxJoOxFAq0WXptod3AJNjG6a7Nq8uRZZ4+KRXhb3Eg3faJSzdBNIUkEImrWimt4pE3AD1RbEO7CtsFF/dMRR1VN9f4YrtAM9W1EBsMc+QbwF1zmVJFK+pSQj37U48DX3PEkUJgPZJ7djm8oxgO+qcZ/DDuBfaYJPMNRfHQYsuWeRQ0D0zqaMOm46nwQ2zeJVFO4JO0ZBB3lRUWRVb1zVcna/GvTqN9N3tEgBqu8+QeuvjcfDDZXl9dtEsxQvuEkD3SWC8bo7agg9gRwlFkUr+S5ZvnjvZxz3tV5zO0PPL5ibOHquH6Po8l7/cBmUElPAmHkS/vXzu4h9IgE7jMlnnVZjavymAv6OA3ZsTAtuAANDVKPmElqU1oBCKL1GMQJL5QY7CVSxPpGmWq5AotdqWbTmew7rrLT1rPjY9AAlCcFSyEadsQYRANxs7mb8JVN8aO/jQf8XFF1i1vIWCv3f7S7xr/8DBQ6AgNJ365sXG81a3sNmR0sSjzp4ERtvfSUnh8nn2xs38iPBWK+ef8pzxudpANIwpeEt/ZFEJc5fUT/3vD72aVlopOHItxBW8GDhMpeJrKDSS6xVoLqgW9NeNO9qzuSY0pPteMlIcPyNBZr+MC4dseIj/Z67KIoH1MOdLa961HX6W+3K6JN+84PmyMQlRAyGwXkWpe5hG4/KG+oEQ2ZcQfQkN4PiRaCWOq5tVEYIUczJYwa93Y9Iib+dJ8PyZjjHWRR5hiYq6H6pm3RZIp4WUoo73q0eS5iQI54Pg5LYUMS1zSfRdd5tF+S9Oa6+0vZTBJVJQ36blZ0UFhJ2L6xCMqgeW5PjoSvJTASBrMT7kNsftZvpVMMq0z1BgNG0qo/9lfkBgk07ZlKbLNgFD2/+j+VixtnlB0n1wYMyv26HYauQhDqIZ72CzNNHtpzOIplm4quzaOw28ssfBixVeseeTVVEaca2lwg4X+j1BNcRuyZgf3nVxUNHjsSAAbr8uuS+gTUxZjRBck37aMOmxIJTKULTWe+v4rm3rPEaYLa8MVSfhdiNelrrtsiMeN9pM5cCG6viRb9dewVmMILS+wiEd6ICwFM21v3ugFM1tbUQmEu1iVhBD5x+W5Tb+cQV/45V3cxJthiCSz6Zbu/DU7pmlanLFzKaohxkSr2JvY6EFzUM/7KOJR0SQ0uBuISEviEdA3eEl9PIEb8jeDzxvo8shN1+Gcd3OnSFw8R4fjB2uwli9hdiBdJg9Tu3uXJt7Vvte9DqcrBchiEMZDUSSJil4/WoLBviPr1TPRqyqb0/XYvp9iBW7JOQ2cQoFM6NYdhlNdYNeLNn9Vok2e8cITV5bHl6cF7RapbfhyGbMuh3T7mixJrQpWW+XQhVs5YyvdDWFVkh/Okb7fs7ALzaU8cr5wMA3+biIj4U9QKlrDAFE9U50DBIog==

        Icon Hash:46070c0a8e0c67d6
        No network behavior found

        Click to jump to process

        Click to jump to process

        Click to dive into process behavior distribution

        Click to jump to process

        Target ID:0
        Start time:07:20:59
        Start date:23/12/2024
        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
        Wow64 process (32bit):true
        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml"
        Imagebase:0x970000
        File size:34'446'744 bytes
        MD5 hash:91A5292942864110ED734005B7E005C0
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:false

        Target ID:3
        Start time:07:21:08
        Start date:23/12/2024
        Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "53A83CD3-29D4-475C-BEDE-AA9C7217A78D" "ED936F4F-E059-49C7-A7A0-9E6969A037F8" "7520" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
        Imagebase:0x7ff618a90000
        File size:710'048 bytes
        MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:false

        No disassembly