Windows
Analysis Report
10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- OUTLOOK.EXE (PID: 7520 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\10aa bab2-6acc- 5db8-1bf1- 5bfd27e650 f1.eml" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 7992 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "53A 83CD3-29D4 -475C-BEDE -AA9C7217A 78D" "ED93 6F4F-E059- 49C7-A7A0- 9E6969A037 F8" "7520" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Click to jump to signature section
Phishing |
---|
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | Classification: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | File Volume queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 21 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1579872 |
Start date and time: | 2024-12-23 13:19:56 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml |
Detection: | MAL |
Classification: | mal48.winEML@3/12@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.109.28.47, 13.89.179.9, 20.231.128.67, 13.107.246.63, 172.202.163.200
- Excluded domains from analysis (whitelisted): ecs.office.com, otelrules.azureedge.net, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprdcus09.centralus.cloudapp.azure.com, uks-azsc-000.roaming.officeapps.live.com, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: 10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.387016052906464 |
Encrypted: | false |
SSDEEP: | 3072:NLgtv8gymiGu2IqoQ+rt0Fv5ZDDlTUz9q:Niqmi2VHDDlAz8 |
MD5: | D561D28A1B550B14F100E3E9E575D00D |
SHA1: | 6763BA45DE5D5F16D71F4FDAC82292929BF64F7E |
SHA-256: | 6353E0ACBF86F23B15D0A4A941F35FA852A9A0A9D3B64928614F85EE002B859B |
SHA-512: | 15F0773E4953534353C6921CD31D07AB30BD184E62E3AEEC317A9995E5FB393103F8D2CD9DA8B32E949740D2A93A391E0AF3701DF6CCEB5F89FB54A6DA34045E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 1869 |
Entropy (8bit): | 5.089005242262636 |
Encrypted: | false |
SSDEEP: | 48:cGaYdypdSyrvnzy7Syc0JdyYIdydASyNdyrwnzyrMdnzyDkSyrXnzyO:zEpdbT27bHEhEdAbNEs2Yd2IbT2O |
MD5: | D7FFEFB97867E1F5595FAA0F0A3D9736 |
SHA1: | 7BA4645545584BFB344664B78B843FED3A29E933 |
SHA-256: | 61D0A3373C83A9724516223C7DAB53A651D428FAB2F07A239AEAC85D305D27BA |
SHA-512: | FD5E5D898988F11E9A391D3FE72ADA1636D71C9CD49DA241989BBA992401ED8D7747F9930B642672D4244F50547E9923713BC45C90753BCCA5C75AFF12792CB7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04616353740967531 |
Encrypted: | false |
SSDEEP: | 3:GtlxtjlNS7gG85t18b/LlxtjlNS7gG85t18b/Q/1R9//8l1lvlll1lllwlvlllgM:Gtgk52gk5z9X01PH4l942wU |
MD5: | 82FED02B38D0E248EB62C387184E4A03 |
SHA1: | F490B97D3640DC9B94DE9B79B103A2D7501611CB |
SHA-256: | 8ADAAEB7C4C20B0DCCA2FF4D1353384D5C74C2F9EB6E21F4F0F8A69BE92E8FBB |
SHA-512: | BC166A80D171D2E05C8FF9EA0171E8D1947089C547CEC2656BABB55DB69E2A0ADBB73D191F50D676A7D8C367966A462BD2B1E157BAD5264AF492669C482752AB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 49472 |
Entropy (8bit): | 0.4823309214849139 |
Encrypted: | false |
SSDEEP: | 48:uAC+nQ1Fm9Ull7DYMFhTzO8VFDYMF+XoqBO8VFDYML:uA1QHm6ll4IhvjVGI+XXjVGC |
MD5: | 7D90E8A127E8EB394BD7D497831B95B1 |
SHA1: | 58319495156AC1C225554C45C3A1BB70D0C30C47 |
SHA-256: | 74ACBDB5C202009C7C174BD3BB0A02B88FE68969225C1F0BB8671144A7D6C819 |
SHA-512: | D68943EF23A706D5F8E3EB7A0F6C68DD6138DFA2C7C6706A46E873044594C09CBDD8056E7F22850F1667515DF5BC804B698A2B843FA00AF5395EB65FD9ECFBEA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 122015 |
Entropy (8bit): | 7.938170558222048 |
Encrypted: | false |
SSDEEP: | 3072:WAwNy9URgGvNmVvMU0ThjkrE8dRUGkfAJFTieaNl7p1xDG:WAcyeR1NCOWdRUGk4ieOjxDG |
MD5: | B59DDE1FA585F38DB5705FCE5A451714 |
SHA1: | 667DE5E7FF465B9FA2A740FEBE4C572320873FA4 |
SHA-256: | 22514C540E3046E44E12718ED98E0B5952B7EFC8790A87C941B30A55D048C468 |
SHA-512: | 5305203256F7541692C37563B0083AEF907CCABF9399A572372974481A058814BFD8989A067F2F73D3AA3472E7B1AC37596EA20D5FC468C76632FD9060550A0A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A9802F9B-24AD-4EB6-8308-3890DAA46C28}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3784 |
Entropy (8bit): | 3.0633593936382786 |
Encrypted: | false |
SSDEEP: | 48:rN+G7LHhCwzrM0fzvsn/NhgggggYBAo1Amuszai2u3AIjAI/UT4OA:BPhCu7KhgggggYbxii26v |
MD5: | 34789FB220EAC9BC5C89282F9A011A3D |
SHA1: | 4E5B49130CFF292D263B80B941E1E73719ED55E8 |
SHA-256: | B64DD98000F347DF6E0BB242AC076060B3D387E4B08A70F99AAEC6AAAF60D971 |
SHA-512: | 8EA381D66F5C593BE2D582B322B613B3B576BCAAA3E5640786062D85193DF6E2F18B3D69B65A60C4D99AF727FA6E7D73EE2817155165DCAAE5AB67C701CB2296 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1734956462840345600_09D70351-FF41-4799-B925-C895A0D03D44.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.16250019614800137 |
Encrypted: | false |
SSDEEP: | 1536:B/L0bIWhTWU43wtxR2ig9hAXgPvNXyXdHp8jnB6zanfWlkGc3BraOSA:CIOp43YDexs |
MD5: | A32D3A27B13E48A5AB5B88DC63F6A996 |
SHA1: | 9B19E1F08DBD25E8A5B252BF7E4552CD8ECF8F5F |
SHA-256: | CA1C6AF87E756394140A680DAC724E6FBAB05C2C9824518F719725CCA14576BD |
SHA-512: | 4D504EBBB3AD880FF52A496C1F114A6D5878BA0234E76A62276FABA96859A53CE21407F61AACCCD4A52F86BB2819B1D890D5FBACB93E18DA888A83BF6B02E103 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1734956462841418100_09D70351-FF41-4799-B925-C895A0D03D44.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241223T0721010531-7520.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 110592 |
Entropy (8bit): | 4.504634330491184 |
Encrypted: | false |
SSDEEP: | 768:w/MUa6U4VUQYvyfpO+fR2Va44TO9trTBvlQPZXkmWpoD+5vfBrWbWlLW8WgIctBs:74FpfRd44TO9tr96XAHs |
MD5: | C23F3C96AA8B1DF5F1436FE4DC7F9115 |
SHA1: | 87441AF7FF597D0C99E1239BB2939A2EBB7F7EA9 |
SHA-256: | A526D0C3ECD844EDA8834AA91C3206ECCE0D325B311D5BC8315D9B53C0F072CC |
SHA-512: | 09F529FA1101FA030E85CAF02C720EB9019C9321F2779AED0CCE9DDA6C140285870E3B4B44D3C500DF8D20DF76D4843DAD6FCB9BD9AD1B738068D1E30714C340 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | 3:fMml7l1:kS7l |
MD5: | 03F3916CEF04ED2FA924165AB850E5B1 |
SHA1: | 671968D6C8CC2ECCC4C70A7A0B42102ABFA27A5C |
SHA-256: | EDC8FDCA194AF0CA69343128A18E4BF6BF373F3CB6AD71284E9A3B017ECC7D59 |
SHA-512: | F1CDC83DF1F7BFCA0F599DB30B63C2129AE6DF74CA629D5ED72A8280849B31687F782CE435E5077EA63CEF0338A96A7C84078B380EFF087955579019A850F4E7 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 6.410330622693441 |
Encrypted: | false |
SSDEEP: | 6144:Swvi4M+C4nnAwq4IOmVfSJxYhGiV+c3DgL:hzzC4hcZ9UxYhGiQ |
MD5: | 3EEABF79DA02C581074DBDCE27A29430 |
SHA1: | 1D8F90076551DE6A8611EB5011CE0C95C8084243 |
SHA-256: | 01DD6B6FC827F2A88BFF9840C383259BEDB5ED015FB1891BA5965CEDDCDA5D31 |
SHA-512: | AEBD8D4092B8B7956E8A80D3CAF4D94C5EA4175FF952E18D3F0637577757F9DD427F768005676ABAECF241A87E5BF1A30EF68880A0AFB48563FF74BE08DB3B2C |
Malicious: | true |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 262144 |
Entropy (8bit): | 6.11759105742767 |
Encrypted: | false |
SSDEEP: | 6144:+q+c7MYhG6vixO+nNnngwd4wOJZfFJtEQ:KGMYhGWqlnNB5qJ3 |
MD5: | BC9F2D69943D570284FC3FA5F967740D |
SHA1: | 3514866D88952993AD09E3055A307B9AAFED7125 |
SHA-256: | 602E2073770D5D7BEE76A486B70ED65BFD994CAECDF90B34A946500CEFC42807 |
SHA-512: | 380E38F7FBDFA6B41044E44639DB1B423E199E753C2D36E5C48CCF493D91A2E0564F21B8DCB5FB7BF1A81F9A8FBD827A23057BA6831B70E3AC3FF1064BEBEEED |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 6.120915835292264 |
TrID: | |
File name: | 10aabab2-6acc-5db8-1bf1-5bfd27e650f1.eml |
File size: | 189'276 bytes |
MD5: | 37c71c10b25013ca045958ebf00e4495 |
SHA1: | 8354a5026af12f96a927896a42a158182f4bd158 |
SHA256: | 1407bb11fc70b330018f3d319c6791a176aeb2550460fca1024b43240c0646e7 |
SHA512: | 1d22b3da02da220cb8e503a2f6a6e3cdeb7305cb73a5c907a79218a1440c6762d84704aedee28b1e33c2da162c2d86929b915edcbcc5e708c7ab817d6ed0de59 |
SSDEEP: | 3072:br62dCuURZ30qIkR+hFOTroaAuZb8VhKPwdqQxGTmzUE8zG2STpKGTv1BEH9UyS:br62do3tIkcOroaz+hKIdrxS8UESbSTh |
TLSH: | EC04023D6DBB6121C09535EC2C10F8035D899AE315138239B64DE5AA3CCE1EB5EFE81E |
File Content Preview: | ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=pBTKkxkTSApiWiqnllbUEsj5HUU/owUSp2fjqpUXVUVBPwGfpuzvje8hnIvLJsVdn3DGbb1b06KBgNM/wxweARMwc2sqzjLjTgWoAHMhUkCGezT7XpX8RH7bT9v/pVWc2CoId0hUG2ooq0sOPN7OzxL3MFLekgl2r5ujQiLmcTugj/yY |
Subject: | Re: CONFERMA D'8177373 |
From: | Nicola Lizzadro <nicola.lizzadro@laimilano.it> |
To: | Undisclosed recipients:; |
Cc: | |
BCC: | |
Date: | Tue, 17 Dec 2024 12:56:55 +0000 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
ARC-Seal | i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BOfI/9XJ5/rawStTW0LbpBrji70LccNVMtKOMzZBRbfazRR7WWRqF2QEJTl+KK4xYZzcFJU9kS7BdlOsvoIRCTN5rVu2URLr/wgnHkUbVXIf/DpyVNZgUpPIiOcHUORJi4RYuVD+p4mRjubiHxYgsLcPfHBZ69OgVu5dG/E3O0KAw0fUqP5CJJgvqNn/p2XDahCxcHjOzThPv3rUJEUOiKOzcxCb0ptuZAnKSBS084MYNr5+iuHWwNP5vNco9Fx/lLwdM+gIobnsBdrxil9reJkM1M0xpgWoZJaJ+F9Ta496VKAx9nsFr/a3HQxNKOr82EPb92FzyFpSB5ih9FJPng== |
ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=izkeKnIIPuuxUwgxaTtYP6m7fVpxNMj9CcapWztm9hE=; b=aPgFHufywKLNFR9uJCWUPU7WrEK3+UA/xbC7lpAPk6bpwTnJx5dAt8gQ6DVDJ2XaqRJsDDxVC10bbBWvtC1X28TR0eQV9GknBikGpzMoAO85gb0B0J4tZlQaAQpnLKDeEiMlFwvc/D7RUlnbAYpugxtvBBQyBkZUNiayDtGcP/CytzLjfnubJpTkQ4uAJi2lJR/b2Dcyxw2uob+Z++0ySr3cjy5I8XoPovIkS3tH99bA+n/ZbOzIocqq4nFiSOG39RV3LbquOb/jjVxgv0LJ+4208ATcELbC24XWscD+7MPKVCO0iyo+WpNe8j4B2CA+iTMH4RY1MrVROyHXYbL4yQ== |
ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=laimilano.it; dmarc=pass action=none header.from=laimilano.it; dkim=pass header.d=laimilano.it; arc=none |
Received | from AM7P191MB0931.EURP191.PROD.OUTLOOK.COM ([fe80::99e4:c684:682f:bb8e]) by AM7P191MB0931.EURP191.PROD.OUTLOOK.COM ([fe80::99e4:c684:682f:bb8e%7]) with mapi id 15.20.8251.015; Tue, 17 Dec 2024 12:56:55 +0000 |
Authentication-Results | spf=pass (sender IP is 40.107.249.126) smtp.mailfrom=laimilano.it; dkim=pass (signature was verified) header.d=laimilano.it;dmarc=bestguesspass action=none header.from=laimilano.it;compauth=pass reason=109 |
Received-SPF | Pass (protection.outlook.com: domain of laimilano.it designates 40.107.249.126 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.249.126; helo=EUR02-DB5-obe.outbound.protection.outlook.com; pr=C |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=laimilano.it; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=izkeKnIIPuuxUwgxaTtYP6m7fVpxNMj9CcapWztm9hE=; b=J/A+AvJJ8ZeupcVoQmSyQtebFfs6erHIm9hFKmj28z6r+FDoZr988XXgFIoaJiFiYmcmjg6JlqzOgrlKbepuWZZXQcRfM+mZXO1bcZ+ByJ0ozLG6HDH2oL2Sb3lfIwOFDjPKQA9PddQNWKpGUq14taaj2B0b1cBAzOLuhQazK9RsyASCpx5bUYxQ21caHr3an37DC1kVAzp/cF8RJ4RSc38stwyaGK1stT0DJAEMbx11mm8Iy+KYu5K5g/KKDYkJ1F/TX7+5Lfow0LJtOUSbRamLSMxpxXn81t4SCFSMrKDdOCjJ60XyZsP3QlidDYmvq0tzdr02ET4jIaRSXrDJJQ== |
From | Nicola Lizzadro <nicola.lizzadro@laimilano.it> |
Subject | Re: CONFERMA D'8177373 |
Thread-Topic | Re: CONFERMA D'8177373 |
Thread-Index | AdtQgckPbuvN0394QmS9WESFlAz6VAAAIBYgAAAJV5AAAAAiIA== |
Date | Tue, 17 Dec 2024 12:56:55 +0000 |
Message-ID | <AM7P191MB09313A3269ED6BC94388EDDB90042@AM7P191MB0931.EURP191.PROD.OUTLOOK.COM> |
Accept-Language | it-IT, en-US |
Content-Language | en-US |
X-MS-Has-Attach | yes |
X-MS-TNEF-Correlator | |
Authentication-Results-Original | dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=laimilano.it; |
x-ms-traffictypediagnostic | AM7P191MB0931:EE_|DB9P191MB2121:EE_|AMS0EPF00000194:EE_|AM0PR09MB4018:EE_ |
X-MS-Office365-Filtering-Correlation-Id | e9fb2cf8-7b2e-4036-b42b-08dd1e9a4a79 |
x-ms-exchange-senderadcheck | 1 |
x-ms-exchange-antispam-relay | 0 |
X-Microsoft-Antispam-Untrusted | BCL:0;ARA:13230040|1800799024|376014|7416014|4073399012|366016|8096899003|38070700018; |
X-Microsoft-Antispam-Message-Info-Original | ZuG2NkU1DJm8+5deXjkIrQpO6cFV25wdWBiylg7SgAUJbBDSURoBXe9XrIcFAZmJnhCniNbsK2wg/Ph4fA0Gtzv2m3HlWgJwzLnZjRmZgAtW3Ha1e5Ba9ZnjsK2AeMdEw0VBGqfAZ6R+TKklEYly2Ym14msgYpKTmW2WE0STs7q7ljuH2eJRwHYrhZi4BU0ePHltPupfvpGJx2brVcl011mP7RWmTHEL8MMmjAy3v5nF/eQd3MrsYnbMgRlWj+SkDzU7EYKQ9GkGWuyud260rIc+SlfcQ7yU1QqtTVcc1St9oGi+KLxWTzCSvcUqaivGFZyu/lzEWAYMExBoOW9zeh7lvXtVBH4F6OkNJYO+v8g8UVUE+ZZ5jgax5M9e3v8oqXviNLqXEFW5ZwsNzWiBwdI3nlpA1ZRGpqkZY21XQ4Hs9XzVEtL8pON3MG5P4h3Jji0b7tZlzyVhQVNjU1Z6CdP0V9SY0otFGHQZ3wcCyTJ80Ffi4PmfuHSyQo2imKBDEAyq/UuftwOgktHDVR1WP7l0g6/5BrZwlyzok+naS2FVb7Dq5nmILMb+N+TrLocxzdwxuhhgSPqtKSMr5jwSBLAqN4ImLrWHGvlqKJwmKogrS4CnqWpa76ZcUS6VRyXbo63H2eyrQ3ddf2orNqc52mRYrdCU7fPWx5AunYqvQS50oMiNl3ysyHPfeaHbx5wNAGRa4627DqSHngtY3SJcnatROoaLZxL7AvyLYbqO7Cs2SiM2xU1GhA5xOhm1j4LdtP0Dv9pD7rLYCNzAJeSov2GNjxn+T/d3kiHWkefQEcpxyICpjKDeFJH0qJs6WHDZQ5JOE8JFu9C1ze+aBlRLfr6nC4Ymszh+Hem3gJ3bkf2m/MCOLLx7lVlKDQh42tFfubsVCLqpFXKMfmTb5hwqf5ElcW3+xezQStp2CkxvH8NURf9TaoQ/SvuRv82sOJGTje9YxfZmiNAXlB6aD8gwSAD40ddlftnthim+M97c/U86+TClDL9CD8V08brkyLcwrfCGB5DgbmihV0eKMvg7JZ7PlRIxrVWK5BnKunpghB2FkC/kTwiKFT2iqIQhIEVoJKJqphZomqdlVpMFmnfIPICa5LM9oUumUuyhL91wa1vU3SlJWB1sZXIILKpQHTWox27FlGLFcs7MhiYKAp0BbsI54PdmEpRR6ZbJlNKJ1u6u8UZ8I5OT68yOUJ3QcarQASjLZKR+lvclV+ZpWLWl4g3FTl2QJSKEiJspZcDvmdUgXCt5g1D/0YYJU4p9hBU1w956VndZt3zsEjoi86hLSrG/ZNa2oH9/zXOxgxXCN0ohzw+rZWgvrxDhgFTPxZl1KhKfIy6POF9nFgX6F1EOHbqZV1YNIB45poGzA9IoiufQIPByZ5tXL8zu9xaQNJBY2SJIMTaHLPwm6VcBJ7mwUw== |
X-Forefront-Antispam-Report-Untrusted | CIP:255.255.255.255;CTRY:;LANG:it;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM7P191MB0931.EURP191.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(4073399012)(366016)(8096899003)(38070700018);DIR:OUT;SFP:1102; |
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount | 1 |
X-MS-Exchange-AntiSpam-MessageData-Original-0 | xPzJ5p1Oao8WjBWe0xqsJM0lVsSiICN3C+Sea96QnddyrlxMacLfLqmul62K1EZzVXeX4rpo4bvYYx9P7VqRlh2g1NGODUKUbvZaIOKscdikd4eZkCZecsc/x7xnW8n7GT7cgaMRO9eVcEf9i4vaIfzGtU/5vSh3gAJhqinII8iPTw0wFSgeFLjWWsn2jxh4VX180qYpNavDHXB60MMHMQ0VN/cfZU2igO5enxmXYj/gcjPVmr0wK8FGFjtxK7RE+d8CSi2+s4JcZj0vLDX9CC9SjL3IYCI2UCm+KrNvIaGZbeSnRFFxQeEJ3LBwroZM/6YlnReqA0bAjkQeBboWR9zWWyfJGmbV5/YlnxmjpkqG/FNLtyTLMsRajh9ivd2k0E+TZ96zoEw7xNbyWiCJ4ecjd3sYEy5zkdBnqeLpaadVRtN+2VWFY7k4WdykFRAnocfVbIDjVPWdmcs6i2H5UqsXJDfiSWSpOj+4xTsICABHuDu34O6aKdrLovA3NQhYQ4uaqPMZyw+ajARNcxvCrbNaIoZreCu+5nc4y5o6ITDbyJvZtq6f/naMEIfptTgnWeByR/extip2pjpDQGxdAAHItCcx2L/vguIYOzxb6vNhkgQip6bV/UMLQ+6GVlvkD8AM+lOcPDmRBOTzyUz2BtoKNRwszUnZahXZICIcry0wWzrNllMHdr48ZtnogiZR757Nta81HUNRFxbfzG0lSedygfBOk+LM5MP9KLrfW6tyWmpwIG7r7f0Z6NMKZ+XRXkSs5MnsruXk64I8lzUWmrQT5se6EhBNWhituLzYD80UfVAqzoXMJk/IMPqPP5YGQKz+NHtfBZoQF9ApvrKuHpImD+wZRMwgjcBvM+raejx9cRu6RSXZ0pytUStudjsrp0sac50Y3/DJa/WsUY1TEjbFngnnegIWWe1AyaXdNrYjrgZ5RjVnb/uPXbZEQGuvI09NcmalUFOiXDntzjQhRGIUXX98wqFnBBUUesPi53x2SVEdxmPg34b0EtLQT8YgQvpZ3B+dlr6Cqtu4+pw6hjRoePIhr5yoxKfv+PwgnE6ygFrJMKkZYmxx1NxCcIafALy9RFtrMLYDYkN7eRjZtRlG8qVKW0Wcyy0xwVeauu+XrN7tpY44lgeMJxpzPR9EFLfayEqsXtoUCbhURiUygNrH8L6p76hN1f+YfaW92I0U9VBzgeAaiOSna/h4OiekFALq1MOzfOa0id37Frjbqhu9jmJAusZ3smlmAPWLhwL6Pg8x6IbTKoBq1KCXTtXHzPy4qs2xpbyslgZxw8m+sh6pAbW7vPY538b+s4LG/PXn+UqpMQX/lEUGFOWVJIZ2cf0xAlJT7LVjCH5PKWXZ4pAawkih3vSyGt4H4H1Kul8fT4UO7c9qyPZt2BS2+jpbWeZANe4CXq59I1++VCdDwGzpSMVxed6a50vpItDBZrFCcG8YN5sSk2DlwDSuEH79H7jSRBAJPAlTc41mmttsBE54SXrhM2wbfFuZUqrTIWejjHuZPQyV3dGbpRHYjWVu80vvGVsBeXi5DxyWG4NAHwuEwybQckd1MMW8kJpsRdgAFqntDMfbel/zh0BL4ixY |
Content-Type | multipart/related; boundary="_004_AM7P191MB09313A3269ED6BC94388EDDB90042AM7P191MB0931EURP_"; type="multipart/alternative" |
MIME-Version | 1.0 |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | DB9P191MB2121 |
To | Undisclosed recipients:; |
Return-Path | nicola.lizzadro@laimilano.it |
X-EOPAttributedMessage | 0 |
X-EOPTenantAttributedMessage | 5d760c6c-e5b2-4790-a143-013580cc70c6:0 |
X-MS-Exchange-Transport-CrossTenantHeadersStripped | AMS0EPF00000194.eurprd05.prod.outlook.com |
X-MS-Exchange-Transport-CrossTenantHeadersPromoted | AMS0EPF00000194.eurprd05.prod.outlook.com |
X-MS-PublicTrafficType | |
X-MS-Office365-Filtering-Correlation-Id-Prvs | 95b60ac0-0cc1-47c7-0120-08dd1e9a48bf |
X-MS-Exchange-AtpMessageProperties | SA|SL |
X-Forefront-Antispam-Report | CIP:40.107.249.126;CTRY:IE;LANG:it;SCL:8;SRV:;IPV:NLI;SFV:SPM;H:EUR02-DB5-obe.outbound.protection.outlook.com;PTR:mail-db5eur02on2126.outbound.protection.outlook.com;CAT:HPHISH;SFTY:9.25;SFS:(13230040)(4073399012)(22003199012)(4073199012)(5073199012)(5063199012)(35042699022)(35112699012)(4076899003)(8096899003);DIR:INB; |
X-Microsoft-Antispam | BCL:0;ARA:13230040|4073399012|22003199012|4073199012|5073199012|5063199012|35042699022|35112699012|4076899003|8096899003; |
X-Microsoft-Antispam-Message-Info | F/kTLk/tuXcqaWqoe+DiBQhBPfO3qLSXmGv12XNICnVbDOkNRN9jUxfmcXWWWu2zs42vWiASYFuBpolZxVIEasjaiXlor/w+SmqnuehMkHVsxCtbc6JI6zarZOvrPCbaHIyn4rV2U3G2kvC9ecGfFoYde1wF5XyDRrFnUC+zsV45GXqsJu5ogy0GrfcY0dme9AQq3hbaRwIpVMclbgqPu0yeVwewOMcbLxoviRz8S5BUmDR9BepayUQ/e6y1AHcQvwqK0PdrQZT4sLPeo/6hch/fSod00OoCshs2BxJMpU5zUmaAcQ8RAyXY0ovF1M+FkakMKswx6CH6cs/63ywQpu8o7vu/86EfudU9LQeQoB+PAGCTHPa1NmL4N+8ID7ZcG1xcak68SRTFIAv7F4LnqfDRw7vbwl9B5Qx7wWY35K6rRWZdmBdSgfx1AbfUmpvwqlXAOn8KdEFZLoPgcgT3oQh4C4UgSnVXGQZl3bSRHhootSdvcZ14RcbpdM02pVgP9PYRiMqowmoavqVkvb6gFauToA1/YH2QfyWany8quR8XLL6Hz4rQIIJUrZ3IRFhsbC8qMJ1QoALObI7Ciecvzzt5D6IerMGqev857HLUh9wCNJqs7vw+TP9x+v+LJrRweIYzXcjMRUjxbmPaxStXJMJBkOz3OuD1u7q4mXhqUHslheL26J/uJ01aONaXksEiR2XP0j0Y4Yf4UG/i0bzGm5SuKD4nEWNeTm94XETlr5VWXJ5otbJUg6/jFu7llmUsoIqGuqjNez5krYrQ3ee5q+fYy/xiaf6s8kuThylA37lHgRB7fNPrSfAjm3rNXt80CjRB8eN7t5g7/jq6oBUib0mkDPV/n/FvOIwI/iQTseDDkYjFxszL8qPR6jzmm7PuGXTUjtcWBQXGfMFq9uGLBwstfD3FacTgLCciyc2PDE07URO5OFJiMfj9U3XuWO07pVyc660qypN2y949muJyiIOS7ZRsuoKhN+1XqZrxQJpx66RCVMriJrOzVb9o54Vd5jWbYNhHxbpyBlwe6ZUCX5qpAJC0K4LkpkFTxFsjVvP0uDuEPBgzkYtBT1M9KwOJGH3b3wRSE6fS2X3Mg2gv+qJYpCL9c41WRpcAtNJhjOrdCaZr7T74Y/7lU2i3YUgANgNL7sZa9THFG//2h9/UzsNyEbUhhjr/kXWDnYg11e46Pcp3Mq7EHTka481dDn3iOJJFpveapFFO4Mhr/Wgu70jD5jkbA6SKJPtbe1IzMzCaxR9lUerGXj48ftHiFDGOOtjP0gTwlxJoOxFAq0WXptod3AJNjG6a7Nq8uRZZ4+KRXhb3Eg3faJSzdBNIUkEImrWimt4pE3AD1RbEO7CtsFF/dMRR1VN9f4YrtAM9W1EBsMc+QbwF1zmVJFK+pSQj37U48DX3PEkUJgPZJ7djm8oxgO+qcZ/DDuBfaYJPMNRfHQYsuWeRQ0D0zqaMOm46nwQ2zeJVFO4JO0ZBB3lRUWRVb1zVcna/GvTqN9N3tEgBqu8+QeuvjcfDDZXl9dtEsxQvuEkD3SWC8bo7agg9gRwlFkUr+S5ZvnjvZxz3tV5zO0PPL5ibOHquH6Po8l7/cBmUElPAmHkS/vXzu4h9IgE7jMlnnVZjavymAv6OA3ZsTAtuAANDVKPmElqU1oBCKL1GMQJL5QY7CVSxPpGmWq5AotdqWbTmew7rrLT1rPjY9AAlCcFSyEadsQYRANxs7mb8JVN8aO/jQf8XFF1i1vIWCv3f7S7xr/8DBQ6AgNJ365sXG81a3sNmR0sSjzp4ERtvfSUnh8nn2xs38iPBWK+ef8pzxudpANIwpeEt/ZFEJc5fUT/3vD72aVlopOHItxBW8GDhMpeJrKDSS6xVoLqgW9NeNO9qzuSY0pPteMlIcPyNBZr+MC4dseIj/Z67KIoH1MOdLa961HX6W+3K6JN+84PmyMQlRAyGwXkWpe5hG4/KG+oEQ2ZcQfQkN4PiRaCWOq5tVEYIUczJYwa93Y9Iib+dJ8PyZjjHWRR5hiYq6H6pm3RZIp4WUoo73q0eS5iQI54Pg5LYUMS1zSfRdd5tF+S9Oa6+0vZTBJVJQ36blZ0UFhJ2L6xCMqgeW5PjoSvJTASBrMT7kNsftZvpVMMq0z1BgNG0qo/9lfkBgk07ZlKbLNgFD2/+j+VixtnlB0n1wYMyv26HYauQhDqIZ72CzNNHtpzOIplm4quzaOw28ssfBixVeseeTVVEaca2lwg4X+j1BNcRuyZgf3nVxUNHjsSAAbr8uuS+gTUxZjRBck37aMOmxIJTKULTWe+v4rm3rPEaYLa8MVSfhdiNelrrtsiMeN9pM5cCG6viRb9dewVmMILS+wiEd6ICwFM21v3ugFM1tbUQmEu1iVhBD5x+W5Tb+cQV/45V3cxJthiCSz6Zbu/DU7pmlanLFzKaohxkSr2JvY6EFzUM/7KOJR0SQ0uBuISEviEdA3eEl9PIEb8jeDzxvo8shN1+Gcd3OnSFw8R4fjB2uwli9hdiBdJg9Tu3uXJt7Vvte9DqcrBchiEMZDUSSJil4/WoLBviPr1TPRqyqb0/XYvp9iBW7JOQ2cQoFM6NYdhlNdYNeLNn9Vok2e8cITV5bHl6cF7RapbfhyGbMuh3T7mixJrQpWW+XQhVs5YyvdDWFVkh/Okb7fs7ALzaU8cr5wMA3+biIj4U9QKlrDAFE9U50DBIog== |
Icon Hash: | 46070c0a8e0c67d6 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:20:59 |
Start date: | 23/12/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x970000 |
File size: | 34'446'744 bytes |
MD5 hash: | 91A5292942864110ED734005B7E005C0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 07:21:08 |
Start date: | 23/12/2024 |
Path: | C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff618a90000 |
File size: | 710'048 bytes |
MD5 hash: | EC652BEDD90E089D9406AFED89A8A8BD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |