Edit tour

Windows Analysis Report
phishingemail.eml

Overview

General Information

Sample name:	phishingemail.eml
Analysis ID:	1584028
MD5:	10b604ddf26a20de07060f18b9f43ebe
SHA1:	3f1bd89b4e3bcefce85f7fadf4c25dd6f268f317
SHA256:	a01174fd681341de09b7ec848bc62db8260229f2998f300cdbcf3b80bcd589da
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected landing page (webpage, office document or email)

AI detected potential phishing Email

Creates a window with clipboard capturing capabilities

IP address seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6264 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phishingemail.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6500 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DAD4889-39FD-4D81-8A25-F437DFB5EC8D" "A86618B2-E54F-49BC-88B1-9360EFEB5959" "6264" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

chrome.exe (PID: 7020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 4192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1972,i,8520123778435995892,7942582137012361327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1820,i,2371947540312049649,9044992565933829060,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

OpenWith.exe (PID: 5152 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)

cleanup

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6264, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected landing page (webpage, office document or email)

Source: Email

Joe Sandbox AI: Email contains prominent button: 'confirm now'

AI detected potential phishing Email

Source: Email

Joe Sandbox AI: Detected potential phishing email: The email claims to be from Robinhood but uses a suspicious Brazilian domain (royalmagazine.com.br) as sender. The email creates urgency by claiming account restriction and requiring immediate action. Contains suspicious attachments and mixed content about email configuration settings, suggesting a compromised server or phishing attempt

Source: Email

Classification: Credential Stealer

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 28MB

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 HTTP/1.1Host: royalmagazine.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: royalmagazine.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 HTTP/1.1Host: royalmagazine.com.brConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 HTTP/1.1Host: royalmagazine.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: royalmagazine.com.brConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: royalmagazine.com.br
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 04 Jan 2025 02:59:28 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 04 Jan 2025 02:59:46 GMTserver: LiteSpeedalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Source: phishingemail.eml	String found in binary or memory: http://royalmagazine.com.br/contact/abuse?id=31088735.8E66E56B8BD9B848A2F48AE18442E34B
Source: phishingemail.eml	String found in binary or memory: https://www.royalmagazine.com.br/subscription?fbclid=IwAR2BaY3OsFso7z0PFAMQGLrMmfJFdPnhMfClsMrrUiLgH

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

Source: classification engine

Classification label: mal48.winEML@30/10@8/5

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5152:120:WilError_03

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250103T2159130781-6264.etl

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phishingemail.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DAD4889-39FD-4D81-8A25-F437DFB5EC8D" "A86618B2-E54F-49BC-88B1-9360EFEB5959" "6264" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1972,i,8520123778435995892,7942582137012361327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1820,i,2371947540312049649,9044992565933829060,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DAD4889-39FD-4D81-8A25-F437DFB5EC8D" "A86618B2-E54F-49BC-88B1-9360EFEB5959" "6264" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1972,i,8520123778435995892,7942582137012361327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1820,i,2371947540312049649,9044992565933829060,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinui.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.appdefaults.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uianimation.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: thumbcache.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: tiledatarepository.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: staterepository.core.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepository.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Jump to behavior

Source: Google Drive.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.6.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: OpenWith.exe, 00000010.00000003.1604094549.000001B816D34000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	21 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Clipboard Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	1 DLL Side-Loading	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Extra Window Memory Injection	1 Extra Window Memory Injection	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://royalmagazine.com.br/favicon.ico	0%	Avira URL Cloud	safe
https://www.royalmagazine.com.br/subscription?fbclid=IwAR2BaY3OsFso7z0PFAMQGLrMmfJFdPnhMfClsMrrUiLgH	0%	Avira URL Cloud	safe
http://royalmagazine.com.br/contact/abuse?id=31088735.8E66E56B8BD9B848A2F48AE18442E34B	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
royalmagazine.com.br	158.106.129.107	true	false		high
www.google.com	142.250.186.132	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://royalmagazine.com.br/favicon.ico	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.royalmagazine.com.br/subscription?fbclid=IwAR2BaY3OsFso7z0PFAMQGLrMmfJFdPnhMfClsMrrUiLgH	phishingemail.eml	false	Avira URL Cloud: safe	unknown
http://royalmagazine.com.br/contact/abuse?id=31088735.8E66E56B8BD9B848A2F48AE18442E34B	phishingemail.eml	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
172.217.16.196	unknown	United States	15169	GOOGLEUS	false
158.106.129.107	royalmagazine.com.br	United States	63410	PRIVATESYSTEMSUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1584028
Start date and time:	2025-01-04 03:58:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	phishingemail.eml
Detection:	MAL
Classification:	mal48.winEML@30/10@8/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .eml

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.113.194.132, 192.229.221.95, 104.208.16.92, 142.250.185.163, 142.250.186.46, 74.125.206.84, 172.217.18.110, 142.250.186.174, 172.217.18.14, 142.250.186.67, 142.250.185.78, 64.233.166.84, 142.250.185.238, 142.250.184.206, 52.109.76.144, 4.245.163.56, 184.28.90.27, 20.190.159.0, 13.107.5.88, 2.23.227.208
Excluded domains from analysis (whitelisted): neu-azsc-000.odc.officeapps.live.com, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, clientservices.googleapis.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, onedscolprdcus23.centralus.cloudapp.azure.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, login.live.com, officeclient.microsoft.com, osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com, www.bing.com, ecs.office.com, fs.microsoft.com, accounts.google.com, prod.configsvc1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, evoke-windowsservices-tas.msedge.net, ecs.office.trafficmanager.net, clients.l.google.com, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, prod.odcsm1.live.com.akadns.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
22:00:02	API Interceptor	1x Sleep call for process: OpenWith.exe modified

LLM Input / Output

Input	Output
URL: email Model: Joe Sandbox AI	{ "explanation": [ "The email claims to be from Robinhood but uses a suspicious Brazilian domain (royalmagazine.com.br) as sender", "The email creates urgency by claiming account restriction and requiring immediate action", "Contains suspicious attachments and mixed content about email configuration settings, suggesting a compromised server or phishing attempt" ], "phishing": true, "confidence": 10, "generated_by_ai": false }
{ "date": "Sat, 14 Dec 2024 14:02:30 +0000", "subject": "Important notice: Your Robinhood Account is Currently Restricted.", "communications": [ " Reminder to confirm your info by Sat, December 14, 2024 We're informed financial regulation team required you to re-confirm your information. For security reason your ability to Buy or Sale / Deposit or Withdrawal, temporary suspended by financial team until you already confirm your information Confirm Now This url will be valid for 6 hours from the time it was sent. After confirming, you will be able to access your account. THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook A .mobileconfig file for use with iOS for iPhone/iPad/iPod and MacOS Mail.app for Mountain Lion (10.8+) is attached to this message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. Copyright 2024 cPanel, L.L.C. Reminder to confirm your info by Sat, December 14, 2024 We're informed financial regulation team required you to re-confirm your information. For security reason your ability to Buy or Sale / Deposit or Withdrawal, temporary suspended by financial team until you already confirm your information Confirm Now This url will be valid for 6 hours from the time it was sent. After confirming, you will be able to access your account. THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook A .mobileconfig file for use with iOS for iPhone/iPad/iPod and MacOS Mail.app for Mountain Lion (10.8+) is attached to this message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. Copyright 2024 cPanel, L.L.C. Reminder to confirm your info by Sat, December 14, 2024 We're informed financial regulation team required you to re-confirm your information. For security reason your ability to Buy or Sale / Deposit or Withdrawal, temporary suspended by financial team until you already confirm your information Confirm Now This url will be valid for 6 hours from the time it was sent. After confirming, you will be able to access your account. THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications Reminder to confirm your info by Sat, December 14, 2024 We're informed financial regulation team required you to re-confirm your information. For security reason your ability to Buy or Sale / Deposit or Withdrawal, temporary suspended by financial team until you already confirm your information Confirm Now Confirm Now https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 Confirm Now This url will be valid for 6 hours from the time it was sent. 6 hours 6 hours After confirming, you will be able to access your account. THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications THIS IS A SERVICE-RELATED EMAIL THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications Attn: Email Communications Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook A .mobileconfig file for use with iOS for iPhone/iPad/iPod and MacOS Mail.app for Mountain Lion (10.8+) is attached to this message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. Copyright 2024 cPanel, L.L.C. Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. Secure SSL/TLS Settings (Recommended) SSL TLS Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. Username: _mainaccount@royalmagazine.com.br Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 IMAP Port: 993 POP3 Port: 995 IMAP Port: 993 IMAP POP3 Port: 995 POP3 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 SMTP Port: 465 SMTP Port: 465 SMTP IMAP, POP3, and SMTP require authentication. IMAP, POP3, and SMTP require authentication. IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 ActiveSync SSL/TLS Settings (for Android) SSL TLS Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Username: _mainaccount@royalmagazine.com.br Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 ActiveSync Port: 2091 ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Secure SSL/TLS Settings (Recommended). SSL TLS Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Username: royalmagazine Username: royalmagazine Password: Use your cPanel password. Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Port: 2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Calendar: Calendar https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: Task List https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Address Book: Address Book https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Username: royalmagazine Username: royalmagazine Password: Use your cPanel password. Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Port: 2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Calendar: Calendar http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: Task List http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Address Book: Address Book http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook A .mobileconfig file for use with iOS for iPhone/iPad/iPod and MacOS Mail.app for Mountain Lion (10.8+) is attached to this message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. IP The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless IP The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com IP The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. Copyright 2024 cPanel, L.L.C. Copyright 2024 cPanel, L.L.C. Copyright 2024 cPanel, L.L.C. " ], "from": "\"Account Support Robinh...\" <jk@royalmagazine.com.br>", "to": "customer@wm3.robinhood.com", "attachements": [ "inboxrules.txt", "carddav-supersam.mobileconfig", "email-supersam.mobileconfig" ] }
URL: https://royalmagazine.com.br Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://royalmagazine.com.br
URL: Email Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Reminder to confirm your info by Sat, December 14, 2024", "prominent_button_name": "Confirm Now", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: Email Model: Joe Sandbox AI	{ "brands": [ "Robinhood" ] }
	{ "brands": [ "Robinhood" ] }
URL: Email Model: Joe Sandbox AI	{"classification":"Credential Stealer"}
Email: Detected potential phishing email: The email claims to be from Robinhood but uses a suspicious Brazilian domain (royalmagazine.com.br) as sender. The email creates urgency by claiming account restriction and requiring immediate action. Contains suspicious attachments and mixed content about email configuration settings, suggesting a compromised server or phishing attempt	{"classification":"Credential Stealer"}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	phishingtest.eml	Get hash	malicious	Unknown	Browse
	http://livedashboardkit.info	Get hash	malicious	Unknown	Browse
	iGhDjzEiDU.exe	Get hash	malicious	Remcos	Browse
	random.exe	Get hash	malicious	Unknown	Browse
	random.exe	Get hash	malicious	Unknown	Browse
	1735939565593f5d6bf694464eb338b020a826ec212acacc46d4424bb914edbae3d507116e469.dat-decoded.exe	Get hash	malicious	LiteHTTP Bot	Browse
	https://track2.mccarthysearch.com/9155296/c?p=UJEwZLRSuPVlnD1ICTWZusB5H46ZFxhQFeZmgv_N89FzkqdhuHSGoPyB5qZfahmny00oVnRJ_XGR4M89Ovy-j3JZN_nz1Nb-BfHfDXVFwrd4A8njKtxWHgVV9KpuZ3ad6Xn31h13Ok4dSqgAUkhmVH1KUMKOlrKi5AYGmafMXkrBRxU_B4vy7NXVbEVJ970TwM25LbuS_B0xuuC5g8ehQDyYNyEV1WCghuhx_ZKmrGeOOXDf8HkQ-KOwv_tecp8TMdskXzay5lvoS31gB-nWxsjPaZ8f84KWvabQB4eF73ffpyNcTpJues_4IHHPjEKJ9ritMRTaHbFdQGNT_n13X_E7no0nMmaegQjwo4kKGu6oR02iG2c_6ucy3I6d8vsNl324Pjhx3M20dDmfZAju1roW9lGyO1LfgEnp1iSAFpx4kA7frEmKGzJYNX_cZrwVBoH8vvIYauXGnXBrZacRhuZGGbOjW2HHr9KF-0q7xjdgG2hxjWZ2H9zjubJGDnUjHRfiIr_-0bem1pLFqziEmy0450LGuXV23cQ6GD8yuK9tuRwMIF0sbkhVqONC0e6TsXlkUuTRAVWBbLlRPcygJ-CbukwvFtAxobVQ8-PpIuGj97DYFnmbfbJrrZDtH57TpdP4AxtW5k74BKSXvb1B6JX0p7Oyr1kXxLs_OrNPdAdrf8gXR35D9W7WeQ2zhPEqP0Mv5sJx4DlYh6Y4FqgPfCRFcDcL7Cy3HSlJ0XYfv-ae4o-hdX_0rJPqEG_-Bn2yj60YPDYpE8KDIgC_ZMwlNLdK4pAK6vSt4NWDncuV5y7QDqt97ribjd4U3AOvQTKW9r_eMky9-IC9hkSPrg2S0ZBgA9ITW3AQ3v-lq94cAwt1v1RLaFgsy67l_7lni1gYsZaQdOsFJsDpCFYaZsTMcVz2QAnQ_2UidhzlUekPl5xh9LNe9o77rO1FolZslooaXxCf2U2RZmvUA6NCNiGZ8KSsoUYTnqAHenvBJVJwMWd66yD2O60rC3Ic2qOQ1KOF9AB6-iFTvQFxtSTjS2hFwi7N97LeQtVYKhdzZuq2SasgJg0JPnZiFv_FSbgmiodqx9rz_lWIqWQNoQVht-oO2BfFxSF_aedAmm2MuQAL7z8UjBf_deiKwQyfKOyA6ZkAJ14F9xwhNm9F7B4PBgDtocqJQBjw5Cf1jCBSAs3nSYP2_nzofJuQSXd-YD9PIzkkmJw7Nqux7IgJ6p1z2Hsf6i3zShVdZY3g2mmA1xR1FV1LoSYwcRBqZt3pv0UDjuqCEoiqKDuyT0rkhqTRLo29uuM588Lna16PFSgSLoLUhnJ2rx8NLQQc5TqrsGjlN-ulCwTEyA0C9Epz9mxq14yDjw==	Get hash	malicious	Unknown	Browse
	https://covid19.protected-forms.com/XQTNkY0hwMkttOEdiZmZ0V2RRTHpDdDNqUTROanhES0NBYmdFOG1KTGRSTUtrK3VMMzlEN1JKVVFXNUxaNGJOQmd1YzQ3ajJMeVdZUDU3TytRbGtIaFhWRkxnT0lkeTZhdy9xWEhjeFBoRXRTb2hxdjlVbi9iSk1qZytLQ0JxRjd4UmpOS3VUQ2lpOEZneTRoVmpzY2dyekR1WlhYOWVteVcrUXg0a2Y2aEU2ZEZwMVNId3R0U01RK3N3PT0tLVR0bDl1WEFUelg3K2VzTystLUxaMkFrZnU0UmJXRkR3aE5NRE9BOEE9PQ==?cid=2351432832	Get hash	malicious	KnowBe4	Browse
	https://www.copiat.ro/6.exe	Get hash	malicious	Unknown	Browse
	http://www.cipassoitalia.it/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PRIVATESYSTEMSUS	kwari.mips.elf	Get hash	malicious	Unknown	Browse	170.249.240.187
	x86.elf	Get hash	malicious	Mirai, Moobot	Browse	209.42.232.131
	loligang.mips.elf	Get hash	malicious	Mirai	Browse	67.222.13.251
	i486.elf	Get hash	malicious	Mirai	Browse	208.78.244.120
	spc.elf	Get hash	malicious	Mirai	Browse	208.78.244.163
	sora.arm.elf	Get hash	malicious	Mirai	Browse	209.42.231.41
	ImBm40hNZ2.exe	Get hash	malicious	FormBook, GuLoader	Browse	170.249.236.53
	yakov.x86.elf	Get hash	malicious	Mirai	Browse	67.222.3.222
	Payment copy.vbs	Get hash	malicious	FormBook, GuLoader	Browse	170.249.236.53
	Zeskanowana lista przedmiot#U00f3w nr 84329.vbs	Get hash	malicious	FormBook, GuLoader	Browse	170.249.236.53

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	110592
Entropy (8bit):	4.508127619581029
Encrypted:	false
SSDEEP:	768:Exl0hutTY1OE92jmQEq4kwNecI9gdctKg9PuW/ChcYvbXSbLYW4WOWWWpf4mYkCK:EmO4lecI9gdqocYzXQfP
MD5:	DAC5F814BF227CE2266F827CB2F99A48
SHA1:	D1E7B6B6BE05B0CDA281E81A93715FCD0398CF63
SHA-256:	238810FED860CEF61C02A0946977D8DAF4DC5A3D7D057D87DAF77FE4C93AB408
SHA-512:	311FEE8EDDCF2675779B167BFA5E084E69E59EBA34A5435E938CFE33F7867F1B2B2AB5312909B19419E786F1E4296BC789DC6D7E119BFA5E4728FAD9D3298BC2
Malicious:	false
Reputation:	low
Preview:	............................................................................d...\|...x....J..T^..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................Y...........J..T^..........v.2._.O.U.T.L.O.O.K.:.1.8.7.8.:.4.9.d.0.8.e.9.c.1.1.f.0.4.8.8.3.b.a.a.2.3.d.8.a.b.2.2.8.4.9.0.2...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.1.0.3.T.2.1.5.9.1.3.0.7.8.1.-.6.2.6.4...e.t.l...........P.P.\|...x.../...T^..................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\msoB07E.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	GIF image data, version 89a, 15 x 15
Category:	dropped
Size (bytes):	663
Entropy (8bit):	5.949125862393289
Encrypted:	false
SSDEEP:	12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
MD5:	ED3C1C40B68BA4F40DB15529D5443DEC
SHA1:	831AF99BB64A04617E0A42EA898756F9E0E0BCCA
SHA-256:	039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
SHA-512:	C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
Malicious:	false
Reputation:	high, very likely benign file
Preview:	GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 4 01:59:29 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9932345027203877
Encrypted:	false
SSDEEP:	48:8jddwTR7+7HSidAKZdA1JehwiZUklqeh1y+3:8jA8omy
MD5:	A20A7B60EFC264A77BD7853A91AEE2FD
SHA1:	06170F0F5CA79D17D6F3D8EE2213E9D2736911D7
SHA-256:	5EEEF3B55AF2081A080DB8D15B980A41DC13682D51B9B8933466A65814882FFC
SHA-512:	DB2299F308A328065C87824C149721B1B61502009C3298D73CDB293A58BD73A171EF7EF87FAF0508AC00771D20CFC469EE4D9DA16141FF0A289BAC2C15261F3E
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......T^......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I$Z\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$Zn.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V$Zn.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V$Zn............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V$Zo............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'[\|......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 4 01:59:29 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.009015019664643
Encrypted:	false
SSDEEP:	48:81ddwTR7+7HSidAKZdA10eh/iZUkAQkqehWy+2:81A8S9QLy
MD5:	1E7F895791D00A292A455798D3878741
SHA1:	F0BCA5E446D73D1CFB859A672C59E0291694651E
SHA-256:	85FDBCCA02AC2CA60F007758D15A970F88F630B08A93C4935C7839E127CDDF21
SHA-512:	F1D82F532E682E3EACA5065E7E3E3DB5F7C3F409EDE2A90720B3659DE84D6B0183733AA0788CB9ABBA8323F1338A6BDD68BA4273D3C67E3906C95D2DD1BA785D
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....k.T^......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I$Z\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$Zn.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V$Zn.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V$Zn............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V$Zo............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'[\|......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.019575402920881
Encrypted:	false
SSDEEP:	48:8eddwTR7+jHSidAKZdA14tIeh7sFiZUkmgqeh7sEy+BX:8eA8ynqy
MD5:	DAAE7C598E3FC9926E79A4BEC70DA65F
SHA1:	A0DE895004311DF1BE3BD8E678A4A93AB12BADE6
SHA-256:	DD34A49167D3E03CE13DD5999D42B04E6914B111BC76D3D629A83E2B0C34BD7D
SHA-512:	C62881488371B1F918108FDE4A5A3E90622B6E7CF7F5720B8798F509EAE5D0B9D057BBC31695DEF2A7061513DD50B5DFE5F0BDBC6E5EC5FFD3BCA80C2D176ADF
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I$Z\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$Zn.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V$Zn.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V$Zn............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'[\|......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 4 01:59:29 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.008154320029829
Encrypted:	false
SSDEEP:	48:82ddwTR7+7HSidAKZdA1behDiZUkwqehCy+R:82A8p8y
MD5:	8E82DFE768076F0BC95CD9BDE9C1E0E5
SHA1:	983F1761CE1C52F93A3D607C40232E3061C8C546
SHA-256:	EC731FC0F91F62E1CF0FAA512FF74D2F73D133B40A2616D69CB8CCFCC98AB4DC
SHA-512:	3DCA489996F5D104BCC56082710A7484A8BB94207A8976D56892A23E689FB5B9F1F7CE7423F84A4AA9EC695F0B69D5B11C39671F2D5F654C153768F44B35322A
Malicious:	false
Preview:	L..................F.@.. ...$+.,....u..T^......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I$Z\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$Zn.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V$Zn.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V$Zn............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V$Zo............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'[\|......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 4 01:59:29 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.999090800408232
Encrypted:	false
SSDEEP:	48:8YddwTR7+7HSidAKZdA1VehBiZUk1W1qehIy+C:8YA8Z9oy
MD5:	79BC864189C098E57B6FCB2F37D9C675
SHA1:	46F9B318D287D2C09A43AE0B556B1A777040BFBE
SHA-256:	18D9D05213E508010599259000E6A4776558C09375D76E35837A0F8972732F33
SHA-512:	28E460234E1B44CD0E943F026C1274371DCE09B1EFC23A15B9C84DBB4A656E280AD61BC8E01127DD178DA9966581689460F6D7A83D6AA85C7D798B16190C8D02
Malicious:	false
Preview:	L..................F.@.. ...$+.,....v..T^......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I$Z\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$Zn.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V$Zn.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V$Zn............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V$Zo............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'[\|......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 4 01:59:29 2025, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.009669145994405
Encrypted:	false
SSDEEP:	48:8DddwTR7+7HSidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbqy+yT+:8DA85TTTbxWOvTbqy7T
MD5:	D4EA6156D9407883A94F8E024E74961D
SHA1:	9F4090DDA41D0E860D71F9BE4EA6517F162EFEC3
SHA-256:	E4CDAB2C6C3D8AFAE9FCBDA1B590A9688DA1281D9D37523D50A849C86FC73536
SHA-512:	A1D8471740E9F3CA38FEC49CA2C7C53A438FE8899F8196E2C270E471E0E255AB8BD7106D90BF8B739153D3C10B0304B417CB1140DA8ABB6A2B11575B27CD4CCF
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......T^......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I$Z\.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V$Zn.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V$Zn.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V$Zn............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V$Zo............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'[\|......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	Microsoft Outlook email folder (>=2003)
Category:	dropped
Size (bytes):	271360
Entropy (8bit):	3.6564625968623234
Encrypted:	false
SSDEEP:	3072:VtwFS3gAaM2ZjyRj5yWC8pcX9ap9dHgp9:D3l2W5RGadg
MD5:	16676ABC072E7F0075B54688CD3DC170
SHA1:	22B6324FB73E7F50347189FE63AC551A1C66E89A
SHA-256:	FF1C6A2857577D6D357E915B172AE5168002837FBA3522CFF68A4A7A6E15B5D5
SHA-512:	61D1F32CCC22AD258B3C84B890D0C8AAC03BF5181AB1EC4E971692A155497A830D33C69ED9C3C942C648BD347ED4B63C330748762299F0E9F08509D0174E9E80
Malicious:	true
Preview:	!BDN..=.SM......\......................_................@...........@...@...................................@...........................................................................$.......D.......#..................................................................................................................................................................................................................................................................................................................................KTS2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	5.140288893895107
Encrypted:	false
SSDEEP:	1536:3DOf6zhfWCnNtt56kvLn4CdUPS0tLW53jEpEHP4qQ10PAwrlnaTMfMDD:ywhfWCNL5WCcdp9DV
MD5:	7BB29986E0E42526531B29E2DEA8C5FC
SHA1:	6700B58667A5BADDF47D63B8B1126A7992BF0838
SHA-256:	5E56822898856B4F03A54E404D1FADBD8C3DF3B2A798D960D5247F5801FFE559
SHA-512:	79E6FFFDBC7F54989DBC47A575EB2070CE73E273BFE2D8E5559320B33CD982D3E2994BB83477C127E134515B9539A674564F0F0F0EB3747DECA30CDC2D8116E9
Malicious:	true
Preview:	S..X0...........x.......T^.......D............#..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...D......a..40...........x.......T^.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	RFC 822 mail, ASCII text, with very long lines (425), with CRLF line terminators
Entropy (8bit):	5.864890471286569
TrID:	E-Mail message (Var. 5) (54515/1) 100.00%
File name:	phishingemail.eml
File size:	64'259 bytes
MD5:	10b604ddf26a20de07060f18b9f43ebe
SHA1:	3f1bd89b4e3bcefce85f7fadf4c25dd6f268f317
SHA256:	a01174fd681341de09b7ec848bc62db8260229f2998f300cdbcf3b80bcd589da
SHA512:	97cc1fcb95a32a82e07780aa6ac104b0d745327748c7f19e737524ecc54af5658eb8d3148131cac693b31f64ec7727ebec9233d7d89742fc6593ba365fa72567
SSDEEP:	1536:dQxHIu5RU8Ripd3yW5w5bZmD2PC4F79qL73WF4xJRC8gBFMLk/t0tdUDWKW:78RiTz5Atmya4F7onGF4xJRC8cFMLk/k
TLSH:	8A535C12AD433D838B6019C3A4EE19D9141D374F65F240A46DAEEA4C4F3C8ED6EF16E9
File Content Preview:	Received: from BY3PR13MB4868.namprd13.prod.outlook.com (2603:10b6:a03:361::13).. by DM6PR13MB2251.namprd13.prod.outlook.com with HTTPS; Sat, 14 Dec 2024.. 14:02:34 +0000..Received: from BL1PR13CA0291.namprd13.prod.outlook.com (2603:10b6:208:2bc::26).. by

Static Mail

General

Subject:	Important notice: Your Robinhood Account is Currently Restricted.
From:	"Account Support Robinh..." <jk@royalmagazine.com.br>
To:	customer@wm3.robinhood.com
Cc:
BCC:
Date:	Sat, 14 Dec 2024 14:02:30 +0000
Communications:	Reminder to confirm your info by Sat, December 14, 2024 We're informed financial regulation team required you to re-confirm your information. For security reason your ability to Buy or Sale / Deposit or Withdrawal, temporary suspended by financial team until you already confirm your information Confirm Now This url will be valid for 6 hours from the time it was sent. After confirming, you will be able to access your account. THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook A .mobileconfig file for use with iOS for iPhone/iPad/iPod and MacOS Mail.app for Mountain Lion (10.8+) is attached to this message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. Copyright 2024 cPanel, L.L.C. Reminder to confirm your info by Sat, December 14, 2024 We're informed financial regulation team required you to re-confirm your information. For security reason your ability to Buy or Sale / Deposit or Withdrawal, temporary suspended by financial team until you already confirm your information Confirm Now This url will be valid for 6 hours from the time it was sent. After confirming, you will be able to access your account. THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook A .mobileconfig file for use with iOS for iPhone/iPad/iPod and MacOS Mail.app for Mountain Lion (10.8+) is attached to this message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. Copyright 2024 cPanel, L.L.C. Reminder to confirm your info by Sat, December 14, 2024 We're informed financial regulation team required you to re-confirm your information. For security reason your ability to Buy or Sale / Deposit or Withdrawal, temporary suspended by financial team until you already confirm your information Confirm Now This url will be valid for 6 hours from the time it was sent. After confirming, you will be able to access your account. THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications Reminder to confirm your info by Sat, December 14, 2024 We're informed financial regulation team required you to re-confirm your information. For security reason your ability to Buy or Sale / Deposit or Withdrawal, temporary suspended by financial team until you already confirm your information Confirm Now Confirm Now https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 Confirm Now This url will be valid for 6 hours from the time it was sent. 6 hours 6 hours After confirming, you will be able to access your account. THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications THIS IS A SERVICE-RELATED EMAIL THIS IS A SERVICE-RELATED EMAIL Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Robinhood will occasionally send you service-related emails to keep you informed of service and billing updates, new benefits and features, and other changes to your account. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. Robinhood respects your privacy. For a complete description of our privacy policy, click here. 2024 Robinhood. All rights reserved. 2024 Robinhood. All rights reserved. Robinhood Cable, One Comcast Center Robinhood Cable, One Comcast Center 1701 JFK Boulevard, Philadelphia, PA 19103 1701 JFK Boulevard, Philadelphia, PA 19103 Attn: Email Communications Attn: Email Communications Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook A .mobileconfig file for use with iOS for iPhone/iPad/iPod and MacOS Mail.app for Mountain Lion (10.8+) is attached to this message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. Copyright 2024 cPanel, L.L.C. Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Client Configuration settings for royalmagazine. Client Configuration settings for royalmagazine. Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Mail Client Manual Settings Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. Secure SSL/TLS Settings (Recommended) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. Secure SSL/TLS Settings (Recommended) SSL TLS Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 IMAP, POP3, and SMTP require authentication. Username: _mainaccount@royalmagazine.com.br Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Password: Use your cPanel password. Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 Incoming Server: mail.royalmagazine.com.br IMAP Port: 993 POP3 Port: 995 IMAP Port: 993 POP3 Port: 995 IMAP Port: 993 IMAP POP3 Port: 995 POP3 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 Outgoing Server: mail.royalmagazine.com.br SMTP Port: 465 SMTP Port: 465 SMTP Port: 465 SMTP IMAP, POP3, and SMTP require authentication. IMAP, POP3, and SMTP require authentication. IMAP, POP3, and SMTP require authentication. ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 ActiveSync SSL/TLS Settings (for Android) Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 ActiveSync SSL/TLS Settings (for Android) SSL TLS Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 Username: _mainaccount@royalmagazine.com.br Username: _mainaccount@royalmagazine.com.br Password: Use your cPanel password. Password: Use your cPanel password. ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 ActiveSync Server: mail.royalmagazine.com.br ActiveSync Port: 2091 ActiveSync Port: 2091 ActiveSync Port: 2091 Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Calendar & Contacts Manual Settings Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Secure SSL/TLS Settings (Recommended). Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Secure SSL/TLS Settings (Recommended). SSL TLS Username: royalmagazine Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Username: royalmagazine Username: royalmagazine Password: Use your cPanel password. Password: Use your cPanel password. Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Server: https://mail.royalmagazine.com.br:2080 Port: 2080 Port: 2080 Port: 2080 Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Calendar URL(s): Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Calendar: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Calendar: Calendar https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: Task List https://mail.royalmagazine.com.br:2080/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Full Contact List URL(s): Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Address Book: https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Address Book: Address Book https://mail.royalmagazine.com.br:2080/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Non-SSL Settings (NOT Recommended). Username: royalmagazine Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Username: royalmagazine Username: royalmagazine Password: Use your cPanel password. Password: Use your cPanel password. Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Server: http://mail.royalmagazine.com.br:2079 Port: 2079 Port: 2079 Port: 2079 Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Calendar URL(s): Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Calendar: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Calendar: Calendar http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/calendar Task List: Task List http://mail.royalmagazine.com.br:2079/calendars/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/tasks Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Full Contact List URL(s): Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Address Book: http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook Address Book: Address Book http://mail.royalmagazine.com.br:2079/addressbooks/__uids__/481BCE9F-396E-49A6-B85E-1497F1E37682/addressbook A .mobileconfig file for use with iOS for iPhone/iPad/iPod and MacOS Mail.app for Mountain Lion (10.8+) is attached to this message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. This notice is the result of a request made by a computer with the IP address of 5.53.101.235 through the cpanel service on the server. IP The remote computers location appears to be: United States (US). The remote computers IP address is assigned to the provider: Verizon Wireless IP The provider supplied the following remarks about the IP address allocation: spam and abuse reporting toabuse@vzw.com IP The system generated this notice on Tuesday, December 10, 2024 at 12:38:38 PM UTC. Do not reply to this automated message. Copyright 2024 cPanel, L.L.C. Copyright 2024 cPanel, L.L.C. Copyright 2024 cPanel, L.L.C.
Attachments:	inboxrules.txt carddav-supersam.mobileconfig email-supersam.mobileconfig

Headers

Key	Value
Received	from ip-172-31-37-64 (ec2-35-178-160-42.eu-west-2.compute.amazonaws.com. [35.178.160.42]) by smtp-relay.gmail.com with ESMTPS id a640c23a62f3a-aab9630f60csm1470166b.123.2024.12.14.06.02.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Dec 2024 06:02:31 -0800 (PST)
Authentication-Results	spf=pass (sender IP is 209.85.218.104) smtp.mailfrom=royalmagazine.com.br; dkim=pass (signature was verified) header.d=royalmagazine.com.br;dmarc=pass action=none header.from=royalmagazine.com.br;compauth=pass reason=100
Received-SPF	Pass (protection.outlook.com: domain of royalmagazine.com.br designates 209.85.218.104 as permitted sender) receiver=protection.outlook.com; client-ip=209.85.218.104; helo=mail-ej1-f104.google.com; pr=C
X-IncomingTopHeaderMarker	OriginalChecksum:2557DD4DBB2EB540562E9346EA3EAE4CC85C5CF96EB6329E8327C03EEE7C8E11;UpperCasedChecksum:E72FB359C625ADFE521DA781B41E5BE9096BB5CCF5B3F1FF34A546D8BF6BF49F;SizeAsReceived:5729;Count:58
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=royalmagazine.com.br; s=google; t=1734184951; x=1734789751; darn=hotmail.com; h=mime-version:feedback-id:disposition-notification-to:date :message-id:to:subject:sender:from:from:to:cc:subject:date :message-id:reply-to; bh=cgejvKJKoJmX8cE4kNepzhEAwtEw/840KwgY2lzyKR8=; b=iAPxN99akdPEvrNv/YAcB+1RukVukgzvQfHkhDtLEe9kvbHvdCpoLM4RbIijT3Nkj8 e3nCBarM2tE4zMBEPcV0eVWXYOJr+EFQwrplJUzNXCeXfcMoeCAC/rmt3BMIKm1uYUYl nQdn1Fv/jVekbrsWuVHc00cBsRZM2dVO5p34s=
X-Google-DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734184951; x=1734789751; h=mime-version:feedback-id:disposition-notification-to:date :message-id:to:subject:sender:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cgejvKJKoJmX8cE4kNepzhEAwtEw/840KwgY2lzyKR8=; b=rmyBl7QYBAPjs3cE4Ex0FDR3EknLPQe/Ll6YVTpRxXT6wpIzIVm8aaQHtInebn1ET4 GeXUjulrRqsr9ScgjzsSWytZlqVVJmT2Ym/6b/AD/UXYrtTN34N/m/xUsBksBzoJXBNJ 3/PV4mtVjTmh1MfW+RVQl3AZe60kyhdt1qMO/k85sNDi7WEtrZrhyUGdWkD3pLvhDujF tKUqhkyurT88vsS0nv71iuCe/5tHxgDPeF6qF0SyHgZU+NJ2XGNiwBOt9yJh414r6AfG SPr1iOywCHtz+Iz/H2Va0g67qOhI48429rIXJm73Mnnj/CKW6XtJhfj1UfW0sNIhS9lC 3fFA==
X-Forwarded-Encrypted	i=1; AJvYcCWi55Y/K1t9Npk5zOmDZoYM6fk68/Ry/MSqxQm4rKTdQq9e4FqPQjHFoyTyuclSpKoVOF1Rbh0oQtR+@hotmail.com
X-Gm-Message-State	AOJu0YyPD9Ste3qPXs8+HXh9nyL/QDTt0fp5issNbOKHxE54cEO1Oyce 7IQjXrYaxYRB4ewBQKpDrLbN0KxwCysox279n9DM7/TpTROBsGUbtX3BmPbEQo9z+GmkARxuCqN edTZfKEL4krcC9WuLTjKqdMMFM6B12a4W
X-Gm-Gg	ASbGncvN3zo8Ihf+Nk3oKG5Jmaf9ROy5uAP8kO38lJZeEn9V1A/iugHxCJx4ytIGZuL eoGD/WdfwbxppBfpTAmXznyMU7+UR59J0IVXPDV8OrqBXmFZ2mhhqHKdpQwl+AMQ5ylHy3Bee1C xAFqrwU9EcteQcwUDx5f3q2K+f0BKjLtO6iRHNcJiWOeT5UFVXLxl/QHdXX1Qk8K/0xA4EeJcqN 3+Vpqa7cgTc2uG0eWTC8JqbeBTCrpmUc60ykzOEIqDUl6HcNUQ6D569OksNpRQh9zx5TjVWAHXo aG+s0vwg4YqhpdIQTPz5KK5T2HRcm6stL9UhosaDhS0xMA==
X-Google-Smtp-Source	AGHT+IG7v+A57qbG8jQLK9EranwUm2+8vgg6E6pZR1Ymyobk07G1StIUJlkl95wlIbHz+JHjy8SHvMw6JXmM
X-Received	by 2002:a17:907:2d2a:b0:aa6:abe2:5cb8 with SMTP id a640c23a62f3a-aab77ee9945mr585995666b.60.1734184951395; Sat, 14 Dec 2024 06:02:31 -0800 (PST)
Return-Path	jk@royalmagazine.com.br
X-Relaying-Domain	royalmagazine.com.br
X-DISTRIBUIDORA-SENDING-MAIL	<dRvptoKAiYBTjwOfvPwjcwCG09K2bwPjbY5jq75y9k::web::royalmagazine.com.br::email::anti::spam::reports::true>
X-DISTRIBUIDORA-SENDING-MESSAGES-ID	<sgU5dnBJoOlAj157bi0zNHiOmtHIg9JbzIRr1odJG4::web::royalmagazine.com.br::email::messages::id1Tj80kYMaI::anti::spam::reports::true>
X-DISTRIBUIDORA-ADMIN-MAIL	<QKhrmR933RYEu25TInOu3M3CI6CalJOXyvcdJNC1j0::web::system::secure::email::anti::spam::reports::true>
X-DISTRIBUIDORA-SUCESS-MESSAGES-ID	<BHH0KhnqCpQ2H355AqtMhKW8aBYdRYhafN8TqTgCdg::web::auth::email::messages::idhtH65gw8Iw::anti::spam::reports::true>
X-Exabytes-ID-Jp	7520644375
X-ExabytesID-Us	701581148201
X-ExabytesID-Uk	384133787730
X-ExabytesID-Id	988292263
X-ExabytesID-Tw	951502731
X-ExabytesID-Cn	6286592
X-ExabytesID-De	05710973
X-ExabytesID-Nl	5276537
X-ExabytesID-Au	7908660042
X-ExabytesID-Sg	96970388
X-ExabytesID-Rcpt-Hash	<9B0F513A7816E4F646A28447416C59A1@MSN.COM>
X-PVIQ	<000132-000343-20384-827463-000000>
X-CM-MessageId	<20384-827463>
X-ID-Tracking	<path::browser::false>
X-RCPT-SOURCE	<https://www.royalmagazine.com.br/subscription?fbclid=IwAR2BaY3OsFso7z0PFAMQGLrMmfJFdPnhMfClsMrrUiLgHZmcMLqzZnD0L8c>
From	"Account Support Robinh..." <jk@royalmagazine.com.br>
Sender	jk@royalmagazine.com.br
Subject	Important notice: Your Robinhood Account is Currently Restricted.
To	customer@wm3.robinhood.com
Message-ID	<0297696215542.525166765731456.8347490989.264821515043@royalmagazine.com.br>
Date	Sat, 14 Dec 2024 14:02:30 +0000
X-Mailer	Amazon WorkMail
Disposition-Notification-To	<ql@royalmagazine.com.br>
Feedback-ID	::1.us-east-1.9TFnKlCnRvkWPdt9cNuDvk8ja+z5xFxabmLHVnERtk=:DISTRIBUIDORA
X-Return-Path	9632341113
X-CONTENT-MOBILE-AUTH-Uk	059172635147
X-CONTENT-MOBILE-AUTH-Id	306040481
X-CONTENT-MOBILE-AUTH-Tw	59362711
X-CONTENT-MOBILE-AUTH-Cn	9197824
X-CONTENT-MOBILE-AUTH-De	325949316
X-CONTENT-MOBILE-AUTH-Nl	120313179
X-CONTENT-MOBILE-AUTH-Au	66327020472
X-CONTENT-MOBILE-AUTH-Sg	8690116
X-Report-Abuse	You can also report abuse here: http://royalmagazine.com.br/contact/abuse?id=31088735.8E66E56B8BD9B848A2F48AE18442E34B
X-Csa-Complaints	whitelist-complaints@eco.de
X-CONTENT-MOBILE-WIDTH	<OxkwI8jt0PVbEL9GI3CI6oG0flFHhIezRgXFd5p0Ckc::mobile::device::optimal>
X-CONTENT-MOBILE-AUTH	<authsettings::lXazuGoxwloipcttXQQ27YFaS5qx9SGRcDZSH2AjAQ::system::3fR>
X-CONTENT-MOBILE-TYPE	<authportalCONTENT-MOBILE-AUTH::juno::system::MqjJ14Kgxy>
X-RCPT-AUTH	<kccuMZTbT5lmI2wteLan38Fdk65DIB5pyZorTMDHX0::simple:authenticate:system::on>
Content-Type	multipart/mixed; boundary="inmixQDLmXMxWgPJQT4GfD2MKgFzq1rIJJeTPwzKqbT6fZgI"
X-IncomingHeaderCount	58
X-MS-Exchange-Organization-ExpirationStartTime	14 Dec 2024 14:02:32.0902 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	6aa99f33-a5ed-477e-92f2-08dd1c47f426
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-PublicTrafficType	Email
X-MS-TrafficTypeDiagnostic	BN1PEPF00004688:EE_\|BY3PR13MB4868:EE_\|DM6PR13MB2251:EE_
X-MS-Exchange-Organization-AuthSource	BN1PEPF00004688.namprd05.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-UserLastLogonTime	12/14/2024 2:01:07 PM
X-MS-Office365-Filtering-Correlation-Id	6aa99f33-a5ed-477e-92f2-08dd1c47f426
X-MS-Exchange-EOPDirect	true
X-Sender-IP	209.85.218.104
X-SID-PRA	JK@ROYALMAGAZINE.COM.BR
X-SID-Result	PASS
X-MS-Exchange-Organization-SCL	1
X-Microsoft-Antispam	BCL:0;ARA:1444111002\|7402599021\|9800799012\|9020799016\|69000799015\|461199028\|6092099012\|51300799018\|2700799026\|87000799015\|20103052901057\|20103052903057\|39102599003\|13020799006\|9000799050\|12002599018\|58200799018\|970799057\|5082599009\|1680799054\|9400799030\|10300799035\|20103052904057\|20103052914048\|440099028\|3412199025\|4302099013\|940799032\|1360799030\|1380799030\|1370799030\|56899033\|17101999012\|1602099012;
X-MS-Exchange-CrossTenant-OriginalArrivalTime	14 Dec 2024 14:02:32.0590 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id	6aa99f33-a5ed-477e-92f2-08dd1c47f426
X-MS-Exchange-CrossTenant-Id	84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource	BN1PEPF00004688.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg	00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped	BY3PR13MB4868
X-MS-Exchange-Transport-EndToEndLatency	00:00:02.1922812
X-MS-Exchange-Processed-By-BccFoldering	15.20.8207.007
X-Microsoft-Antispam-Mailbox-Delivery	ucf:0;jmr:0;ex:0;auth:1;dest:I;ENG:(5062000308)(920221119095)(90000117)(920221120095)(90005022)(91005020)(91035115)(9050020)(9100341)(944500132)(2008001181)(2008121020)(4810010)(4910033)(9575002)(10195002)(9320005)(120001);
X-Message-Delivery	Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0xO1NDTD0z
X-Microsoft-Antispam-Message-Info	M9/cLFOcwH8VyvnqwGY2TWVMdE7rmh9B5KDIf91uUQgsFqQv/ulsDOtENtcaRT1p1zH8Q8pBJA1n2kBzwoVIWPFdDHVkd16ZTvRNMRvoaXAdhiVQ1tRBr2lEm4Vx76e08JNWnvBiXpg1OP9373kDDXiidvwCQmYHIBq3WafezKBkp5vkcO3FhL9Jx8NdYev1ZmhVIIUcp+IKCg/kAhHdS32bc6f9TRPuTEDav0Dz9TwSDJkU/nHmBj+FJzOW/Drv6VS2kbgL9kpvnILyq/N7nu4tfBzu7eyuXLt0pJpp6rDpi9En27AiCEHNnRE4pVfdmahKnRMfEZOXec5YCqN0W+465xVT+BBNSr1ZBlBE5VmFYCS73sUPYXjkrIo3p5xfgloJ/3LG+eu74BjYayo/ebzADSK7lAonJ4XC1c+xM4bYRou27QC7013Qeh8AuhGp7qWIA0GxUjMPPxbNawq2fUaJsK0j70K4KFJq0N5NQi6gqCI91tV8wlgU3KnzJN8EgIYATekd2jI3jEFAPIEPDEsthZcVveOVjNNPoE3PAVUHyzpLDT7AcHs0NdNfGBWM+H1Jsk0do4HLNuQecBfJC9AfGhROTR8eO6kbliiOhonRDyw3IoZknpOkFQ48l0i2CkAwS2BFn4/0d6Ro9houxj2g7ddFf7HHKFjS6uH9TcLlWBUjCH4cluYzmKEjMtfC0vpoJgFEsdE5swNVVeHY9WxSM41/BZlnTNPmn9oxTlCjybRAGBLQNNw04lVc05cKJ50hsF6OnN7lFKJ/Xn6xX388Wyiz3G8xwm+Map//nW2FcpWuL9bQCbfMn9sN6NEvZGP9j3ZOUAIpc9GymUysbTw13dBmo804DiUYbiFwWGtP09W/7VSyke506A/yz+5b3WZsdOBD+sKozU60hSXh4B0qkx6BX3zL/vf62xDyb+0SIndINl7ETCThy6fGbI25X1TDhTUO/BI08sR/NtFCZSANPwufI/YkH9dsh6SMmphIQoD5g+szNWhBooMsJoRj9R9Qyg9GJlo3b5JdJVG5GUuL6EC0JdVmEbjIqxUgyIvs4vUNXvvINWuSu3Xsb/D7tlOkN6ZWGRNSjOFhN5oIfzVGCecDFwL9tIlU0TL9gevNjyztFTLpYYQEeMU/9rT2gGC7Oa+RUMiPyh2d7BSKcnbjR08WiSDz2xivhV52QHOf7gnssu4PirftAUoBLYJuGDywHuI4gXZQR0UptBh1VbVkPwPGRCrYVsyJKBkYqpSd9wvrhMGt/t3MMNc91fFE9Z18jVCyNdGCdGisZt1ZCJtqmJxDOpQP4zdJrFN8qVRci5zPmIe8zuFyxsnzwr+T+qxzDucv/71iC8fl0bdjjU4T57wH6B1+WPkUFPa1dPCUpwWu3Z8Qa9td3x0i+G0kqB50ot19yS41b3IHT8dWgHJO72S84m/n9/gHZUHd9cNEpnu2ZIybZMdFFp+IjUydpVbS9HkZP9V4n71Mc5M8tEzHtfTBk4WoNF6rmJdOM8LhakSr/XOlR7grYGrgJLF7nQP9YquPJ4XpcB4MWjfh8ZXXpnQaRjRG97qZeX1pZqounvqiXO5NnogymXCVbcwwfDOKlqjh0C6xODm+ZCfJ04Ncfl54AXS8fAlJTj3exNLs6mWeZugG+f3yto7Y4ZmgoC3enkhN/ahWE7/Bbl3KKnA6hpY9CU9tFi10iQ+za2jERPoSbhFbWNuQNHQvUzYE4kKrgpjyKhZJnFZ11hYxFvfTqGkEfWnPZhhox+Y3REJ3bku+oDjHGRbVdAXn22wvaSLz2h3Z1r/lP5I2SXsTvQT/MU6eRZ5flOgyenwxXYy/zMfd1c8qZqXQbmsHqDpr8hSNpoT7mLGsvDi6gxfrTn2NKpQvBQx/JsJ40Esumb7cwekMBYwmy++gMkNbjIVraOoADKf+pU8fy4cuMllRaSU3f/DkkzTFyRSu5QmWfUTp8S4PEKwQeFQ5f9BOqjEIVnYazuCr5VYv8ysDGWBINraEVeJSypjk1uVi1Q1q4d/+9eLKj86pXA5tUEcfVygUqwsS38+4rhdG+U/G0RL6BHcBEWvrr8X9mVLxEYK029i+KX2fPryVWHtUxuwLwSm5v801d26Y+uaWKrYSS0arIRk6WwR1DdKimsDzb1cDOOc=
MIME-Version	1.0

File Icon


Icon Hash:	46070c0a8e0c67d6

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 4, 2025 03:59:12.536205053 CET	49677	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:12.536221981 CET	49678	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:12.536222935 CET	49676	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:27.752944946 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:27.752995968 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:27.753089905 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:27.753350019 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:27.753364086 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:27.753767014 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:27.753799915 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:27.753866911 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:27.754084110 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:27.754095078 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:27.876791000 CET	49675	443	192.168.2.17	204.79.197.203
Jan 4, 2025 03:59:28.180233002 CET	49675	443	192.168.2.17	204.79.197.203
Jan 4, 2025 03:59:28.264566898 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.269040108 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.276868105 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.276890039 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.277378082 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.277400017 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.277962923 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.278026104 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.278476000 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.278548956 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.279299021 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.279377937 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.279381990 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.279453039 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.279670000 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.279680967 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.331554890 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.331641912 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.331665039 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.377238035 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.448806047 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.449426889 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.449472904 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.449498892 CET	443	49715	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.449511051 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.449585915 CET	49715	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.485414982 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.531338930 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.601025105 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.601212025 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.601332903 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.601737976 CET	49716	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:28.601754904 CET	443	49716	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:28.791235924 CET	49675	443	192.168.2.17	204.79.197.203
Jan 4, 2025 03:59:29.998231888 CET	49675	443	192.168.2.17	204.79.197.203
Jan 4, 2025 03:59:32.028532028 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:32.028573036 CET	443	49720	142.250.186.132	192.168.2.17
Jan 4, 2025 03:59:32.028800011 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:32.028867006 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:32.028873920 CET	443	49720	142.250.186.132	192.168.2.17
Jan 4, 2025 03:59:32.036545992 CET	49680	443	192.168.2.17	20.189.173.13
Jan 4, 2025 03:59:32.339250088 CET	49680	443	192.168.2.17	20.189.173.13
Jan 4, 2025 03:59:32.403250933 CET	49675	443	192.168.2.17	204.79.197.203
Jan 4, 2025 03:59:32.683835983 CET	443	49720	142.250.186.132	192.168.2.17
Jan 4, 2025 03:59:32.684380054 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:32.684391975 CET	443	49720	142.250.186.132	192.168.2.17
Jan 4, 2025 03:59:32.685416937 CET	443	49720	142.250.186.132	192.168.2.17
Jan 4, 2025 03:59:32.685487986 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:32.686638117 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:32.686707020 CET	443	49720	142.250.186.132	192.168.2.17
Jan 4, 2025 03:59:32.738259077 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:32.738266945 CET	443	49720	142.250.186.132	192.168.2.17
Jan 4, 2025 03:59:32.786238909 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:32.945266008 CET	49680	443	192.168.2.17	20.189.173.13
Jan 4, 2025 03:59:34.159255028 CET	49680	443	192.168.2.17	20.189.173.13
Jan 4, 2025 03:59:35.755362034 CET	49721	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:35.755410910 CET	443	49721	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:35.755505085 CET	49721	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:35.755753040 CET	49721	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:35.755767107 CET	443	49721	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:35.756583929 CET	49722	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:35.756634951 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:35.756851912 CET	49722	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:35.757060051 CET	49722	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:35.757077932 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.243607998 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.243968964 CET	49722	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:36.243999958 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.244307995 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.244611025 CET	49722	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:36.244673967 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.244770050 CET	49722	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:36.262789965 CET	443	49721	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.271073103 CET	49721	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:36.271101952 CET	443	49721	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.271459103 CET	443	49721	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.272368908 CET	49721	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:36.272434950 CET	443	49721	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.291338921 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.318456888 CET	49721	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:36.416961908 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.417133093 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.417891026 CET	49722	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:36.417943954 CET	443	49722	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:36.418051958 CET	49722	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:36.418068886 CET	49722	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:36.570307970 CET	49680	443	192.168.2.17	20.189.173.13
Jan 4, 2025 03:59:37.206464052 CET	49675	443	192.168.2.17	204.79.197.203
Jan 4, 2025 03:59:39.918080091 CET	49721	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:39.918124914 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:39.918215036 CET	443	49721	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:39.918216944 CET	443	49720	142.250.186.132	192.168.2.17
Jan 4, 2025 03:59:39.918283939 CET	49720	443	192.168.2.17	142.250.186.132
Jan 4, 2025 03:59:39.918311119 CET	49721	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:40.498307943 CET	49682	80	192.168.2.17	192.229.211.108
Jan 4, 2025 03:59:40.799624920 CET	49682	80	192.168.2.17	192.229.211.108
Jan 4, 2025 03:59:41.376748085 CET	49680	443	192.168.2.17	20.189.173.13
Jan 4, 2025 03:59:41.408365011 CET	49682	80	192.168.2.17	192.229.211.108
Jan 4, 2025 03:59:42.614303112 CET	49682	80	192.168.2.17	192.229.211.108
Jan 4, 2025 03:59:45.027354956 CET	49682	80	192.168.2.17	192.229.211.108
Jan 4, 2025 03:59:45.604342937 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:45.604393959 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:45.604475975 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:45.604708910 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:45.604733944 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:45.605249882 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:45.605298042 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:45.605371952 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:45.605551004 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:45.605565071 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.104660988 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.104896069 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.104924917 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.105820894 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.105900049 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.115979910 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.116090059 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.116321087 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.116333008 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.170335054 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.191507101 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.191735983 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.191766024 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.192812920 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.192882061 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.193229914 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.193299055 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.234329939 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.234361887 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.278096914 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.278431892 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.278496027 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.279074907 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.279095888 CET	443	49729	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.279109001 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.279143095 CET	49729	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.282322884 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.312592983 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.359340906 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.425086021 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.425231934 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.425331116 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.425796032 CET	49728	443	192.168.2.17	158.106.129.107
Jan 4, 2025 03:59:46.425818920 CET	443	49728	158.106.129.107	192.168.2.17
Jan 4, 2025 03:59:46.810389996 CET	49675	443	192.168.2.17	204.79.197.203
Jan 4, 2025 03:59:49.840354919 CET	49682	80	192.168.2.17	192.229.211.108
Jan 4, 2025 03:59:50.025080919 CET	49730	443	192.168.2.17	172.217.16.196
Jan 4, 2025 03:59:50.025129080 CET	443	49730	172.217.16.196	192.168.2.17
Jan 4, 2025 03:59:50.025211096 CET	49730	443	192.168.2.17	172.217.16.196
Jan 4, 2025 03:59:50.025449038 CET	49730	443	192.168.2.17	172.217.16.196
Jan 4, 2025 03:59:50.025460005 CET	443	49730	172.217.16.196	192.168.2.17
Jan 4, 2025 03:59:50.473628998 CET	49730	443	192.168.2.17	172.217.16.196
Jan 4, 2025 03:59:50.515338898 CET	443	49730	172.217.16.196	192.168.2.17
Jan 4, 2025 03:59:50.672111988 CET	443	49730	172.217.16.196	192.168.2.17
Jan 4, 2025 03:59:50.672190905 CET	49730	443	192.168.2.17	172.217.16.196
Jan 4, 2025 03:59:50.989383936 CET	49680	443	192.168.2.17	20.189.173.13
Jan 4, 2025 03:59:53.474332094 CET	49691	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:53.479197979 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.572577000 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.572674036 CET	49691	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:53.574023008 CET	49691	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:53.574218035 CET	49691	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:53.574512959 CET	49691	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:53.574635029 CET	49691	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:53.578802109 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.578959942 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.579129934 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.579289913 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.579423904 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.669434071 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.669532061 CET	49691	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:53.669622898 CET	49691	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:53.674367905 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.764998913 CET	443	49691	204.79.197.200	192.168.2.17
Jan 4, 2025 03:59:53.765080929 CET	49691	443	192.168.2.17	204.79.197.200
Jan 4, 2025 03:59:59.448395014 CET	49682	80	192.168.2.17	192.229.211.108
Jan 4, 2025 03:59:59.671638012 CET	49699	80	192.168.2.17	199.232.214.172
Jan 4, 2025 03:59:59.676738024 CET	80	49699	199.232.214.172	192.168.2.17
Jan 4, 2025 03:59:59.676822901 CET	49699	80	192.168.2.17	199.232.214.172

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 4, 2025 03:59:27.200354099 CET	53	59286	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:27.278561115 CET	49602	53	192.168.2.17	1.1.1.1
Jan 4, 2025 03:59:27.278698921 CET	59757	53	192.168.2.17	1.1.1.1
Jan 4, 2025 03:59:27.289252043 CET	53	50610	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:27.716609001 CET	53	49602	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:27.752314091 CET	53	59757	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:28.368526936 CET	53	53201	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:32.021049023 CET	62957	53	192.168.2.17	1.1.1.1
Jan 4, 2025 03:59:32.021226883 CET	49474	53	192.168.2.17	1.1.1.1
Jan 4, 2025 03:59:32.027642965 CET	53	62957	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:32.027709961 CET	53	49474	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:45.163949966 CET	64483	53	192.168.2.17	1.1.1.1
Jan 4, 2025 03:59:45.164160013 CET	58842	53	192.168.2.17	1.1.1.1
Jan 4, 2025 03:59:45.186599016 CET	53	52823	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:45.191502094 CET	53	56948	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:45.603600025 CET	53	58842	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:45.603791952 CET	53	64483	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:46.239495039 CET	53	52541	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:50.017270088 CET	58474	53	192.168.2.17	1.1.1.1
Jan 4, 2025 03:59:50.017412901 CET	58676	53	192.168.2.17	1.1.1.1
Jan 4, 2025 03:59:50.024024963 CET	53	58676	1.1.1.1	192.168.2.17
Jan 4, 2025 03:59:50.024081945 CET	53	58474	1.1.1.1	192.168.2.17

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 4, 2025 03:59:27.278561115 CET	192.168.2.17	1.1.1.1	0xcb0e	Standard query (0)	royalmagazine.com.br	A (IP address)	IN (0x0001)	false
Jan 4, 2025 03:59:27.278698921 CET	192.168.2.17	1.1.1.1	0xd584	Standard query (0)	royalmagazine.com.br	65	IN (0x0001)	false
Jan 4, 2025 03:59:32.021049023 CET	192.168.2.17	1.1.1.1	0x648e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 4, 2025 03:59:32.021226883 CET	192.168.2.17	1.1.1.1	0xb4f0	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 4, 2025 03:59:45.163949966 CET	192.168.2.17	1.1.1.1	0x3e9a	Standard query (0)	royalmagazine.com.br	A (IP address)	IN (0x0001)	false
Jan 4, 2025 03:59:45.164160013 CET	192.168.2.17	1.1.1.1	0x36c7	Standard query (0)	royalmagazine.com.br	65	IN (0x0001)	false
Jan 4, 2025 03:59:50.017270088 CET	192.168.2.17	1.1.1.1	0xa796	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 4, 2025 03:59:50.017412901 CET	192.168.2.17	1.1.1.1	0x4beb	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jan 4, 2025 03:59:27.716609001 CET	1.1.1.1	192.168.2.17	0xcb0e	No error (0)	royalmagazine.com.br	158.106.129.107	A (IP address)	IN (0x0001)	false
Jan 4, 2025 03:59:32.027642965 CET	1.1.1.1	192.168.2.17	0x648e	No error (0)	www.google.com	142.250.186.132	A (IP address)	IN (0x0001)	false
Jan 4, 2025 03:59:32.027709961 CET	1.1.1.1	192.168.2.17	0xb4f0	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 4, 2025 03:59:45.603791952 CET	1.1.1.1	192.168.2.17	0x3e9a	No error (0)	royalmagazine.com.br	158.106.129.107	A (IP address)	IN (0x0001)	false
Jan 4, 2025 03:59:50.024024963 CET	1.1.1.1	192.168.2.17	0x4beb	No error (0)	www.google.com		65	IN (0x0001)	false
Jan 4, 2025 03:59:50.024081945 CET	1.1.1.1	192.168.2.17	0xa796	No error (0)	www.google.com	172.217.16.196	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

royalmagazine.com.br

https:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	49715	158.106.129.107	443	4192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-04 02:59:28 UTC	736	OUT	GET /ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 HTTP/1.1 Host: royalmagazine.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-04 02:59:28 UTC	331	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 0 date: Sat, 04 Jan 2025 02:59:28 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.17	49716	158.106.129.107	443	4192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-04 02:59:28 UTC	669	OUT	GET /favicon.ico HTTP/1.1 Host: royalmagazine.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-04 02:59:28 UTC	416	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Sat, 04 Jan 2025 02:59:28 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-01-04 02:59:28 UTC	952	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
2025-01-04 02:59:28 UTC	299	IN	Data Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.17	49722	158.106.129.107	443	4192	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-04 02:59:36 UTC	762	OUT	GET /ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 HTTP/1.1 Host: royalmagazine.com.br Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-04 02:59:36 UTC	331	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 0 date: Sat, 04 Jan 2025 02:59:36 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.17	49729	158.106.129.107	443	7640	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-04 02:59:46 UTC	736	OUT	GET /ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 HTTP/1.1 Host: royalmagazine.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-04 02:59:46 UTC	331	IN	HTTP/1.1 200 OK Connection: close content-type: text/html; charset=UTF-8 content-length: 0 date: Sat, 04 Jan 2025 02:59:46 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.17	49728	158.106.129.107	443	7640	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-04 02:59:46 UTC	669	OUT	GET /favicon.ico HTTP/1.1 Host: royalmagazine.com.br Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-04 02:59:46 UTC	416	IN	HTTP/1.1 404 Not Found Connection: close cache-control: private, no-cache, no-store, must-revalidate, max-age=0 pragma: no-cache content-type: text/html content-length: 1251 date: Sat, 04 Jan 2025 02:59:46 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2025-01-04 02:59:46 UTC	952	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</sty
2025-01-04 02:59:46 UTC	299	IN	Data Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content

Target ID:	0
Start time:	21:59:13
Start date:	03/01/2025
Path:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phishingemail.eml"
Imagebase:	0x950000
File size:	34'446'744 bytes
MD5 hash:	91A5292942864110ED734005B7E005C0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	21:59:15
Start date:	03/01/2025
Path:	C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1DAD4889-39FD-4D81-8A25-F437DFB5EC8D" "A86618B2-E54F-49BC-88B1-9360EFEB5959" "6264" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Imagebase:	0x7ff72b3a0000
File size:	710'048 bytes
MD5 hash:	EC652BEDD90E089D9406AFED89A8A8BD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	21:59:26
Start date:	03/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	21:59:26
Start date:	03/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1972,i,8520123778435995892,7942582137012361327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	21:59:44
Start date:	03/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://royalmagazine.com.br/ss/c/user=9148807792&trackingid=saezk6YLBSmf0PIS3wXweGrm6Gn8membXPBiMFFl0
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	21:59:44
Start date:	03/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1820,i,2371947540312049649,9044992565933829060,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7d6f10000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	22:00:02
Start date:	03/01/2025
Path:	C:\Windows\System32\OpenWith.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\OpenWith.exe -Embedding
Imagebase:	0x7ff70b940000
File size:	123'984 bytes
MD5 hash:	E4A834784FA08C17D47A1E72429C5109
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report phishingemail.eml

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Phishing

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250103T2159130781-6264.etl

C:\Users\user\AppData\Local\Temp\msoB07E.tmp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Static File Info

General

Static Mail

General

Headers

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
phishingemail.eml