Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
message__51fa7b20_1571_b6cf_e82f_a6f0e2bfa4a2_jamestraversgarage_ie_.eml

Overview

General Information

Sample name:message__51fa7b20_1571_b6cf_e82f_a6f0e2bfa4a2_jamestraversgarage_ie_.eml
Analysis ID:1586574
MD5:b9437d0aa78ce2870fd13432d1c639ab
SHA1:72bd64a8bffe654b1708b405758bf88e70ec7c3d
SHA256:d5c2d886ce8d16c20aaa464e7ca877d88c8b1ecf586630195affeebfc13afa4d
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Email provider (Gateway / MTA) detected MSG / EML as spam/phishing/malware
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6980 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\message__51fa7b20_1571_b6cf_e82f_a6f0e2bfa4a2_jamestraversgarage_ie_.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6408 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "41D6A3AB-1199-452E-AA3A-DAA2D2998674" "39E8F1D0-73FD-4225-BCE9-BEC1507FB42B" "6980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/ygvq5.sa.com/cloud/services/protection/YW5keS5zbWlsbGllQHF1aWx0ZXJjaGV2aW90LmNvbQ==__;!!MxXmjrCc_Bbh!Du5Oc1X6ZLjMnv8WzQpCnXxxa64ALKjDe81Om-AhELMCt8kqPuXanAgCHfT49gx6v98ridi7BDrdyqFfGBHzje5xd-a2hc7T$ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 5928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,7623422884831537916,6129482424313204408,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 8072 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/ygvq5.sa.com/cloud/services/protection/YW5keS5zbWlsbGllQHF1aWx0ZXJjaGV2aW90LmNvbQ==__;!!MxXmjrCc_Bbh!Du5Oc1X6ZLjMnv8WzQpCnXxxa64ALKjDe81Om-AhELMCt8kqPuXanAgCHfT49gx6v98ridi7BDrdyqFfGBHzje5xd-a2hc7T$ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 4396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1968,i,11235439834557335264,6025842519422135840,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6980, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Email contains prominent button: 'click here to view details'
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: The sender email domain (jamestraversgarage.ie) doesn't match the claimed Quiltercheviot organization. The email contains repetitive content that appears to be artificially duplicated. Contains suspicious encoded URL with urldefense redirect attempting to mask the actual destination
Email provider (Gateway / MTA) detected MSG / EML as spam/phishing/malware
Source: message__51fa7b20_1571_b6cf_e82f_a6f0e2bfa4a2_jamestraversgarage_ie_.emlEmail attachment header: X-Proofpoint-Spam-Details: rule=inbound_phish policy=inbound score=100 mlxscore=0 lowpriorityscore=0 mlxlogscore=601 malwarescore=0 unsafescore=20 phishscore=100 bulkscore=0 unknownsenderscore=20 suspectscore=0 spamscore=0 snscore=27 clxscore=353 priorityscore=90 adultscore=0 impostorscore=0 classifier=phish adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501090014 domainage_hfrom=4732
Source: EmailClassification: Credential Stealer
Source: unknownHTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 30MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.72
Source: global trafficDNS traffic detected: DNS query: urldefense.com
Source: global trafficDNS traffic detected: DNS query: ygvq5.sa.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: classification engineClassification label: mal52.winEML@32/10@39/139
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250109T0427500940-6980.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\message__51fa7b20_1571_b6cf_e82f_a6f0e2bfa4a2_jamestraversgarage_ie_.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "41D6A3AB-1199-452E-AA3A-DAA2D2998674" "39E8F1D0-73FD-4225-BCE9-BEC1507FB42B" "6980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/ygvq5.sa.com/cloud/services/protection/YW5keS5zbWlsbGllQHF1aWx0ZXJjaGV2aW90LmNvbQ==__;!!MxXmjrCc_Bbh!Du5Oc1X6ZLjMnv8WzQpCnXxxa64ALKjDe81Om-AhELMCt8kqPuXanAgCHfT49gx6v98ridi7BDrdyqFfGBHzje5xd-a2hc7T$
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,7623422884831537916,6129482424313204408,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "41D6A3AB-1199-452E-AA3A-DAA2D2998674" "39E8F1D0-73FD-4225-BCE9-BEC1507FB42B" "6980" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/ygvq5.sa.com/cloud/services/protection/YW5keS5zbWlsbGllQHF1aWx0ZXJjaGV2aW90LmNvbQ==__;!!MxXmjrCc_Bbh!Du5Oc1X6ZLjMnv8WzQpCnXxxa64ALKjDe81Om-AhELMCt8kqPuXanAgCHfT49gx6v98ridi7BDrdyqFfGBHzje5xd-a2hc7T$
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1980,i,7623422884831537916,6129482424313204408,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/ygvq5.sa.com/cloud/services/protection/YW5keS5zbWlsbGllQHF1aWx0ZXJjaGV2aW90LmNvbQ==__;!!MxXmjrCc_Bbh!Du5Oc1X6ZLjMnv8WzQpCnXxxa64ALKjDe81Om-AhELMCt8kqPuXanAgCHfT49gx6v98ridi7BDrdyqFfGBHzje5xd-a2hc7T$
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1968,i,11235439834557335264,6025842519422135840,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://urldefense.com/v3/__https:/ygvq5.sa.com/cloud/services/protection/YW5keS5zbWlsbGllQHF1aWx0ZXJjaGV2aW90LmNvbQ==__;!!MxXmjrCc_Bbh!Du5Oc1X6ZLjMnv8WzQpCnXxxa64ALKjDe81Om-AhELMCt8kqPuXanAgCHfT49gx6v98ridi7BDrdyqFfGBHzje5xd-a2hc7T$
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1968,i,11235439834557335264,6025842519422135840,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.185.174
truefalse
    		high
    urldefense.com
    		52.204.90.22
    		truefalse
      		high
      www.google.com
      		142.250.185.132
      		truefalse
        		high
        ygvq5.sa.com
        		unknown
        		unknownfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          52.113.194.132
          		unknownUnited States
          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          142.250.186.67
          		unknownUnited States
          		15169GOOGLEUSfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          142.250.186.174
          		unknownUnited States
          		15169GOOGLEUSfalse
          142.250.185.132
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          20.189.173.23
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          8.8.8.8
          		unknownUnited States
          		15169GOOGLEUSfalse
          52.109.68.129
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          2.19.126.151
          		unknownEuropean Union
          		16625AKAMAI-ASUSfalse
          142.250.185.174
          		google.comUnited States
          		15169GOOGLEUSfalse
          142.250.185.131
          		unknownUnited States
          		15169GOOGLEUSfalse
          52.204.90.22
          		urldefense.comUnited States
          		14618AMAZON-AESUSfalse
          64.233.184.84
          		unknownUnited States
          		15169GOOGLEUSfalse
          23.56.254.164
          		unknownUnited States
          		42961GPRS-ASZAINKWfalse

          Private

          IP
          192.168.2.16

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1586574
          Start date and time:2025-01-09 10:27:20 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:18
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample name:message__51fa7b20_1571_b6cf_e82f_a6f0e2bfa4a2_jamestraversgarage_ie_.eml
          Detection:MAL
          Classification:mal52.winEML@32/10@39/139
          Cookbook Comments:
          • Found application associated with file extension: .eml

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.113.194.132, 199.232.210.172, 23.56.254.164, 52.109.68.129, 2.19.126.151, 2.19.126.160, 142.250.186.67, 142.250.185.174, 64.233.184.84
          • Excluded domains from analysis (whitelisted): omex.cdn.office.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, redirector.gvt1.com, login.live.com, e16604.g.akamaiedge.net, frc-azsc-000.roaming.officeapps.live.com, prod.fs.microsoft.com.akadns.net, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, accounts.google.com, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, clients.l.google.com, omex.cdn.office.net.akamaized.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtQueryAttributesFile calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • VT rate limit hit for: ygvq5.sa.com

          Created / dropped Files

          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250109T0427500940-6980.etl

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:modified
          Size (bytes):102400
          Entropy (8bit):4.501658350718224
          Encrypted:false
          SSDEEP:
          MD5:54D5AB09BDB229D41B1AEC60FBAE7B6B
          SHA1:83A97A49D1E34C0CA30D4331CE67FED239227B8C
          SHA-256:83F635CD6CFB41ECB0212932976F0042535851397CE509C5581BAAED0F0C2337
          SHA-512:DB6C52D8989346C6B691D6C1528C845D4382B1EA28A8F9BC1F90B47A184781E7E74D22EBB5C3C6494FD5C5DAF6E61962E6A74DA41836B51D063F34E7CF85690E
          Malicious:false
          Reputation:unknown
          Preview:............................................................................`...H...D...n;..xb..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y..........n;..xb..........v.2._.O.U.T.L.O.O.K.:.1.b.4.4.:.e.b.9.2.9.2.b.d.e.2.a.7.4.3.f.3.8.9.3.3.8.4.b.5.e.d.2.a.0.9.8.0...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.1.0.9.T.0.4.2.7.5.0.0.9.4.0.-.6.9.8.0...e.t.l.......P.P.H...D...n;..xb..........................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 08:28:00 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2673
          Entropy (8bit):3.9874245852928136
          Encrypted:false
          SSDEEP:
          MD5:5B8C0B4590036C9B5887803367F66B7E
          SHA1:B5615C84756244AB0BBC971449E9BA094BF39699
          SHA-256:4698C993600FEDA4967123148DBCBB6D4F56B6EFC1948B2E5F84A8505FBB0771
          SHA-512:B7639658AD666CC25D24E339A6A2FEA2CF0E2A7356EEDE622E3ED0B1840880B6708B3C6C74E16AD5DEB6D69319098E8021780A616C6419EC85615E0F865E6131
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....W.xb..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)ZqK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z}K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z}K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z}K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............15W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 08:27:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2675
          Entropy (8bit):4.001980979886265
          Encrypted:false
          SSDEEP:
          MD5:907D6C013C2578AD1454BC54D2197F7A
          SHA1:70E2B23E4D08BBF65D913DBAEFA49E82A0A26450
          SHA-256:114CEDA7B760DEEA93F86AC78B18236ED9D0C1FD1BE135BACDD55DC7C56F86AF
          SHA-512:6FCEA8516043F0ADDDA7B9BB78F360BD62231F0A0BA0A4553B292B68A20F4820035D07A78396633DFF16FB0C0CA131B1D6E450E8DD1D2172DC68995834DC8B09
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....PK.xb..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)ZqK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z}K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z}K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z}K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............15W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2689
          Entropy (8bit):4.010828633387768
          Encrypted:false
          SSDEEP:
          MD5:B33CF823D646ADF735EF47C5CA91DBF7
          SHA1:F32EEA89BAAE507A288D06DC0BA411F7E2A139C5
          SHA-256:B90C86120168A058C92AA19047051FF3F9C581136C844FE7A1D8753423539E54
          SHA-512:65C4351CE3A43ABCA6C055120DD8AF56C399ECCACF14D76FFAD1E2F84C095BB7B5B50FC41E8793A920D0898FCD4CD129D7EE777565FB71E03EBBA1758FA690BE
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)ZqK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z}K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z}K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z}K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............15W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 08:27:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.999079836012218
          Encrypted:false
          SSDEEP:
          MD5:65CDF94C074C8C2986FF9AA585B0E9B3
          SHA1:4F865E82D4356C31C27F9942E2BF057989E67233
          SHA-256:444B002B8E71B160AFB458A192D4A37B06C0FB1E2DCB8A02B33C85CDDAC2C0F1
          SHA-512:B4F5028EDCDD39FCDCF15704B26FF40BA568B8DA73E8A5CFD9B5D658107E2BAF60C768FC9213886714712154331E80EB7214A4EAB1DA11FC51B27773DA6567B2
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....E.E.xb..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)ZqK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z}K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z}K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z}K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............15W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 08:28:00 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.988768449194116
          Encrypted:false
          SSDEEP:
          MD5:733956C96B378A421E3FE2C05775B3EB
          SHA1:2E47B94FBBAC31A8B2BE76F69B2708DB142D6146
          SHA-256:1E15060BF7E52C0E401D0B498899612B2AAA594E7BABF937358B1601768648DC
          SHA-512:4333410AF6215EE42A6FA1993EF686FEE28624FA0236B472ECE2164E8214D0B2636E964C8EDD3056B932B07655795E6EC73014F8A9613D9166F8386C446D975B
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....~.Q.xb..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)ZqK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z}K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z}K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z}K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............15W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 08:27:59 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.99619716055545
          Encrypted:false
          SSDEEP:
          MD5:585707C937C37A801861B4C0666A635A
          SHA1:FAF6F8988EA40F3905CB044EBB5386E5F63BF32A
          SHA-256:EF483A0C1C18EDCB52F425A5296870220177FDE1A476D09223A912978115E9AA
          SHA-512:613AED2ECA4C6A96E446207C5971E5C0905FBFD04ECC8F1EEFB416270561AD84EA8BB372E0C1AE4FD6AA48951954B6937A1E865A0FD62D42B0300F610806D28C
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,......0.xb..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)ZqK....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z}K....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z}K....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z}K..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z.K...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............15W.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:Microsoft Outlook email folder (>=2003)
          Category:dropped
          Size (bytes):271360
          Entropy (8bit):2.4604493606657627
          Encrypted:false
          SSDEEP:
          MD5:07B34DBD80091583D1A43200D7EE97D5
          SHA1:EE53D9F9548D02B6B67464D688E58A6C90668610
          SHA-256:28E4F8DAB9EDE790386A5EC98868BCCB2FC7384DB6504F2D0CFB34B6C4929F72
          SHA-512:C2B3E3CDE0BF05736E6D2F44F177F348097646F4BB2A885DDE2EC9B573698881E9FAE139C2D57F38394547352645F66665B8C00652D3179827F4DE7F1E692485
          Malicious:true
          Reputation:unknown
          Preview:!BDN...SM......\...............>.......`................@...........@...@...................................@...........................................................................$.......D......................=........^......:........@...........................................................................................................................................................................................................................................................................................N....'.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):131072
          Entropy (8bit):2.5536874176203272
          Encrypted:false
          SSDEEP:
          MD5:B4E5524AB43E1B2C20199E9F728159B2
          SHA1:F2081655378A3D651DD69F1046649C13527E9B69
          SHA-256:91C1BD6B279B499FA616F2027D0ABB6072FF1AFC25AFEA88C9887AC4F7B3BEF8
          SHA-512:26A8BF36FEF3E87CD23CE821DC52DE5FCCAD2CF2DE9F9D96DFB4DFBD6BD9C97B07EBB7A31345F9AA3263B9062FBA16777DCF39FEFAA309D050AEE8B7ED91A239
          Malicious:true
          Reputation:unknown
          Preview:....C..._.......D....Z..xb....................#.!BDN...SM......\...............>.......`................@...........@...@...................................@...........................................................................$.......D......................=........^......:........@...........................................................................................................................................................................................................................................................................................N....'..Z..xb.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

          Chrome Cache Entry: 67

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (771)
          Category:downloaded
          Size (bytes):776
          Entropy (8bit):5.146183717388467
          Encrypted:false
          SSDEEP:
          MD5:4ED17D1F15D4C1442E1B8F4C0F08AAD3
          SHA1:6E927B67884E754962AA0BBC6431FEE0D5E7ACA9
          SHA-256:DABF95D477CB405A649EE2FCB7BF6FA651B14F95608F0993BD5A5BD607B11FDF
          SHA-512:8C4D80ACA29549451EE3E7F15F1958CB0CC35687A3B6537BD663FE380D382DAF4E12979838F32D34C23A11A5B4A5A368F330994986273E7B0C31E4628B547BEC
          Malicious:false
          Reputation:unknown
          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
          Preview:)]}'.["",["sana biotechnology stock","general hospital spoilers michael","geforce rtx 5090","ufc news","taxes","7mm backcountry rifles","last of us season 2 cast","roki sasaki mlb"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":"8679823657894520814","google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

          Static File Info

          General

          File type:ASCII text, with very long lines (347), with CRLF line terminators
          Entropy (8bit):5.882945748583404
          TrID:
            File name:message__51fa7b20_1571_b6cf_e82f_a6f0e2bfa4a2_jamestraversgarage_ie_.eml
            File size:10'618 bytes
            MD5:b9437d0aa78ce2870fd13432d1c639ab
            SHA1:72bd64a8bffe654b1708b405758bf88e70ec7c3d
            SHA256:d5c2d886ce8d16c20aaa464e7ca877d88c8b1ecf586630195affeebfc13afa4d
            SHA512:4bd945791009ccd6f9fb44476548c6d5632739390a2f81d26af2df2852908c0fc03aed5bc1d32b5df8b4bcd11eb04864b864c0f67e3352465b49d98b316cd31f
            SSDEEP:192:j+wIYEf2jnQV394C6+PKtQ5MJUXTMJUXjcDxrfMJUmx4yNlTlkpG:CwINejQV+QcUSUzGxrGU4n6G
            TLSH:03220A01F1C1578604BA59A0F21A7B58A37A5F8FDB0389E428FB277AD74D16523E336C
            File Content Preview:X-Proofpoint-Sentinel: stfj2D0CdpZhbdUwk46nhwLdWDCkiVZ7xDhracw19HI2jKVTYWx0ZWRfXzo.. XghY1bdxQ12ITwjDwROO+fxrSGLNgIsvBI8BFdPVIvXejYnPz6xiad4UR+30d24cetdgN7EJj5nU.. lSEdBgv+8wQUvEs7vCBlik/Off+cKftbyctxG39BAqQtnLgCfuo3d/oWj/K5RzewRyp82ohDEous.. sz+Hpx+6kWgK

            Static Mail

            General

            Subject:[External] Notification
            From:"andy.smillie" <info@jamestraversgarage.ie>
            To:andy.smillie@quiltercheviot.com
            Cc:
            BCC:
            Date:Thu, 09 Jan 2025 02:08:31 +0000
            Communications:
            • Quiltercheviot Timesheet Report New information have been added to this timesheet and are attached to this email. Quiltercheviot Employee: andy.smillie@quiltercheviot.com Date Delivered: January 8, 2025, 6:08:31 PM Brief Description of Timesheet: Please refer to the below folder Report Completed By: Quiltercheviot HR TEAM Click Here to View Details Quiltercheviot Timesheet Report New information have been added to this timesheet and are attached to this email. Quiltercheviot Employee: andy.smillie@quiltercheviot.com Date Delivered: January 8, 2025, 6:08:31 PM Brief Description of Timesheet: Please refer to the below folder Report Completed By: Quiltercheviot HR TEAM Click Here to View Details Quiltercheviot Timesheet Report Quiltercheviot Timesheet Report Quiltercheviot Timesheet Report New information have been added to this timesheet and are attached to this email. New information have been added to this timesheet and are attached to this email. New information have been added to this timesheet and are attached to this email. Quiltercheviot Employee: andy.smillie@quiltercheviot.com Date Delivered: January 8, 2025, 6:08:31 PM Brief Description of Timesheet: Please refer to the below folder Report Completed By: Quiltercheviot HR TEAM Quiltercheviot Employee: andy.smillie@quiltercheviot.com Date Delivered: January 8, 2025, 6:08:31 PM Brief Description of Timesheet: Please refer to the below folder Report Completed By: Quiltercheviot HR TEAM Quiltercheviot Employee: andy.smillie@quiltercheviot.com Quiltercheviot Employee: Quiltercheviot Employee: andy.smillie@quiltercheviot.com Date Delivered: January 8, 2025, 6:08:31 PM Date Delivered: Date Delivered: January 8, 2025, 6:08:31 PM Brief Description of Timesheet: Please refer to the below folder Brief Description of Timesheet: Brief Description of Timesheet: Please refer to the below folder Report Completed By: Quiltercheviot HR TEAM Report Completed By: Report Completed By: Quiltercheviot HR TEAM Click Here to View Details Click Here to View Details Click Here to View Details https://urldefense.com/v3/__https://ygvq5.sa.com/cloud/services/protection/YW5keS5zbWlsbGllQHF1aWx0ZXJjaGV2aW90LmNvbQ==__;!!MxXmjrCc_Bbh!Du5Oc1X6ZLjMnv8WzQpCnXxxa64ALKjDe81Om-AhELMCt8kqPuXanAgCHfT49gx6v98ridi7BDrdyqFfGBHzje5xd-a2hc7T$ Click Here to View Details Click Here to View Details
            Attachments:

              Headers

              Key Value
              X-Proofpoint-Sentinelstfj2D0CdpZhbdUwk46nhwLdWDCkiVZ7xDhracw19HI2jKVTYWx0ZWRfXzo XghY1bdxQ12ITwjDwROO+fxrSGLNgIsvBI8BFdPVIvXejYnPz6xiad4UR+30d24cetdgN7EJj5nU lSEdBgv+8wQUvEs7vCBlik/Off+cKftbyctxG39BAqQtnLgCfuo3d/oWj/K5RzewRyp82ohDEous sz+Hpx+6kWgKwtRP20zOFTok2l3sQo8rFQqBxg9O9rGEiWNI/rPAtnMf7xF1xu+iBifuWN9hO3wT PhldjwFvxQa2gPawWB2kmnM9Qu+rDSNoZXpAAbEBbYyz9ep5tvipx3dsGjN/M2X2qfTWZzEvus50 +nVcYUM4BtjPP862bXfGCTNdJIg/OBSPDCViYeZ27DTNvOtlUVZc/qyczC0ZQ2awHNAcfvCit7H0 ME1keTRU8NvHiRbqmvsuxNo1FozEX9sZxXBBXK8NobWgWO75D5v1ortLbnOK+qZc8MITFjIz97/W 1HyJnR6tJg0WAeLhsgC1ucI/Df6p4QCGqgExUfZ8sIRmDlGEQeNZwR0kl+mMgrlkPXzcvQ7ctr/7 TAdFyPpKbsock+czjHaXYTepJXCGyGtBZrHW1TUM5IUrbLXFYcZOYOXCZUSQGRPPuISbrlOOzWC7 iAAkc1V/h3pL3pwDTU36LhMzS5/YuGG7fZRMLpAU4eXIvFmCZzJ/yHPAP+honSOBqNSewkChCZ/P aPSefos7KEvVZGBHvxDXGqGFNk33zCwPEYHa3glFdk4upM+xWfJPzqhpCbfqUtDJK9Hh+cwc+ppU JIwsnuVFP6x4rrh9V+eDalDWmzf0EIRzhOvYQIWv5NngVk64Jk5j1U1VprZDqkc8+gsi8vIHx4Yf CjoaL+prEySlivEpejUWWxczk60KSOc6ZEWRq8s5zwtw3knoJvLGkhyjP+24hz8E1kaNcecV7pm3 UOFI9T3Ecu5JCtYerrae2KWwiS5wx9vyRS58=
              Authentication-Resultsppops.net; spf=permerror smtp.mailfrom=bounce+c76d26.86d7c1-andy.smillie=quiltercheviot.com@jamestraversgarage.ie; dkim=pass header.d=jamestraversgarage.ie header.s=pdk1; dmarc=none
              Receivedfrom [127.0.0.1] (unn-149-40-62-39.datapacket.com [149.40.62.39]) by 9b0f58327ed2 with SMTP id 677f2fa13e543944cbc1653a (version=TLS1.2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Thu, 09 Jan 2025 02:08:33 GMT
              DKIM-Signaturea=rsa-sha256; v=1; c=relaxed/relaxed; d=jamestraversgarage.ie; q=dns/txt; s=pdk1; t=1736388513; x=1736395713; h=MIME-Version: Date: Content-Transfer-Encoding: Message-ID: Subject: Subject: To: To: From: From: Content-Type: Sender: Sender; bh=MLLTDi3r6Td0GeRTEMeK+FHIBR6cZYiej0r0kzEeQi4=; b=LULet4/pMHSS9kzr7RWzLRenldG72cGeBzIMv2gRg5IEKxzNl8qiTUpHHGPF4O0tFe6DzFzhnB8AYwAIXkSPwAc7mmXuoxiuLEYSTuOXOSCw53zDeeY8XQG+TWB/hbCcNt0FiV5IChjYDqMiaYmUKqfzUO/G0Nm1ctk2a2/R/m9oiY8w7pUDQ2Mr1nQ+iqBRWZAqQOxqBOz4UlTFQObQdedPoKKGqf0Lzdv5P29ehQhMUjFM520BohjFTJ9RB8mltJh/A9PndE/RXXmNkw1kr8TxQ27YhtoAdF0RSMyoeYRZKUF0f/j00rJ3/edoutdE0yvruB6DICysanIAwQV1GQ==
              X-Mailgun-Sending-Ip69.72.43.10
              X-Mailgun-Sending-Ip-Pool-Name
              X-Mailgun-Sending-Ip-Pool
              X-Mailgun-SidWyJjMWRhNSIsImFuZHkuc21pbGxpZUBxdWlsdGVyY2hldmlvdC5jb20iLCI4NmQ3YzEiXQ==
              Senderinfo@jamestraversgarage.ie
              From"andy.smillie" <info@jamestraversgarage.ie>
              Toandy.smillie@quiltercheviot.com
              Message-ID<51fa7b20-1571-b6cf-e82f-a6f0e2bfa4a2@jamestraversgarage.ie>
              DateThu, 09 Jan 2025 02:08:31 +0000
              X-Proofpoint-ORIG-GUIDFrWKK0nFBU9FHTikSXCtxOn7zs_8jand
              X-Proofpoint-GUIDFrWKK0nFBU9FHTikSXCtxOn7zs_8jand
              X-CLX-ShadesMLX
              X-CLX-Response1TFkXGR8ZEQpMehcTGhEKWUQXa0loemBmHwVGS0ERClhYF2J9eH54eVJMbW1 ZEQp4ThdkQmJ+ckkYbnlcHxEKeUwXYxIcEwEYaWBOUGcRCkNIFwcSGhEKQ1kXBxgYExEKQ0kXGg QaGhoRCllNF2dmchEKWUkXGnEaEBp3BhgbGXEeGhIQGHcGGBoGGxgaEQpZXhdsbHkRCklGF1tfQ 0ZeT1hFR111QkVZXk9OEQpJRxd4T00RCkNOF2xYfWFhGkRsaH8TbGJ+Q0F5cmleUmVEHVBZdRJA S0ROEQpYXBcfBBoEGRIcBRsaBB0aBBsZHgQZGRAbHhofGhEKXlkXT15kewURCk1cFwcbEhEKTFo XaWttQhpNEQpNThdoEQpMRhdva2tra2sRCkJPF2RheXlST39BExNZEQpDWhccEwQdGAQeGQQbGh EKQl4XGxEKWUUXExEKRUkXGxEKRWYXHhEKQlwXGxEKXk4XGxEKQksXZEJifnJJGG55XB8RCkJJF 2RCYn5ySRhueVwfEQpCRRdmcl9TQ0ZsQkAeUBEKQk4XZEJifnJJGG55XB8RCkJMF2J9eH54eVJM bW1ZEQpCbBdmaX1TbHAfbV1JSBEKQkAXYXhZG14fR2laUFIRCkJYF2ZSX2xDSG5mQGlcEQpNXhc bEQpaWBcfEQp5QxdheFkbXh9HaVpQUhEKWUsXHh0ZGBEKcGgXY15MHk8YcGdJUEAQGhEKcGgXYk N5YWFBYwEbY08QGhEKcGgXYXtZYk9JQEhjXFMQGhEKcGgXZEtiWh9dHXt/HWsQHhoRCnBoF2Nvc AFFWVwbHB4fEBkaEQpwaBduTGlNG3xEfR8fRhAcGBEKcGgXZkRafXAZQ1ldRnwQGhEKcGgXZ15A WRp9UBhoHVAQGhEKcH0XbBgcEntkYXpZfRkQGhEKcH8XbllyZUMZcB19EnsQGhEKcF8XZ0hrSGN BEkV+Ux4QGhEKcGwXZWxTcm5TYmBDSFkQGhEKcEMXaUkBYWB/HhpefmMQEwQdEQptfhcbEQpYTR dLESA=
              Content-Typetext/html; charset="utf-8"
              Content-Transfer-Encodingquoted-printable
              MIME-Version1.0
              Subject[External] Notification
              X-Proofpoint-Virus-Versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01
              X-Proofpoint-Spam-Detailsrule=inbound_phish policy=inbound score=100 mlxscore=0 lowpriorityscore=0 mlxlogscore=601 malwarescore=0 unsafescore=20 phishscore=100 bulkscore=0 unknownsenderscore=20 suspectscore=0 spamscore=0 snscore=27 clxscore=353 priorityscore=90 adultscore=0 impostorscore=0 classifier=phish adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501090014 domainage_hfrom=4732

              File Icon

              Icon Hash:46070c0a8e0c67d6