Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
email.eml

Overview

General Information

Sample name:email.eml
Analysis ID:1591674
MD5:b03d563f31717e169811ad3f19db8f2b
SHA1:f5489ef31cda5bdc0864060335bfa4146ba4b325
SHA256:d00bee42ad067f277fffe19eb5bf9badd5d374ba5e6acd56ff4ece75fdd1a463
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious elements in Email content
AI detected suspicious elements in Email header
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7140 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1364 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AD224786-F8ED-4020-8E5C-E8322082183F" "38CFF37A-D378-4FF4-AB5E-E8FA8E9B726C" "7140" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • WINWORD.EXE (PID: 4048 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LYR1LSUB\Bonjour.docx" /o "" MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
      • WINWORD.EXE (PID: 6092 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /Embedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7140, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LYR1LSUB\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7140, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected suspicious elements in Email content
Source: EmailJoe Sandbox AI: Detected potential phishing email: Generic Gmail address used instead of official corporate email. Suspicious attachment with vague name 'Bonjour.docx'. Mass-targeting evident from generic recipient address infos@orange.fr
AI detected suspicious elements in Email header
Source: EmailJoe Sandbox AI: Detected suspicious elements in Email header: SPF SoftFail from IP 91.207.212.148 which is not authorized for gmail.com. IP address 91.207.212.148 is suspicious and doesn't match Gmail's infrastructure. Suspicious routing pattern - email claims to be from Gmail but passes through unusual servers. While DKIM passes for gmail.com, this could be a compromised account given other indicators. High unknownsenderscore (20) in Proofpoint spam details. Suspicious PTR record mismatch in headers (mx07 vs mx08). The combination of authentication results suggests potential email spoofing or compromise
Source: EmailClassification: Credential Stealer
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll
Source: winword.exeMemory has grown: Private usage: 0MB later: 48MB
Source: classification engineClassification label: mal48.winEML@9/10@0/17
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250115T0343240714-7140.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\email.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AD224786-F8ED-4020-8E5C-E8322082183F" "38CFF37A-D378-4FF4-AB5E-E8FA8E9B726C" "7140" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AD224786-F8ED-4020-8E5C-E8322082183F" "38CFF37A-D378-4FF4-AB5E-E8FA8E9B726C" "7140" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LYR1LSUB\Bonjour.docx" /o ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LYR1LSUB\Bonjour.docx" /o ""
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" /Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
DLL Side-Loading		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
52.113.194.132
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.109.32.97
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
52.168.112.67
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
2.23.242.162
unknownEuropean Union
8781QA-ISPQAfalse
52.109.76.144
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1591674
Start date and time:2025-01-15 09:42:50 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:17
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:email.eml
Detection:MAL
Classification:mal48.winEML@9/10@0/17
Cookbook Comments:
  • Found application associated with file extension: .eml

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.168.112.67
  • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, slscr.update.microsoft.com, s-0005.s-msedge.net, onedscolprdeus04.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, mobile.events.data.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetValueKey calls found.

Created / dropped Files

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2f2f\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Word\1380790193167760279.C4

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:BB7DF04E1B0A2570657527A7E108AE23
SHA1:5188431849B4613152FD7BDBA6A3FF0A4FD6424B
SHA-256:C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479
SHA-512:768007E06B0CD9E62D50F458B9435C6DDA0A6D272F0B15550F97C478394B743331C3A9C9236E09AB5B9CB3B423B2320A5D66EB3C7068DB9EA37891CA40E47012
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2f2f\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStore\Word\ASkwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDBfTnVsbAA.S

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):138
Entropy (8bit):5.354066350651071
Encrypted:false
SSDEEP:
MD5:EBA4DAF928CEBAEF9F98C65F74F6156E
SHA1:989C323AE03E9E2AFBA5D2099D7ABE1571E57E5B
SHA-256:51C01B7A1BCF8F14411794C0D613750AA67274ABB33AAD8D1857E89DF25652D6
SHA-512:39CF7B629927149D351D00C0EBF2F338B0D92971DE86E52E1BA0327097CEEA6F7053A303BB20B8844371C612D3B1163F06D96588C9CC29B65301C7AEC540E19B
Malicious:false
Reputation:unknown
Preview:S.........~....u..........Yfile:///C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LYR1LSUB\..Bonjour..docx..d.

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2f2f\AC\Temp\DE8B9820.docx

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:Microsoft Word 2007+
Category:dropped
Size (bytes):122479
Entropy (8bit):7.928365303087376
Encrypted:false
SSDEEP:
MD5:C71440FF633A4A38BD5E3D88C4876F16
SHA1:E5D8098E0BAEA4874BC5708A8D026C6D7C593A9A
SHA-256:293D9D69B457E0597765E69AC5C9EC02B05B5B05211E042397BD65C1D5ADEF98
SHA-512:FC592739D28D1A2CE09342607E5BC3468609D2905BB73A5B2C4A9532E1ABB1096777ECF2ACFF583ED071AEE1A12AD6A455FD2EE859ADD27E62B870C106B8D60F
Malicious:false
Reputation:unknown
Preview:PK..........!..A..f...T.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0.E........tQUUH.},.HM?...../....;@..(..I6H0s.=.xF..V..|...d..H..[!M....[.H....LY.9.B ....h.u..T...E......Y.....z."...:..X..~0x...&... ....l.b.......$.Mc....+..@.j<.p.a.).Y.:].q@..2T.=a!].........}...R@2e>.3.]tm....Fev....-...Wn.[.!.w.*k+.I.....q. \.....Qp...s/...W..c..R`...\....xj.....mNEb..[.p.....?..:...(O.um"Z.=.T.@.8.M.8........PK..........!.........N......._rels/.rels ...(...........................

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2f2f\AC\Temp\DE8B9820.docx:Zone.Identifier

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):26
Entropy (8bit):3.95006375643621
Encrypted:false
SSDEEP:
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
Malicious:false
Reputation:unknown
Preview:[ZoneTransfer]..ZoneId=3..

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2f2f\AC\Temp\Diagnostics\WINWORD\App1736930680640217500_5B9B66FE-8D7E-43B7-8018-0B254F938C91.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.003959091334323572
Encrypted:false
SSDEEP:
MD5:AE392EB6A83AB94BAB81DF91F8EA68B4
SHA1:04C02ECE0190ED7DFAA13BDC0E548603F92DE415
SHA-256:90B85451F1F7AEA441CCCFFFDCEA4A78C89762B3F7CBFD406C6915D7077380F7
SHA-512:6C7575A759D0B7CFD6E49CE9E4D3BE8A2F30A9129086A3F75543D87554BA4F16B7CBE6CCB5448EE407F294AB99A6F21EEA421B11AD45E050B21035253D70C86A
Malicious:false
Reputation:unknown
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..01/15/2025 08:44:40.714.WINWORD (0x17CC).0x4D0.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.RegisterCloudFontCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2025-01-15T08:44:40.714Z","Contract":"Office.System.Activity","Activity.CV":"/mabW36Nt0OAGAslT5OMkQ.1.15","Activity.Duration":11,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true}...01/15/2025 08:44:40.777.WINWORD (0x17CC).0x4D0.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Performance.Boot","Flags":2814766963868161,"InternalSequenceNumber":40,"Time":"2025-01-15T08:44:40.777Z","Contract":"Office.System.Activity","Activity.CV":"/mabW36Nt0OAGAslT5OMkQ.1","Activity.Duration":321457,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.ActivationKind":"Automation","Data.InitializationDuration":41157,"Data.DurationUntilMso20Initialization

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2f2f\AC\Temp\Diagnostics\WINWORD\App1736930680641050900_5B9B66FE-8D7E-43B7-8018-0B254F938C91.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:false
Reputation:unknown
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_2f2f\AC\Temp\mso108B.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
File Type:Microsoft OOXML
Category:dropped
Size (bytes):3355
Entropy (8bit):4.789309865695103
Encrypted:false
SSDEEP:
MD5:52FAEC36198C7E9F0367131D9B062E69
SHA1:6FE825F48BFDA0891A4033E7AFCCA131048138BB
SHA-256:CCBF3D89A41D66BD6E557409D459AD6341F7F697B3C972C66364CEDA3A173BA1
SHA-512:6442F632874280754A5C98C30EAAD02B4A00C5DE8F495215946D24D1DDC68F7AAAB0230F1C4E07DA257539EDBFED220274647AD67AE3805AAAA1D671ED2F1DC5
Malicious:false
Reputation:unknown
Preview:PK..........!..!..............[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0...H...W.8p@.%.#.P...7.....}{6m...H...o<.W.iT{..ch.@a....7.y/.@......6pD.U{{So..I.:P..sz...2&.2.b...1.:..5=.z.6............. ..$.G..r^.Y...Fo.KR.......JQ.vh...$..y.7...j.w..&.$.v.sL$..X..,..E.#...'."Q*.?0v..(.w..^.\.Cw..O..~.......PK..........!...K............_rels/.rels ...(..............................................................................................................................

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250115T0343240714-7140.etl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:modified
Size (bytes):106496
Entropy (8bit):4.504015271298349
Encrypted:false
SSDEEP:
MD5:95F56CBC12C57742B4C7F7C0D38533BE
SHA1:612991F4B053FD5E7562CC80DB44BA26016168E8
SHA-256:9833ECD1E65D6CC6F8B3F273E200B3FBF86EE188DA36C7FD5F10E5C7481B3C9E
SHA-512:36BD514634CE398326CEEB8DD2A224C2C3F3A9310203D315D16A7706BA64E88DFD374F68DC08F3B9DC79C41072AF64F2D89CB5E127FE835CD68F2CFD6C9D5B99
Malicious:false
Reputation:unknown
Preview:............................................................................`...........K.-.)g..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@....Y..........K.-.)g..........v.2._.O.U.T.L.O.O.K.:.1.b.e.4.:.3.e.3.6.d.4.7.5.d.1.f.d.4.c.3.4.8.d.d.8.2.6.2.2.e.e.c.4.6.6.e.3...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.1.1.5.T.0.3.4.3.2.4.0.7.1.4.-.7.1.4.0...e.t.l.......P.P.........K.-.)g..........................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Outlook email folder (>=2003)
Category:dropped
Size (bytes):271360
Entropy (8bit):6.184163059865054
Encrypted:false
SSDEEP:
MD5:E00E3520654A202A08D26DD9EBD788B1
SHA1:C2BCA474900972C698319C10B3894934BD81D0ED
SHA-256:4D9860EF14E39F4188A4E4818A8E95C718D392E538FF16B54C1273153C61DE2B
SHA-512:CB30A9885306E568A64EDC9062157D79960F20DBFBA60AE7CD69BC13D135BA01CC798D813A0C87A5225837CD59FDD8268D797B8BD01D2C57B564C48122F8D11B
Malicious:true
Reputation:unknown
Preview:!BDN..".SM......\.......................Z................@...........@...@...................................@...........................................................................$.......D...............................:........................................................................................................................................................................................................................................................................................................../.W.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):262144
Entropy (8bit):5.877439131874046
Encrypted:false
SSDEEP:
MD5:0583E87884DBBE6BF864F9FE504A5929
SHA1:9B631503437440B7A8663A822F903CA94623E577
SHA-256:825158F1C9767ADFC6374700C5AF6E4755A122A7CD78B50AFF484FCD9E3245B7
SHA-512:0EB4576BB48AC45DD7AB05E1D0DE74DEAF010FD92363A3FF577D6EBCEE0F69177BD98CD8FC4A936BF437D1C60E87EB5C2A5CFB29EE9C94B5270B30A832157DD2
Malicious:true
Reputation:unknown
Preview:..l.C...{...............)g....................#.!BDN..".SM......\.......................Z................@...........@...@...................................@...........................................................................$.......D...............................:........................................................................................................................................................................................................................................................................................................../.W.........)g.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:RFC 822 mail, ASCII text, with CRLF line terminators
Entropy (8bit):6.080444664158549
TrID:
  • E-Mail message (Var. 5) (54515/1) 100.00%
File name:email.eml
File size:181'662 bytes
MD5:b03d563f31717e169811ad3f19db8f2b
SHA1:f5489ef31cda5bdc0864060335bfa4146ba4b325
SHA256:d00bee42ad067f277fffe19eb5bf9badd5d374ba5e6acd56ff4ece75fdd1a463
SHA512:f3364ad8dd0c509b651d5e933fbd6a084f8bc7707154a7a8c00eaaf5ed3b7660ec6a371275b0b76eacff7bfc00400f43e2204a48c4b98bdff416afec6cad8f6a
SSDEEP:3072:tfOiJN+8bnTZuN4DBlSrZG0LthTzilMN6yrDTAmO3wj5tx5:cONDNvPSrZxLt5irmD5
TLSH:B9041232152046EDEB326194F6003A087DAC766794F086457F5DABF62ADE3784FB6C82
File Content Preview:Received: from DB4PR03MB9457.eurprd03.prod.outlook.com (2603:10a6:10:3fa::22).. by PR2PR03MB5210.eurprd03.prod.outlook.com with HTTPS; Sat, 28 Dec 2024.. 11:10:20 +0000..Received: from AS9PR05CA0342.eurprd05.prod.outlook.com (2603:10a6:20b:490::32).. by D

Static Mail

General

Subject:Joyeux Nol
From:Solange Mollet <solangemollet69@gmail.com>
To:infos@orange.fr
Cc:
BCC:
Date:Sat, 28 Dec 2024 12:07:18 +0100
Communications:
  • EXTERNAL SENDER: Do not click any links or open any attachments unless you trust the sender and know the content is safe. EXPEDITEUR EXTERNE: Ne cliquez sur aucun lien et n'ouvrez aucune piece jointe a moins qu'ils ne proviennent d'un expediteur fiable, ou que vous ayez l'assurance que le contenu provient d'une source sure.
Attachments:
  • Bonjour.docx

Headers

Key Value
Receivedby mail-ot1-f45.google.com with SMTP id 46e09a7af769-71e19fee3b3so4455684a34.0 for <arnaud.tassart@socotec.com>; Sat, 28 Dec 2024 03:07:25 -0800 (PST)
Authentication-Resultsspf=softfail (sender IP is 91.207.212.148) smtp.mailfrom=gmail.com; dkim=pass (signature was verified) header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass reason=100
Received-SPFSoftFail (protection.outlook.com: domain of transitioning gmail.com discourages use of 91.207.212.148 as permitted sender)
Authentication-Results-Originalppops.net; spf=pass smtp.mailfrom=amoursinc886@gmail.com
DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1735384044; x=1735988844; darn=socotec.com; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=IrUAbh3ijUEhKRN5Vj5Kf5xWFWlGx7tuZUojrqgikQk=; b=K4AokXMmMfESNAxTxRQNd8UkqC006n52YziJJbh6z2B3H4rLdTcYjLQGRb+8d8+S3S zTu/DkY7gEgxvxTAkH62arleAy80jLIy03L0TFSdHv3iLHTThmPA6NAVD3+mBQToDXkQ t65+jB6w4IC/QT/aekZpaUF8mWPXHfxKQ44fEbc6LyXXzrFyXROmsv0KaeRtu+UzwCFW GAZCcw+FqU8++Z6Mhd8balNdxmNZD+Oi1NdwmzBTOBAQw1Daloag7RRxYCwdQkZ+fi+2 0A4gv3oOzZzrh+FVKJvxM/b+IOawuBRlgoaNa+SgVcfqx0bDm7wcHPXoDQabi69L2gqd 3I1Q==
X-Google-DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735384044; x=1735988844; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=IrUAbh3ijUEhKRN5Vj5Kf5xWFWlGx7tuZUojrqgikQk=; b=hveWkgNPNyvM9F+xWyI1Dip4TFZqbtPAH94WanfIjR+2FzO3vaqADxHwvSAg0s9yuA PiTAFkoMy4Kieo0Jpe2gFkxWv1YPF/huPSKMEUngEGR7D1LMUHN4yPl4I9J3m1DN8eIS VpJ8C37jgYDZEYa0dObHxPcN/age7cliwoa9eQmytClyxGHXMqoRKVCAWTyO7oIre6cM //EHT0v85g/p4qGWFnLtjQooCcQLPuRR+tz9wov1/woF25xuSjuNAD9xT0MG+0lQjFy1 iPChMwz/cv0iIaIxExSKA2+bxsdpSMqtf/mh8ME6GpzACqFzLU59w4MB9yxsDcurJIGA kzJA==
X-Forwarded-Encryptedi=1; AJvYcCWe/UWFvrllBk/rtaLToeMMsWeDxhttuyFVzi2ITeZx3HwD/6xBczy7G+wmzkqVd7W5/PtI47UcS5QRdka3qg==@socotec.com
X-Gm-Message-StateAOJu0Yz/ezy+cgMwpgOQ2kYjjIkD6h/gydTFy5XXNi3q4AWZDJTLHe25 hTemQQwrlmvEl8y31MNah2a+NEIsf3JJ3Q/fai27HsJ87CFP3rkt0KDVQUNkKIxsuoydiXf8QZJ K4zzs6HZW1kxk3G1kkqVzdfjaNRc=
X-Gm-GgASbGncsIILmLawFI1cuFCxyuCSoSdYo3XPXznIHXNQm+vgBAIjnEIcitjZMmob1sxYE evJPmgXScgOt+9uR6vuQmBBoldB5SK9FM3Ucy6czh/w==
X-Google-Smtp-SourceAGHT+IHbtSAvxpb2963RZh4tJXTXqtpuAr2mMRLNxSBnJXP0ixHMUCARpQhRPrN+UPx+H4RyZUhQvoqKloIZUOsLAdM=
X-Receivedby 2002:a05:6871:8082:b0:297:2955:b009 with SMTP id 586e51a60fabf-2a7fca463bbmr17527458fac.1.1735384043597; Sat, 28 Dec 2024 03:07:23 -0800 (PST)
FromSolange Mollet <solangemollet69@gmail.com>
DateSat, 28 Dec 2024 12:07:18 +0100
Message-ID<CAN+yWZFC3YAVWLpu+S+h1PtziW14x=ZfwsuHjxn2nz4kGLU3nw@mail.gmail.com>
SubjectJoyeux Nol
Toinfos@orange.fr
Content-Typemultipart/mixed; boundary="00000000000077d375062a5295cd"
X-CLX-Response1TFkXHhsRCkx6FxsYGhEKWUQXZUxnH09eQ0scYm0RClhYF2FjWUJfRkgSXEx FEQp4ThdjU2NrexNYfhpfXhEKeUwXYFh8GXpyBX8ZaGIRCkNIFx8cEQpDWRcHEhEKQ0kXGgQaGh oRCllNF2dmchEKX1kXHxwRCl9NF2dmchEKWUkXHxxxGAYfHHcGHRgGHhJABhoGBx8aBhkacRsQG ncGGgYHGxoaBhoGGgYaBhpxGhAadwYaEQpZXhdobnkRCklGF1lFSUVeT0l1QkVZXk9OEQpJRxd4 T00RCkNOF016Zx5wGkhJH2YaH2ITTllbUk9iXmVIQl9MQGFvXxpjEQpYXBcfBBoEGRIcBRsaBBI aBBsZHgQZHxAbHhofGhEKXlkXT1pzb1MRCk1cFwcbGRwRCkxaF2lvbU17bxEKQk8XekxDSXNpeQ FbQHsRCkNaFxgaEwQSHwQYGxoEHh8RCkJeFxsRCkJFF2Iab2doaWwTYm1sEQpCThdjU2NrexNYf hpfXhEKQkwXYWNZQl9GSBJcTEURCkJsF21TYnNEbWNYG1MbEQpCQBdiBUQZXnJASEVlaREKQlgX YFNycBpkRhhbaWwRClpYFxkRCnlDF2ZPe0lwH2gaYExOEQpZSxcbGh0ZGhEKcGgXZx1zWx1jfmV /HWYQHB4RCnBrF2MaYBNTWVhpaEV6EAcZGhEKcEsXYV9SfX1CSVN9T1MQBx4SEQpwbBduGFpIBW 95SU5/TxAHHhIRCm1+FxoRClhNF0sRIA==
X-Proofpoint-GUIDx5QKF5IOstFljmQ3KLPOb0gTa1tucW9n
X-Proofpoint-ORIG-GUIDgPM4Z0bc5L05H9dsqxeHtObhufjKEu0I
X-CLX-ShadesMLX
X-Proofpoint-SPF-Resultpass
X-Proofpoint-SPF-Recordv=spf1 redirect=_spf.google.com
X-Proofpoint-Virus-Versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2024-12-28_02,2024-12-24_01,2024-11-22_01
X-Proofpoint-Spam-Detailsrule=inbound_notspam policy=inbound score=0 lowpriorityscore=0 spamscore=0 mlxscore=0 mlxlogscore=385 unknownsenderscore=20 suspectscore=0 priorityscore=120 impostorscore=0 clxscore=41 bulkscore=0 malwarescore=0 phishscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=2 engine=8.21.0-2411120000 definitions=main-2412280094 domainage_hfrom=10730
Return-Pathamoursinc886@gmail.com
X-MS-Exchange-Organization-ExpirationStartTime28 Dec 2024 11:10:16.2290 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id e489f2a3-630c-4758-d0d7-08dd27303547
X-EOPAttributedMessage0
X-EOPTenantAttributedMessage33135fa5-f5a7-4d5c-8632-9a17d4acfa5b:0
X-MS-Exchange-Organization-MessageDirectionalityIncoming
X-MS-Exchange-SkipListedInternetSender ip=[209.85.210.45];domain=mail-ot1-f45.google.com
X-MS-PublicTrafficTypeEmail
X-MS-TrafficTypeDiagnostic AM2PEPF0001C712:EE_|DB4PR03MB9457:EE_|PR2PR03MB5210:EE_
X-MS-Exchange-Organization-AuthSource AM2PEPF0001C712.eurprd05.prod.outlook.com
X-MS-Exchange-Organization-AuthAsAnonymous
X-MS-Office365-Filtering-Correlation-Ide489f2a3-630c-4758-d0d7-08dd27303547
X-MS-Exchange-AtpMessagePropertiesSA|SL
X-MS-Exchange-Organization-SCL1
X-Microsoft-AntispamBCL:0;ARA:13230040|82310400026|7093399012|8096899003;
X-Forefront-Antispam-Report CIP:91.207.212.148;CTRY:GB;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mx07-001ef801.pphosted.com;PTR:mx08-001ef801.pphosted.com;CAT:NONE;SFS:(13230040)(82310400026)(7093399012)(8096899003);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime28 Dec 2024 11:10:16.1509 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Ide489f2a3-630c-4758-d0d7-08dd27303547
X-MS-Exchange-CrossTenant-Id33135fa5-f5a7-4d5c-8632-9a17d4acfa5b
X-MS-Exchange-CrossTenant-AuthSource AM2PEPF0001C712.eurprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAsAnonymous
X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
X-MS-Exchange-Transport-CrossTenantHeadersStampedDB4PR03MB9457
X-MS-Exchange-Transport-EndToEndLatency00:00:04.7652616
X-MS-Exchange-Processed-By-BccFoldering15.20.8293.000
X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
X-Microsoft-Antispam-Message-Info 1P86znQS1DdqwqGLAwuG5z/1QPbG3/HsiOXoQhQY3nmnP2krO/z/50DzLOaE5+mtKLsipPpD+iX6vNpSyE34DxrZiDDJGStXaAXwM39Uqz4+sjQfnZAcSZk/+R2TJe3rzfnY+604wiuDwsboegMjH2U0Mz9Wml0KNNCj4tr6zNDfBu6yx1rMBNtd/xcHku11JDm/r/VVxhQ4wf+8ovUJJKwNbdE5PIldsqXaLTnmFgC7ZwxMOSwS90COeDuQfdI9n6Dfn0av1NYP0VZdACU3tWPtEQ08PG9rb6LUYA9tF5ogRWzuTCAfGNY+u0hvOCP3q1aaRUH/GoTEpIc8tlLj6kJqePmlkGikVwq0tJ9/CCkKGqmpF11gzPjdGq9kG0nI6g3ByoEV8czg1OwvCmhvMXLf4XZdYIpPskd30AftO2DEyL9D9vctRw4+OdcBa0H8KcZ/Ayc7FXO+e4TK5Ve+VS6hUKwcURd05GwiHKNSX0/R7qEFD6ouF07pzAM9DL7nIUGi10twIr6QViHX6r2HspTxs7LvhniuyF40wMKu2YKvpJIX+6nsf2D7K84HaYK31wrIQrZGOcWMPpemPUVqunVDXJCZnyk0jK2xO3MKLkpegh9e3OzWpFh0yv1cjUMIWCvmyGmQB9MW/lJkwRAYOq6+VybsADIAG5V43HkI8iUmhlZmfrTiZYh3cM1nC6xcr8IFRPr2pAAMkKpKKMzKBVC1Nl3sdohCpkQa+VsUeDd/id4ZBU1EdlRxFIdHn2GB51q8jJPhmTaVPuLGj5Sunudam0ahWQWpTRwyDx1efhq7eK0ngF+3aKsDw2fcPb+oStlrgiCF/QcHYJP5qaOQSYJBuM0VCk3rF8DhG1OzEDAgMX6hqfAggYnKhKuIWqstTivFOrvSnsoEuEsgGm/ECXm84XqaY+PbEOJu7Oeh9b+vJOJ4q6nIsUK2ybuTAVHzS+1LcemKA2G4JcuepmDxFnLvfiFNqE7UjqxLy2fypQhrMjDTpfb0uVk/vQFVl261mwGPVSuP5JrxvXtR9j92x/tnQrLm7+ZTmrZourMCuVAXW3Wm4Ugs8qLxTroYP6xgdA8efqGYNZ1LAqtbqYx6eS0QhZyDVPH7SfvgvdaBu1bB3NexlxljVt7Z7yXo5wFd+yQOKWq/tnFkl02bYPG5O4FYAw+n0CUs1bC0kcgdHk4Xyw59m+nd+MnXZIIHoQspS4GISRvBBZsnCFYfgtudAE4z/gMUloGSLNc4z9kXZ18DZIgHY4ELIywka3qBRYyYefmM5XeURT9icKQsjSoczyEL2J6QQ0rnEDKI5kuKMjLKqoTzwe3vCZm7ChFOgddBbrFKmCJ0Ej+nkwKqHGdQNhDACJAS0+JwSLjDQWPaehVfX84YwrD0sgQgJBrv/AbXUBDzzNYM183aGkQbdMvqAwyPNQNbHDHDT/oNAftU2mKeYAT169woIW620101M+k1OpVq9CE6qcJAZ3Y9DvxkWua49Mu3psOihY3NHCB7P1yNQPdvom8vblOnTvlA3vXN6wfUD1Gs25LHMsDu28ZArpLcFn4Jd8UcZbKSo4liajmC288JMYUZvxfZCn9gvgfzrgtnXafSZcybTcq7ItzDKMQIRsQsusjBQhTTBd3iY1Nbcn2Ltsr3kGZxhBwqCNlXNDu/9IbWDq1YCpBnAQ6THvPjxB5fiGfzORAEaZ8hKgWWqTDkdCDoU3/tK4NwyTmIVIyKFOK/DlcXz0mrf6ADmhOkH9r2b52/cYCHbea7QQJymJ65jQAiaPdKzxmvbQSsZMvxRU6dplyxFGi/qOYI5flSLF+LwQzwl9GUjshgpBhZSlHzplB0fyWZAdU8sC3vOpaRDQjMy+SJQJGu1F0AJAcLwfEqmFTzlYnE1Rxza8AxEkA2kUhiQXGag0o5lmaf
MIME-Version1.0

File Icon

Icon Hash:46070c0a8e0c67d6