Windows
Analysis Report
f64da42c-e9a8-a0ac-437d-d14377da4643.eml
Overview
General Information
Detection
Score: | 92 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 6960 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\f64d a42c-e9a8- a0ac-437d- d14377da46 43.eml" MD5: 91A5292942864110ED734005B7E005C0) ai.exe (PID: 7088 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "5CF EB4FB-04F4 -4B2F-9E7F -337451882 B82" "1ED0 12E8-2066- 482D-AEE7- 618C4311BF F8" "6960" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) Acrobat.exe (PID: 6624 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Micro soft\Windo ws\INetCac he\Content .Outlook\N HW451JN\Te rry.tuttle - Payroll Salary Bo nus Distri bution.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) AcroCEF.exe (PID: 1716 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) AcroCEF.exe (PID: 4268 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=22 56 --field -trial-han dle=1552,i ,129060537 7814498386 8,48605527 4285461851 9,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
chrome.exe (PID: 2896 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt https:/ /gs.ntheca tepi.ru/bt b1KhWg/$te rry.tuttle @yodel.co. uk MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 3492 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2020,i ,404344557 7535756806 ,677788250 3626172561 ,262144 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion --vari ations-see d-version --mojo-pla tform-chan nel-handle =1564 /pre fetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_44 | Yara detected HtmlPhish_44 | Joe Security | ||
JoeSecurity_HtmlPhish_44 | Yara detected HtmlPhish_44 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Tycoon2FA_1 | Yara detected Tycoon 2FA PaaS | Joe Security | ||
JoeSecurity_Tycoon2FA_1 | Yara detected Tycoon 2FA PaaS | Joe Security | ||
JoeSecurity_HangulCharacter | Yara detected Obfuscation Via HangulCharacter | Joe Security | ||
JoeSecurity_AntiDebugBrowser | Yara detected AntiDebug via timestamp check | Joe Security | ||
JoeSecurity_InvisibleJS | Yara detected Invisible JS | Joe Security | ||
Click to see the 6 entries |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
- • Phishing
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Phishing |
---|
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: | ||
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | HTTP Parser: |
Source: | Classification: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: |
Source: | File deleted: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File read: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | Key value created or modified: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 21 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Process Injection | Security Account Manager | 14 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 4 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Extra Window Memory Injection | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
chrome.cloudflare-dns.com | 162.159.61.3 | true | false | high | |
e8652.dscx.akamaiedge.net | 23.209.213.129 | true | false | high | |
code.jquery.com | 151.101.130.137 | true | false | high | |
developers.cloudflare.com | 104.16.5.189 | true | false | high | |
cdnjs.cloudflare.com | 104.17.24.14 | true | false | high | |
challenges.cloudflare.com | 104.18.95.41 | true | false | high | |
www.google.com | 142.250.184.196 | true | false | high | |
s-0005.dual-s-dc-msedge.net | 52.123.130.14 | true | false | high | |
gs.nthecatepi.ru | 172.67.151.76 | true | true | unknown | |
x1.i.lencr.org | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.99 | unknown | United States | 15169 | GOOGLEUS | false | |
172.217.18.14 | unknown | United States | 15169 | GOOGLEUS | false | |
216.58.206.78 | unknown | United States | 15169 | GOOGLEUS | false | |
2.19.104.203 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
104.16.5.189 | developers.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false | |
23.209.213.129 | e8652.dscx.akamaiedge.net | United States | 23693 | TELKOMSEL-ASN-IDPTTelekomunikasiSelularID | false | |
151.101.130.137 | code.jquery.com | United States | 54113 | FASTLYUS | false | |
162.159.61.3 | chrome.cloudflare-dns.com | United States | 13335 | CLOUDFLARENETUS | false | |
199.232.210.172 | unknown | United States | 54113 | FASTLYUS | false | |
104.16.2.189 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.186.99 | unknown | United States | 15169 | GOOGLEUS | false | |
3.219.243.226 | unknown | United States | 14618 | AMAZON-AESUS | false | |
142.250.184.195 | unknown | United States | 15169 | GOOGLEUS | false | |
172.67.151.76 | gs.nthecatepi.ru | United States | 13335 | CLOUDFLARENETUS | true | |
104.17.24.14 | cdnjs.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.184.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.110.84 | unknown | United States | 15169 | GOOGLEUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
52.123.130.14 | s-0005.dual-s-dc-msedge.net | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
104.18.95.41 | challenges.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false | |
2.19.11.103 | unknown | European Union | 719 | ELISA-ASHelsinkiFinlandEU | false | |
142.250.185.174 | unknown | United States | 15169 | GOOGLEUS | false | |
52.109.76.243 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.109.76.144 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
20.44.10.123 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
104.77.220.172 | unknown | United States | 16625 | AKAMAI-ASUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1640423 |
Start date and time: | 2025-03-17 10:12:30 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | f64da42c-e9a8-a0ac-437d-d14377da4643.eml |
Detection: | MAL |
Classification: | mal92.phis.evad.winEML@39/25@18/199 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): svchost.exe - Excluded IPs from analysis (wh
itelisted): 52.109.76.243, 2.1 9.11.103, 2.19.11.102, 52.123. 130.14 - Excluded domains from analysis
(whitelisted): ecs.office.com , omex.cdn.office.net, ctldl.w indowsupdate.com, prod.roaming 1.live.com.akadns.net, eur.roa ming1.live.com.akadns.net, neu -azsc-000.roaming.officeapps.l ive.com, roaming.officeapps.li ve.com, dual-s-0005-office.con fig.skype.com, osiprod-neu-buf f-azsc-000.northeurope.cloudap p.azure.com, ecs.office.traffi cmanager.net, c.pki.goog, omex .cdn.office.net.akamaized.net, a1864.dscd.akamai.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtSetValueKey calls fo und. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data. - VT rate limit hit for: gs.nth
ecatepi.ru
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.968043403316245 |
Encrypted: | false |
SSDEEP: | |
MD5: | A7AD459E4043AFB1C315A31E5D7017DB |
SHA1: | D2330D9FB6AB132E8FF16E8CD6CC7012CED45C9F |
SHA-256: | 80C8117642CBA5C88A033EF97EF60E3954ACE07123FC1FCA4A1F45DFBF04206F |
SHA-512: | 79F6650EF1872DE2A9BB5C5474220CD5871D59764C1438C8E80796338C9EB6F6239908D10F2EF8BC8A99656211F506FE5B6F783373332439830BD1A8BF9D7826 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 76150 |
Entropy (8bit): | 2.0259927220658605 |
Encrypted: | false |
SSDEEP: | |
MD5: | 554E4EA9AED1918B5B5CECFC207B82C6 |
SHA1: | A843759104D1EB1E6FE0F3E6A79E3313082B39B3 |
SHA-256: | A8E0FFDEC3948CD2EB6061CC577534D3AC246EC31D5D305BD24785DECC14033E |
SHA-512: | 7EE3D9729E12DF31230B0CBC74853A29BED73D820452B8BA6B3A3557B1C6455EC6E626CC6D27722176C7D462C6B33D284922A7DCCBECF8A9A2890F1AF4F10BCF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2137268256207159 |
Encrypted: | false |
SSDEEP: | |
MD5: | 439D36C16BADD639D044AF8933825D16 |
SHA1: | 34DE5EEA4A6F6D947691D1868453EE5A671D0BFC |
SHA-256: | AF5ACC57F95C9449430048B144F3581DA9CAAFAC83C5CE3B937266A465BB9DA8 |
SHA-512: | D26A5E5D177CC5F101748670BCB9E09C71B7CB0FB68A58662C1A8057BF7EF5D7D6B857EFEB73327DD360413BA9903B22397AD332D78447D8C4C12B70C6797DD0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73305 |
Entropy (8bit): | 7.996028107841645 |
Encrypted: | true |
SSDEEP: | |
MD5: | 83142242E97B8953C386F988AA694E4A |
SHA1: | 833ED12FC15B356136DCDD27C61A50F59C5C7D50 |
SHA-256: | D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755 |
SHA-512: | BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7790941963225158 |
Encrypted: | false |
SSDEEP: | |
MD5: | 67B2C8BE3ABAA1E098DEAC1232127C13 |
SHA1: | 3441D2C2E1F8EE4D58AC17928C9470400EF94C52 |
SHA-256: | 0F9787ECE070FD8C62636F836F644B6DCEA2C84489BAA6C82BA86C7A3F97F409 |
SHA-512: | DCCC69A43CB16F194D85EAE10C911098D1802E815A5644711A30F425D4095CA0D18F8CF885BDE040AF9C10C67012DB0A0F13637678C9DE9F1C0BE1C12FF95F99 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 330 |
Entropy (8bit): | 3.287136292755414 |
Encrypted: | false |
SSDEEP: | |
MD5: | C99C90F8D7D93628F2578133673354B5 |
SHA1: | 19A133EFB8FA5D8192FB0C1C19871FBD648F793F |
SHA-256: | 63CA65ABDAF06795013E49D243AA0E4817AFBA14E7B0A50AC869FCB3953A6109 |
SHA-512: | 8D13AA3A8E683005463A93B7A884F4DFC3CE6179ED4A676A9A9DDA0B15736FD6428FB0F6DA02FD767B12857F370CE1741D25648B7D34080CD668F99E51C0A655 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2145 |
Entropy (8bit): | 5.081592085613156 |
Encrypted: | false |
SSDEEP: | |
MD5: | E79699B2F2C3CEDC10D8FEC6A497CDEE |
SHA1: | 96489021B76170F3E9D5A920E9C89BA4A76E6C8B |
SHA-256: | 34949AB5E3F3267147819788F618F9843EE59310B5CD49EADF1E9D88362E0098 |
SHA-512: | 47463F1F082D9B552C8D5B88F227ADF323D903CF27BC4DE0910CCE386F8A6E1FF63A438FF7866EF92FC8B2DA99F7B0C2047432706A37649051C8CA720D51E149 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.9885695452520952 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4988751AFD6583B027AD6540F4F89949 |
SHA1: | 5FF77692A07AAEA16576C1A4F91349C4423BFC3C |
SHA-256: | 24F7EC71E270712AD4A28F333CA2A27052ED2F43D03C7735C876094B0AB3776D |
SHA-512: | ACFC9B1E9046BE1C4E82352368F064ABBA2D78F9CAD19BFBC5F9AEA5D13A0897B48AB875FB32AD6A1074C55B2C37EA993EC3372446D79C9798F4B01251A523FC |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3443854287166197 |
Encrypted: | false |
SSDEEP: | |
MD5: | 88AA6575D7379B233C40BEED952CC3CC |
SHA1: | BD77A3F88AC595631CEFC11F1F4080C25D46D85D |
SHA-256: | 167EE5BE0E9A7D45DFD14B9A597B13903392C9F2C601A85316B5614CA582A9A8 |
SHA-512: | 6D178581C4AFF37332E2863FCD8B5F324F774989F227729824E449EF81DCF96F8B3F8492C3B2821C2008BFFBDF5161BC50F196FD1A1E3EDE772DFCBA145DEF6A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.51161293806784 |
Encrypted: | false |
SSDEEP: | |
MD5: | BA684CA1955227D2F63CC1692643476C |
SHA1: | 7D5BBC970C1179218D167CE1CBF37A942F58DA5D |
SHA-256: | A9F974912F411B2D0BC7C7DDE720AD53D462D741799743323747260E7F035261 |
SHA-512: | 31D1C1CA9078F31E278490C5ADD2C1A27013D2E0D6DA57C429B5F08C44891B180AE728DDB985DC537FB711DD4590EFA962CC32A29591CD3ED3898BD9239CB8BE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 110592 |
Entropy (8bit): | 4.4927495445764745 |
Encrypted: | false |
SSDEEP: | |
MD5: | AF7A827117E3943DECE11DBE3B73A48D |
SHA1: | 9E769941AB9D2FAF7C5729B35C145E8EAEDFB2BA |
SHA-256: | 3BCAC67A3D7FD29228DD5B10365C71EC88AFFE78DA0BEC3657D580900FACD6A5 |
SHA-512: | 0DD894BCAC0BD933F07458C54C053FF1EC95FBAC0F6D86760BC70218A014D162A6ED005283756EC41203B07BA512DEE9DEC70F50909B607EC145B7E3A1AAB826 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.420556314253978 |
Encrypted: | false |
SSDEEP: | |
MD5: | 798C792B743EAD42FF031B43386CEC98 |
SHA1: | C9A75CECB7E96C9394B8C4D004DC4C3620B63C67 |
SHA-256: | FDD5784E890393563FA5F204676A15603149B81F6A59201DBB2E5594835B6A1B |
SHA-512: | 9B7F802D277E10A151F8AF2A9126BA02357F4DF1ED4FBDFD72036ACBF024A8B711A17C334E992BC0058331AA54CF35C0E94ADEAC15BC501F6B00924DA58E3126 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 5.125338880187197 |
Encrypted: | false |
SSDEEP: | |
MD5: | F67300722FC0DA2A26A3AAA3C4D1A3CB |
SHA1: | 8F1EE2D88B9FD06B5240A4A913C7C4F5529146FE |
SHA-256: | C449F8FB1EA1F6AF60188F2096F1D5604C9B73F89B54E55E7B9B64617F078F95 |
SHA-512: | 494F7D12C05A3F3BC4A52C6B18F1E41BC8582CA421BBD0C30DEE55C692020F7972EC6B9FD1E4CD3C73AC43D4C75D87DDEF6E1C4722B8BE08FA15F3E244512DA2 |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 262144 |
Entropy (8bit): | 4.485140998982984 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9EFD31F90A8D2460D4CCA8B6CB713567 |
SHA1: | 303C891CC97D1CF6CC5979775067518412EB0134 |
SHA-256: | F59368E538114A6A21E73315473DC7B86F8AD933A8B8732E2CF41E2B8B92B459 |
SHA-512: | D5C19303B042BFAA29CCEF0AFF0F7B1338611A572CDD5ED80D623F4289B162E7FDEC807AC186C48CA93ED0521C15F2E939CE9EE7FA9D45A525246A32C3373E67 |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 48316 |
Entropy (8bit): | 5.6346993394709 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2CA03AD87885AB983541092B87ADB299 |
SHA1: | 1A17F60BF776A8C468A185C1E8E985C41A50DC27 |
SHA-256: | 8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762 |
SHA-512: | 13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 937 |
Entropy (8bit): | 7.737931820487441 |
Encrypted: | false |
SSDEEP: | |
MD5: | FC3B7BBE7970F47579127561139060E2 |
SHA1: | 3F7C5783FE1F4404CB16304A5A274778EA3ABD25 |
SHA-256: | 85E6223AFDBD5BADF2C79BCFBAA6FE686ACAA781ECA52C196647FFABB3BE2FFE |
SHA-512: | 49FA22DE92BEBEDE28BB72F7C7902C01D59E56723811629E40C8A887E34FD0B392A9DF169A238BDD8E46D984E76312D75B2644B8611C66A71A559C1B6834DE6C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 48239 |
Entropy (8bit): | 5.343270713163753 |
Encrypted: | false |
SSDEEP: | |
MD5: | 184E29DE57C67BC329C650F294847C16 |
SHA1: | 961208535893142386BA3EFE1444B4F8A90282C3 |
SHA-256: | DD03BA1DD6D73643A8ED55F4CEBC059D673046975D106D26D245326178C2EB9D |
SHA-512: | AF3D62053148D139837CA895457BEEF7620AA52614B9A08FD0D5BEF8163F4C3B9E8D7B2A74D29079DB3DACC51D98AE4A5DC19C788928E5A854D7803EBB9DED9C |
Malicious: | false |
Reputation: | unknown |
URL: | https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 182595 |
Entropy (8bit): | 4.569910209726 |
Encrypted: | false |
SSDEEP: | |
MD5: | B7C6E5925B4199C4C52C784D898AC084 |
SHA1: | FBB4E0E31DA72E20D3AF55E04F9582D83EE44B07 |
SHA-256: | 841C26C62BEF85EEB70F1BB3481075A983589D661FB2672C51A593E3FD99E3CC |
SHA-512: | 5CC9D2CA9775D9C20991B0B83CC65C1E85288ED7A25F2C98DCA6BEAD3339CEA39887BD44E9282267A0EE0445F12F8A5097F7F1EA667BA741826E95782B97D634 |
Malicious: | false |
Reputation: | unknown |
URL: | https://gs.nthecatepi.ru/btb1KhWg/$terry.tuttle@yodel.co.uk |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 89501 |
Entropy (8bit): | 5.289893677458563 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8FB8FEE4FCC3CC86FF6C724154C49C42 |
SHA1: | B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4 |
SHA-256: | FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E |
SHA-512: | F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31 |
Malicious: | false |
Reputation: | unknown |
URL: | https://code.jquery.com/jquery-3.6.0.min.js |
Preview: |
File type: | |
Entropy (8bit): | 6.171876514608292 |
TrID: |
|
File name: | f64da42c-e9a8-a0ac-437d-d14377da4643.eml |
File size: | 108'732 bytes |
MD5: | 72d477110463da85c47b6a3d7a6bcb5f |
SHA1: | b406c919997c8ce218ce73c6c03728445924ef64 |
SHA256: | 42c140d453c2715598c974b451b051b8299f57b9889331251399723408a95c68 |
SHA512: | e5937182b99c76b9d51c4e8f8ff23c47bbd310415f8ebf54e272ee3b60ca130416d010b39d6a005fd76cbcb3f434420b67cefa0555adfefad70fb3858e897e8b |
SSDEEP: | 1536:m7p4n3DU8tNkmeTQXOWqf0czLGgz7EveCbsjkHYk31sUqA9t0VCSCGG9abmVv3K6:mgRX7qffLGC7KbtRr0VC4DbmZgM |
TLSH: | 23B3B07E2FAA05B1CE4132EE0D01BC1B6DB51EB7A87350E23E740E62588F9D94F5254B |
File Content Preview: | Received: from AS2PR05MB10710.eurprd05.prod.outlook.com.. (2603:10a6:20b:649::10) by PAXPR05MB9640.eurprd05.prod.outlook.com with.. HTTPS; Sat, 15 Mar 2025 14:52:30 +0000..Received: from DU7P190CA0012.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:550::11).. by A |
Subject: | Yodel Co. - Payroll Processing Completed Saturday, March 15, 2025 11:52:16 PM, REF ID-MNBVCXZ |
From: | Noreply <muro.kenji@garde-intl.com> |
To: | terry.tuttle@yodel.co.uk |
Cc: | |
BCC: | |
Date: | Sat, 15 Mar 2025 14:52:24 +0000 |
Communications: |
|
Attachments: |
Key | Value |
---|---|
Received | from unknown (HELO 52597.ip-ptr.tech) (muro.kenji@garde-intl.com@147.45.49.87) by 0 with SMTP; 15 Mar 2025 23:52:24 +0900 |
Authentication-Results | spf=pass (sender IP is 27.34.154.55) smtp.mailfrom=garde-intl.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=garde-intl.com;compauth=pass reason=109 |
Received-SPF | Pass (protection.outlook.com: domain of garde-intl.com designates 27.34.154.55 as permitted sender) receiver=protection.outlook.com; client-ip=27.34.154.55; helo=garde-intl.com; pr=C |
X-User-Agent | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 |
X-Accept-Language | en-us, en |
X-Mailer | Roundcube Webmail |
X-Reply-To | reply-to-email@ap.com |
X-Date | Sat, 15 Mar 2025 14:52:24 GMT |
From | Noreply <muro.kenji@garde-intl.com> |
To | terry.tuttle@yodel.co.uk |
Subject | Yodel Co. - Payroll Processing Completed Saturday, March 15, 2025 11:52:16 PM, REF ID-MNBVCXZ |
Message-ID | <288c32e7-238a-e1d9-3b66-5e4d20c3ff5a@garde-intl.com> |
Date | Sat, 15 Mar 2025 14:52:24 +0000 |
Return-Path | muro.kenji@garde-intl.com |
X-EOPAttributedMessage | 0 |
X-EOPTenantAttributedMessage | 43de160c-6e69-45b2-a9cd-7e215970887d:0 |
X-MS-PublicTrafficType | |
X-MS-TrafficTypeDiagnostic | DB1PEPF000509FA:EE_|AS2PR05MB10710:EE_|PAXPR05MB9640:EE_ |
X-MS-Office365-Filtering-Correlation-Id | e0ec0015-cd87-4847-11ba-08dd63d100b0 |
X-MS-Exchange-AtpMessageProperties | SA|SL |
Content-Type | multipart/mixed; boundary="_d3e9ceb2-4166-4248-9591-5f1196cd881b_" |
X-Microsoft-Antispam | BCL:0;ARA:13230040|4053099003|43540500003; |
X-Forefront-Antispam-Report | CIP:27.34.154.55;CTRY:JP;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:garde-intl.com;PTR:ybxxqa55.secure.ne.jp;CAT:NONE;SFTY:9.25;SFS:(13230040)(4053099003)(43540500003);DIR:INB;SFTY:9.25; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 15 Mar 2025 14:52:25.9675 (UTC) |
X-MS-Exchange-CrossTenant-Network-Message-Id | e0ec0015-cd87-4847-11ba-08dd63d100b0 |
X-MS-Exchange-CrossTenant-Id | 43de160c-6e69-45b2-a9cd-7e215970887d |
X-MS-Exchange-CrossTenant-AuthSource | DB1PEPF000509FA.eurprd03.prod.outlook.com |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | AS2PR05MB10710 |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:04.4948785 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.8534.017 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(4710137)(4712020)(920097)(930097)(140003)(1420198); |
X-Microsoft-Antispam-Message-Info | dl7UDBVK9RfcFzqlnIuSFW3H6AONz4Ye9g6rEmm3olkcqvUvuZ8YSRNGLBlWZsDbuO0x2J8iHHLQF4bQ4F4H1MwOv08mvcoI2FwONsXJ2pUcKlef5+15wv0A24rZJUBN/mRe1Ix2M/YeAVq6yc0r8CViNYE7wp1oYdli3DTgh6s9SqMVqvRyIJSvpvPbhVLdBghLVvBKjj7wqYYPV/G9WoA6FSBx820Pdb4Cdi0B2Utgv6rONGT7Fztlp4eExc3Dh4+dptTFO4jOruFD+xSmTWiPOYcI9A+e5mI0R/yX/YkCDcNnuo+odEwUIBxfjHMRQ4AB7r7keZoWmPH8tUJ7pbjsGXUHPOtXDKuqz3MXYbu65goT9eMgrgA6347Vd38MaECj/6xdoXFRKvwU+PSPq+eg5wG5n2pQxc1fS3rbbzU81GRASbTwBVrHz3gtkLuzZNSrKZdbliQ8skEXh/YBU29aQdxdfyL4P26LrNhbMZ4y5FkFyMnTLHYrjY5e8IGK2Kn0Q0n0DNsvRkQ+iV6/nIOMDrnXNaz1XtS+pp3GQRrygD1t9QldsxAmK2YZbkZlMQWvv0ivumtIW5c4iitqgmJhiRwa3DQtLovEu7e9qNzRX52uxpEt1GcyAYwX9zWEL0TKwbuldG6x1McHLHJT+RUo6iywkAg4PUE2vF/79POT3X9raEn2MS2qxoEf6glcluS4G1oQhN+8Zyi8e+i9E8jq+ROrKMmEFziFrULckEXkhGXS1roB2kDKCKjUSQ4aHaQFG67d6M9o78iTnOEHR2c+S/K2BqxIlHtfFpey+bqwzuxCDCQaiJRVnIbJ9gyUC+hcLuRQScUJk2nRAzGS6uShEhfex9W5ZSYVMiW3f9Yh693WdfcWICnu+E1nigjx1WEN1YfNazZtjGvXDVEllzaFmdyntHHw0w81UPtJAV674Cmj0FVR6cudfDgs5jpmw4qiRZnUZdN8CQhkrfXes3hHdDodQcFaYmVMPlgPR4vBWu519NE7xKI7mknp6SyEtYcPy9W4pQd+RxDiU5ERjOUi2AePaR1u/af+PYEasyoazu2pbZIdb/AqaqUJEvstjP/Ccu6hcjd/deqX9HklOkQ4qnAQFZWTujcSP/R9lWSUklUCwFEeB5P64lMWdeio48stIEz9MOx9qm5rDoMoQSvmzWJGj6Zh9DDEFZpMU9Ub6PDXUuFgwRxPoHu/ylbGdqkgsce11bXQf4XUhgJxKeRBpT8R5kmnetmGJUuFpC6rkJWARcpEpauiC/yN73XFFMGRXJFHj8HWfXNtFyug+vnFV+mc+5z4zIWYKmLoq26FqdjT80h/yO7JyiCd3zOUUsyn9isFw8MrTKj7q77zLFrHuR7/TG7q7ZKZ2/PxpqmtEtxC+uXYksLgs/fn+M4UKtVLecbhQWYR7QouOdTfMX/aYs1fq9wXBHFjKHN9Ca+x6W77y8mejWg/CK8H2uYg6dv6aGm5ldU+GZN+56f1CCeguK8syPABQaD8sVzHs4/CH5GQL4+LXyWnlS0mU9mZQpII340bZbS2MRqn9SuuXZWNMbBywoqqo3nulzDk07ZWRPhIurjkZMllU5+nPtSrmWjMWyrr2DKT87BB+jzjc30vg3tQkXl9v91zY1YqpwE6sQN1SF1LSYLt3am3YYQutoHRMb/ECK1Mj4wtNcJiRey7QV5gvv1jOVsKkhCuxIiDypqdw2E9MKWKjc1KShPQbHNeaj/1//YcxGVfQ4SJu2AYKyYoGWEk9TQ9u4OuvDvfMzUyBj6bit/7QlQ698+i0oQngC1yh9CfGtAJaGqT6FA5Ldgo9Rbu4f1DeX1+yelcWz/FCpDPTzs5maaVU+eq4ZYIZSOjofdPsegpAzFcNLdOBUMml/E9YbbI169eP0x9h95hGrKdU/xD9sa5/DjBRjXzft15qvE+QazsON3pxA== |
MIME-Version | 1.0 |
Icon Hash: | 46070c0a8e0c67d6 |