Edit tour

Windows Analysis Report
FW_ _EXTERNAL_ Important Reminder____Contract Agreement Pending disclosure 2330385.msg

Overview

General Information

Sample name:FW_ _EXTERNAL_ Important Reminder____Contract Agreement Pending disclosure 2330385.msg
Analysis ID:1643099
MD5:56d3b3629b4832359e037343db7c16a7
SHA1:bc68b67bc3ab343c2d60a69144b8574cc1ba5a2b
SHA256:33dcf5a38c54b95371819e309ed4d2e996b982c707c1b90fb3c494810c01f848
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
Creates files inside the system directory
Deletes files inside the Windows folder
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 3248 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ _EXTERNAL_ Important Reminder____Contract Agreement Pending disclosure 2330385.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1216 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "89F47284-3158-45B5-9676-9B9280F7E0A3" "32085137-F992-437B-82A8-3D7AC008157F" "3248" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 5892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhughes.na1.adobesign.com%2Fpublic%2FviewAgreement%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAKDp200Gp3NXQX63PgZK6x0gyb7vhipc_T7OGd4psoq8FGPBn45I5ANAoDkcCgCbNDNQxkYjK7JUOCze4FtNsdUkiBfQ5Jy6OtYZd9Zh2wL9yerblPQtcVEj4aKCUq65L%26&data=05%7C02%7Cjperez%40olgoonik.com%7Ce7f909c527ef4ce4f7a708dd66e83d10%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638779869828653911%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=mWcv3IuKcU%2Fx3Nm6%2BHKEwDITkRU2MB6tleU2hYZx%2B7M%3D&reserved=0 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 3808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --subproc-heap-profiling --field-trial-handle=2060,i,15369932657491829457,17244718480380725638,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3248, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: EmailJoe Sandbox AI: Email contains prominent button: 'open agreement'
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email contains suspicious Adobe Sign links that attempt to appear legitimate but are likely phishing. The sender 'Steve Bass' from 'itresults.com' is not affiliated with Adobe but tries to impersonate Adobe Sign services. The email creates urgency around a contract agreement while being vague about details, a common phishing tactic
Source: EmailClassification: Credential Stealer
Source: unknownHTTPS traffic detected: 104.47.73.28:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 24MB later: 33MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /?url=https%3A%2F%2Fhughes.na1.adobesign.com%2Fpublic%2FviewAgreement%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAKDp200Gp3NXQX63PgZK6x0gyb7vhipc_T7OGd4psoq8FGPBn45I5ANAoDkcCgCbNDNQxkYjK7JUOCze4FtNsdUkiBfQ5Jy6OtYZd9Zh2wL9yerblPQtcVEj4aKCUq65L%26&data=05%7C02%7Cjperez%40olgoonik.com%7Ce7f909c527ef4ce4f7a708dd66e83d10%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638779869828653911%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=mWcv3IuKcU%2Fx3Nm6%2BHKEwDITkRU2MB6tleU2hYZx%2B7M%3D&reserved=0 HTTP/1.1Host: nam04.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: nam04.safelinks.protection.outlook.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownHTTPS traffic detected: 104.47.73.28:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir5892_1916583468
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir5892_1916583468
Source: classification engineClassification label: mal48.winMSG@23/8@2/195
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250319T0924530327-3248.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ _EXTERNAL_ Important Reminder____Contract Agreement Pending disclosure 2330385.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "89F47284-3158-45B5-9676-9B9280F7E0A3" "32085137-F992-437B-82A8-3D7AC008157F" "3248" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhughes.na1.adobesign.com%2Fpublic%2FviewAgreement%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAKDp200Gp3NXQX63PgZK6x0gyb7vhipc_T7OGd4psoq8FGPBn45I5ANAoDkcCgCbNDNQxkYjK7JUOCze4FtNsdUkiBfQ5Jy6OtYZd9Zh2wL9yerblPQtcVEj4aKCUq65L%26&data=05%7C02%7Cjperez%40olgoonik.com%7Ce7f909c527ef4ce4f7a708dd66e83d10%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638779869828653911%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=mWcv3IuKcU%2Fx3Nm6%2BHKEwDITkRU2MB6tleU2hYZx%2B7M%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --subproc-heap-profiling --field-trial-handle=2060,i,15369932657491829457,17244718480380725638,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "89F47284-3158-45B5-9676-9B9280F7E0A3" "32085137-F992-437B-82A8-3D7AC008157F" "3248" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhughes.na1.adobesign.com%2Fpublic%2FviewAgreement%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAKDp200Gp3NXQX63PgZK6x0gyb7vhipc_T7OGd4psoq8FGPBn45I5ANAoDkcCgCbNDNQxkYjK7JUOCze4FtNsdUkiBfQ5Jy6OtYZd9Zh2wL9yerblPQtcVEj4aKCUq65L%26&data=05%7C02%7Cjperez%40olgoonik.com%7Ce7f909c527ef4ce4f7a708dd66e83d10%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638779869828653911%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=mWcv3IuKcU%2Fx3Nm6%2BHKEwDITkRU2MB6tleU2hYZx%2B7M%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --subproc-heap-profiling --field-trial-handle=2060,i,15369932657491829457,17244718480380725638,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions
1
Process Injection
11
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Modify Registry
LSASS Memory1
File and Directory Discovery
Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Process Injection
Security Account Manager13
System Information Discovery
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhughes.na1.adobesign.com%2Fpublic%2FviewAgreement%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAKDp200Gp3NXQX63PgZK6x0gyb7vhipc_T7OGd4psoq8FGPBn45I5ANAoDkcCgCbNDNQxkYjK7JUOCze4FtNsdUkiBfQ5Jy6OtYZd9Zh2wL9yerblPQtcVEj4aKCUq65L%26&data=05%7C02%7Cjperez%40olgoonik.com%7Ce7f909c527ef4ce4f7a708dd66e83d10%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638779869828653911%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=mWcv3IuKcU%2Fx3Nm6%2BHKEwDITkRU2MB6tleU2hYZx%2B7M%3D&reserved=00%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
nam04.safelinks.eop-tm2.outlook.com
104.47.73.28
truefalse
    high
    s-0005.dual-s-msedge.net
    52.123.129.14
    truefalse
      high
      nam04.safelinks.protection.outlook.com
      unknown
      unknownfalse
        high
        NameMaliciousAntivirus DetectionReputation
        https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhughes.na1.adobesign.com%2Fpublic%2FviewAgreement%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAKDp200Gp3NXQX63PgZK6x0gyb7vhipc_T7OGd4psoq8FGPBn45I5ANAoDkcCgCbNDNQxkYjK7JUOCze4FtNsdUkiBfQ5Jy6OtYZd9Zh2wL9yerblPQtcVEj4aKCUq65L%26&data=05%7C02%7Cjperez%40olgoonik.com%7Ce7f909c527ef4ce4f7a708dd66e83d10%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638779869828653911%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=mWcv3IuKcU%2Fx3Nm6%2BHKEwDITkRU2MB6tleU2hYZx%2B7M%3D&reserved=0false
        • Avira URL Cloud: safe
        unknown
        https://hughes.na1.adobesign.com/public/viewAgreement?tsid=CBFCIBAACBSCTBABDUAAABACAABAAKDp200Gp3NXQX63PgZK6x0gyb7vhipc_T7OGd4psoq8FGPBn45I5ANAoDkcCgCbNDNQxkYjK7JUOCze4FtNsdUkiBfQ5Jy6OtYZd9Zh2wL9yerblPQtcVEj4aKCUq65L&false
          unknown
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          3.236.206.93
          unknownUnited States
          14618AMAZON-AESUSfalse
          142.250.185.99
          unknownUnited States
          15169GOOGLEUSfalse
          52.182.143.208
          unknownUnited States
          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          1.1.1.1
          unknownAustralia
          13335CLOUDFLARENETUSfalse
          216.58.212.164
          unknownUnited States
          15169GOOGLEUSfalse
          2.16.100.98
          unknownEuropean Union
          20940AKAMAI-ASN1EUfalse
          52.109.89.18
          unknownUnited States
          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          173.194.76.84
          unknownUnited States
          15169GOOGLEUSfalse
          104.47.73.28
          nam04.safelinks.eop-tm2.outlook.comUnited States
          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          52.123.129.14
          s-0005.dual-s-msedge.netUnited States
          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          142.250.185.227
          unknownUnited States
          15169GOOGLEUSfalse
          104.126.36.89
          unknownUnited States
          20940AKAMAI-ASN1EUfalse
          216.58.206.35
          unknownUnited States
          15169GOOGLEUSfalse
          216.58.206.46
          unknownUnited States
          15169GOOGLEUSfalse
          52.111.231.26
          unknownUnited States
          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          2.22.61.155
          unknownEuropean Union
          20940AKAMAI-ASN1EUfalse
          104.124.11.10
          unknownUnited States
          20940AKAMAI-ASN1EUfalse
          142.250.185.174
          unknownUnited States
          15169GOOGLEUSfalse
          52.109.89.19
          unknownUnited States
          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          23.60.203.209
          unknownUnited States
          16625AKAMAI-ASUSfalse
          142.250.184.206
          unknownUnited States
          15169GOOGLEUSfalse
          95.101.54.129
          unknownEuropean Union
          34164AKAMAI-LONGBfalse
          2.16.100.106
          unknownEuropean Union
          20940AKAMAI-ASN1EUfalse
          IP
          192.168.2.16
          Joe Sandbox version:42.0.0 Malachite
          Analysis ID:1643099
          Start date and time:2025-03-19 14:23:39 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:14
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample name:FW_ _EXTERNAL_ Important Reminder____Contract Agreement Pending disclosure 2330385.msg
          Detection:MAL
          Classification:mal48.winMSG@23/8@2/195
          Cookbook Comments:
          • Found application associated with file extension: .msg
          • Exclude process from analysis (whitelisted): sppsvc.exe, RuntimeBroker.exe, backgroundTaskHost.exe
          • Excluded IPs from analysis (whitelisted): 52.109.89.18
          • Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, officeclient.microsoft.com, weu-azsc-config.officeapps.live.com, europe.configsvc1.live.com.akadns.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtQueryValueKey calls found.
          • VT rate limit hit for: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhughes.na1.adobesign.com%2Fpublic%2FviewAgreement%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAKDp200Gp3NXQX63PgZK6x0gyb7vhipc_T7OGd4psoq8FGPBn45I5ANAoDkcCgCbNDNQxkYjK7JUOCze4FtNsdUkiBfQ5Jy6OtYZd9Zh2wL9yerblPQtcVEj4aKCUq65L%26&amp;data=05%7C02%7Cjperez%40olgoonik.com%7Ce7f909c527ef4ce4f7a708dd66e83d10%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638779869828653911%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=mWcv3IuKcU%2Fx3Nm6%2BHKEwDITkRU2MB6tleU2hYZx%2B7M%3D&amp;reserved=0
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:modified
          Size (bytes):192512
          Entropy (8bit):4.876248689253503
          Encrypted:false
          SSDEEP:
          MD5:C89C8C2254E02A751D2E429B583E4174
          SHA1:0857702BC8B87D1831AB8DC3C9A032B62DC99D95
          SHA-256:AE0647A58A10883236DADA120588958D277ADBE20D37AB5037B2739D64F58A96
          SHA-512:F76AFA182DDEEAD79A1ED2BDA65DC4D323F0A0766775E30AE85B35AE771798549340609BB6BB2E4D7428C79CF5B9239AA5E54FB2487CA027ECB17DDA4B88423B
          Malicious:false
          Reputation:unknown
          Preview:............................................................................^..............L...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................t.6..............L...........v.2._.O.U.T.L.O.O.K.:.c.b.0.:.8.7.3.0.9.6.b.4.0.f.8.c.4.6.9.4.b.c.d.a.2.c.c.1.0.6.1.2.8.2.b.f...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.3.1.9.T.0.9.2.4.5.3.0.3.2.7.-.3.2.4.8...e.t.l.........P.P............L...........................................................................................................................................................................................................................................................................................................
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):163840
          Entropy (8bit):0.3599836223577392
          Encrypted:false
          SSDEEP:
          MD5:E7A6BD47AF8F26F894B05041AAB6AE4B
          SHA1:3D9EDC0B318914352FDE97F21DBB50F027E3847E
          SHA-256:FB581869CBCDC5961263D3410A096ACCEB8A7FC8DFEEABCDAF96CAA3250FEFC7
          SHA-512:F0AD1FC9485DF848B17DE7F6503414244FC5FD6D80D381D75EC422EC8F0A58B85583CF29521647F72D0A7B3D116CE74258BF59A5D9D22CB5FC204B55535B9897
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:Microsoft Outlook email folder (>=2003)
          Category:dropped
          Size (bytes):271360
          Entropy (8bit):1.5322685744508389
          Encrypted:false
          SSDEEP:
          MD5:C99B43C9162D98CF7468C6EDA97F9FCC
          SHA1:BF8004B65D47758F60D5398CD7A14B65CC08B964
          SHA-256:D88E3A9AFA660C7265477B4FD9C3DA3DCB91122A14A99C962BD9F7464153517E
          SHA-512:2A72B40474983D8E1ED7829771AD564731EE59E92E8FD75E6380F72D40F4308609407204985C84CD2F1465CD1078F31941480BD7B937B13AB5D8AAAA654CE41C
          Malicious:true
          Reputation:unknown
          Preview:!BDN.H..SM......\...!n..................\................@...........@...@...................................@...........................................................................$.......D.......:..........................................................................................................................................................................................................................................................................................................................@.......,..@tZ.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):131072
          Entropy (8bit):1.1256202038640164
          Encrypted:false
          SSDEEP:
          MD5:0327113D60AC01464B88688394085C45
          SHA1:633AC349EA155F4F4D26081B480E979F7DDDE4B5
          SHA-256:F7C5C3B44DD8516B3A0373A6C944D57CA816A77EC676A1227149169B21AB31BB
          SHA-512:482C916B580F384ECA34660633973F4827E40B8B1CAE566BF189994FEAC8E4F309A054905496982C16C61AF2E9A18C9A5768099175A96398A33B9EF71F0CE436
          Malicious:true
          Reputation:unknown
          Preview: 0..0...P............~.L........D............#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................._....D.......wh.0...Q............~.L........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (45810)
          Category:downloaded
          Size (bytes):1692389
          Entropy (8bit):5.638938653003835
          Encrypted:false
          SSDEEP:
          MD5:B8C9B345060AB4C0180FE48FB656A3EE
          SHA1:4864274EA597AA3E6975728D645A4B09C8B408E3
          SHA-256:60CE7B78168B06185E152B3EC32B1378DC9666BFA38491D09D0549ECC4D36F6D
          SHA-512:45873F9A1199AF003DC17623411AD8F99EAA11A885398555CC3CAFFE8E779514FB062751477AD8E08E062F50B178F4F4D740DFF5DC3F7D74965CFC98DA104803
          Malicious:false
          Reputation:unknown
          URL:https://static.echocdn.com/signcommon/signcommon.js
          Preview:(()=>{var eqr=Object.create;var Ag=Object.defineProperty;var tqr=Object.getOwnPropertyDescriptor;var rqr=Object.getOwnPropertyNames;var nqr=Object.getPrototypeOf,oqr=Object.prototype.hasOwnProperty;var Az=e=>Ag(e,"__esModule",{value:!0});var Dt=(e,t)=>()=>(e&&(t=e(e=0)),t);var S=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),Nt=(e,t)=>{Az(e);for(var r in t)Ag(e,r,{get:t[r],enumerable:!0})},aqr=(e,t,r)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of rqr(t))!oqr.call(e,n)&&n!=="default"&&Ag(e,n,{get:()=>t[n],enumerable:!(r=tqr(t,n))||r.enumerable});return e},M=e=>aqr(Az(Ag(e!=null?eqr(nqr(e)):{},"default",e&&e.__esModule&&"default"in e?{get:()=>e.default,enumerable:!0}:{value:e,enumerable:!0})),e);var vx=S((dxn,kz)=>{"use strict";var Iz=Object.getOwnPropertySymbols,iqr=Object.prototype.hasOwnProperty,sqr=Object.prototype.propertyIsEnumerable;function uqr(e){if(e==null)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}func
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Web Open Font Format (Version 2), CFF, length 76192, version 1.0
          Category:downloaded
          Size (bytes):76192
          Entropy (8bit):7.9952986160589
          Encrypted:true
          SSDEEP:
          MD5:5E2B6B929731220DCCC6611B09AEAAA0
          SHA1:E4617F05C214284A2A72EDCF8BFDA65111855762
          SHA-256:A179E211902BD59370DF757DD623155D7B3B5A18B1A45373205D541128D05766
          SHA-512:0A7D381F9AA21C8BF7A998F83FB3D1BE8E7038D0CD3A5C82100F9715A4E5230F9A0210D290B11639B4B6E40B59EC861394701799B9292ADAC7BBD4C013859400
          Malicious:false
          Reputation:unknown
          URL:https://use.typekit.net/af/40207f/0000000000000000000176ff/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n3&v=3
          Preview:wOF2OTTO..)...........)A.........................F...8?DYNA.i?GDYN.....$.`..0...6.$..<....7. [.....`H.:...[..f$i....9i...........'..N...........O...../....o.........._.....?.........u....i...V..J.3>q.# ...6U...^8.m.&O..y\..+.JNY..0/:...f.+."......8[......X.q.E8.Q.;B8u.....:!.....W[' .....3[...B.+.......y....vv....bA.[. A%.!Dow.V.O.... I....bBM..M...o........5"..(.mRNR.Q..,.Y.5.....).'&.u..l....d..66..x.WG.../|....tP..(.9Y....)...]1Z8.^....'.>...D^/.......H.<.&1.....r=....s..u/T..f).A..w.D.q0T.d....{T.Y....Z......x......c.+./k.Rm..Uk.C;...%Vv....Q...%..u.[%`G.[...y/..#..?4......}.n....K..@K..U..$...jB.y.$....O[..*...w....n......x...&....u...d....'..<.V.L.....-...".E.&.D.i.;Z....n.$.E.h.(fED....7.).. ..{.?;_.......".8-..p.l.I)..D!..X......^..}ua.T...5.T..b...w..H.\...?.~.In........G....UR.*.@.@..~s_*.E..iW.*..{..........\kw....(#.I.>.T........S.v..|.Tb.+l]]..S...|\.#..]+..,.L^......49.Y@.jIh.u.........X. ...#...<....Qa.Lp.3..=.L...r.`F.61`.....= ^.uO
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (5632)
          Category:downloaded
          Size (bytes):5633
          Entropy (8bit):5.321851327578031
          Encrypted:false
          SSDEEP:
          MD5:47ABD389245817A0D1CCCDFD635987DA
          SHA1:66B03EEDC907A2FE86222E8350CF32AF0B236F0D
          SHA-256:44A61F3D32524D8EA20D06249621C69673F76FBD13D6201F6F4A107923FDE580
          SHA-512:800F125614E63EFA04A0421B4FE161B4B998B7A2563A192C9578D7E6EB7F21C3FDAA97EBB18D5DF65529820CD1126637CE7D4179146D99D5DC2AAF19EE942035
          Malicious:false
          Reputation:unknown
          URL:https://secure.na1.echocdn.com/resource/1730650309/bundles/toast-message.css
          Preview:#toast-container{display:flex;position:fixed;right:0;z-index:100050;-ms-flex-direction:column;flex-direction:column;-ms-flex-align:center;align-items:flex-end;}#toast-main-view{display:none;-webkit-animation:fadein 0.3s, fadeout 1s 6.5s;animation:fadein 0.5s, fadeout 1s 6.5s;}.toast{box-sizing:border-box;line-height:1.5;display:inline-flex;-ms-flex-direction:row;flex-direction:row;-ms-flex-align:stretch;align-items:stretch;border-radius:4px;padding:8px 8px 8px 16px;font-size:14px;font-weight:700;-webkit-font-smoothing:antialiased;margin:8px;}.toast--success{background-color:rgb(18, 128, 92);color:rgb(18, 128, 92);}.toast--error{background-color:rgb(232, 9, 28);color:rgb(232, 9, 28);}.toast--info{background-color:rgb(9, 90, 186);color:rgb(9, 90, 186);max-width:415px;}.toast--top-right{right:0;}.toast--top-middle{right:40% !important;top:66px;}.toast--button-secondary{border-color:white !important;}.toast--button-primary{}.toast--button-secondary-center{border-color:white !important;floa
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Web Open Font Format (Version 2), CFF, length 78776, version 1.0
          Category:downloaded
          Size (bytes):78776
          Entropy (8bit):7.994603287986491
          Encrypted:true
          SSDEEP:
          MD5:36B7B4783FBFFC90DAE3BC9BE4230A83
          SHA1:9A37A79F00D0A5E5067E413952F8623502FA336A
          SHA-256:CF52BD4DA3F55F5B305E6E31FF686047C5BE1EDCDF97E0FEB772ACB36F232937
          SHA-512:4A0F865ED9072E3E4F8124B853A3BB8F5E2C6D74C504CE2C19D082303EB61849E870BB7330DCA9C5085E25FC7739F420CC74EAAFBD9379DA7748A283AFC53647
          Malicious:false
          Reputation:unknown
          URL:https://use.typekit.net/af/eaf09c/000000000000000000017703/27/l?primer=fff1a989570eb474b8c22c57cc7199e63bfc7e911b750165d0199218f0b7e7cc&fvd=n7&v=3
          Preview:wOF2OTTO..3........X..3[.........................F...R?DYNA.i?GDYN.....z.`..0...6.$..<...... [[...50...6......,$i....5..@UUUUUMK.8.m{U.....'?..~.?...._.....?.........u....i.........LJ.L...6U...^..m..5 ...\.._..U.*............5.ce.)..Re..6XbU...@{......m*....2'....>.Z.y<.......5.&..K.4........".b.a.6.n........l..$<...................y-..j.6....F..I.nBlz...R.-..VI.......O.$...I... x....>$.W.......I..\.n|....]K.g..;vD..*(Iv.m.;.X@.+*........,m..q..<...#....r}.K.y..p..n.....b.@.......,........q,...%.J[T..son..<..?.23\&6...N.jT.R3j.u.%...(..R.+..}K.........'$......&..<..8]v...]..$....Q.". 6..K*3...6d...d......;..)[H. ;}3.*....,.I.....!...^5...&S........:.5..d..F...Z.S[..!!....C..B......... ...S.....k.J...:x. ...?...s......P..N...G.w?:c...[.o.T.YZ**.W5./&...._.>...T..5..7..I..!...O...m...3.7j.Y.. ......L..C.W..U..4.V.5....!..L"...^.V..x..fC..n.!. ..$d3 ."..T......:..C.....X......j.+4@..P..5...S.I..v..8.s...q...)...jpMcls,x.:.}.]z.
          File type:CDFV2 Microsoft Outlook Message
          Entropy (8bit):4.318207191137009
          TrID:
          • Outlook Message (71009/1) 58.92%
          • Outlook Form Template (41509/1) 34.44%
          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
          File name:FW_ _EXTERNAL_ Important Reminder____Contract Agreement Pending disclosure 2330385.msg
          File size:105'472 bytes
          MD5:56d3b3629b4832359e037343db7c16a7
          SHA1:bc68b67bc3ab343c2d60a69144b8574cc1ba5a2b
          SHA256:33dcf5a38c54b95371819e309ed4d2e996b982c707c1b90fb3c494810c01f848
          SHA512:0becb662e562b36b4f50e5a1adeb4767da90c06701f0bebaea2aeaa11b2ed438356babffa06e75434e6df3ed6f3d88cd489a616c4cd2c4f2b0041bcdfcabbb2e
          SSDEEP:1536:U1WUXWbW8WTXZWIHZarcWBWVXcMXzrfMo:U1WUVXvHzXJj
          TLSH:4FA3132436E94619F277DF728AF380979526FC92ED149A4F3195330E0672A41A863F3F
          File Content Preview:........................>......................................................................................................................................................................................................................................
          Subject:FW: [EXTERNAL] Important Reminder:___Contract Agreement Pending disclosure 2330385
          From:Yasin Yahye <yyahye@olgoonik.com>
          To:Jimmy Perez <jperez@olgoonik.com>
          Cc:
          BCC:
          Date:Wed, 19 Mar 2025 14:15:53 +0100
          Communications:
          • Regards, Yasin Y. IT Support Technician / ISSO Olgoonik Development Email: yyahye@olgoonik.com <mailto:yyahye@olgoonik.com> Cell Phone: 571-268-7040
          • From: Anne Yanez <ayanez@olgoonik.com> Sent: Wednesday, March 19, 2025 9:10 AM To: Yasin Yahye <yyahye@olgoonik.com> Subject: FW: [EXTERNAL] Important Reminder:___Contract Agreement Pending disclosure 2330385 Hi Yasin, GM! Is this spam? I googled this guy and he has a profile on linkedin however Ive never heard of this person or his company before today. TY! Anne Kind regards, Anne H. Yanez | Program Management Specialist DoS DS/DO/ICI/CCV GV&L Program 2677 Prosperity Ave, Suite 650, Fairfax, VA 22031 Olgoonik Innovations, LLC. | ayanez@olgoonik.com <mailto:ayanez@olgoonik.com> (C) +1.571.276.4718
          • From: Steve Bass <sbass@itresults.com <mailto:sbass@itresults.com> > Sent: Tuesday, March 18, 2025 11:59 AM To: Anne Yanez <ayanez@olgoonik.com <mailto:ayanez@olgoonik.com> > Subject: [EXTERNAL] Important Reminder:___Contract Agreement Pending disclosure 2330385 <https://hughes.na1.adobesign.com/images/emailNextGen/checkmarkCircle@2x.png> Attached is the final agreement for your reference. Worldwide Government Contracting and Commercial Services Co. Added you on Tuesday, March 18, 2025 Worldwide Government Contracting and Commercial Services Co. Contract agreement - execution Open agreement <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhughes.na1.adobesign.com%2Fpublic%2FviewAgreement%3Ftsid%3DCBFCIBAACBSCTBABDUAAABACAABAAKDp200Gp3NXQX63PgZK6x0gyb7vhipc_T7OGd4psoq8FGPBn45I5ANAoDkcCgCbNDNQxkYjK7JUOCze4FtNsdUkiBfQ5Jy6OtYZd9Zh2wL9yerblPQtcVEj4aKCUq65L%26&data=05%7C02%7Cjperez%40olgoonik.com%7Ce7f909c527ef4ce4f7a708dd66e83d10%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638779869828653911%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=mWcv3IuKcU%2Fx3Nm6%2BHKEwDITkRU2MB6tleU2hYZx%2B7M%3D&reserved=0> ________________________________ Attached is the final Contract agreement to: * a****z@olgoonik.com <mailto:a****z@olgoonik.com> * Ayanez Read it with Acrobat Reader. You can also open it online to review its activity history. To ensure that you continue receiving our emails, please add adobesign@adobesign.com <mailto:adobesign@adobesign.com> to your address book or safe list. 2024 Adobe. All rights reserved. <https://hughes.na1.adobesign.com/track/CBFCIBAACBSCTBABDUAAABACAABAAq0woS1dsVnGoxZ-ebC7e2aH3ZfYL4cd0Gk094HKb7JI2N9hHuUcLhRteHc_ObxtdhvDtTaxZ8Z4UE3Iam5DTPljwLzKX1n_-MIMLREnUeRk*/blank.gif>
          Attachments:
          • image001.jpg
          Key Value
          Receivedfrom CY4PR08MB3608.namprd08.prod.outlook.com
          1316:20 +0000
          Authentication-Resultsdkim=none (message not signed)
          by SA2PR08MB6459.namprd08.prod.outlook.com (260310b6:806:f8::21) with
          2025 1316:20 +0000
          ([fe80:171a:8caf:e90:975e%3]) with mapi id 15.20.8534.034; Wed, 19 Mar 2025
          Content-Typeapplication/ms-tnef; name="winmail.dat"
          Content-Transfer-Encodingbinary
          FromYasin Yahye <yyahye@olgoonik.com>
          ToJimmy Perez <jperez@olgoonik.com>
          SubjectFW: [EXTERNAL] Important Reminder:___Contract Agreement Pending
          Thread-Topic[EXTERNAL] Important Reminder:___Contract Agreement Pending
          Thread-IndexAQHbmB6wSnYGsPswb0CowdOxwDr2u7N6b+/AgAABAwA=
          DateWed, 19 Mar 2025 13:15:53 +0000
          Deferred-DeliveryWed, 19 Mar 2025 13:15:43 +0000
          Message-ID<CY4PR08MB36087C1FFCE689959B5A27EBA8D92@CY4PR08MB3608.namprd08.prod.outlook.com>
          References<a10c9f93ac4d42069f9ddea2bcf7d31f@itresults.com>
          In-Reply-To<BL3PR08MB726866EC18523ED4FAF17706B5D92@BL3PR08MB7268.namprd08.prod.outlook.com>
          Accept-Languageen-US
          Content-Languageen-US
          X-MS-Has-Attachyes
          X-MS-Exchange-Organization-SCL1
          X-MS-TNEF-Correlator<CY4PR08MB36087C1FFCE689959B5A27EBA8D92@CY4PR08MB3608.namprd08.prod.outlook.com>
          msip_labelsMSIP_Label_565a2f1f-4a7b-439b-8345-96aa30bffd4a_ActionId=1936f880-3786-4068-89b1-0323442202bc;MSIP_Label_565a2f1f-4a7b-439b-8345-96aa30bffd4a_ContentBits=0;MSIP_Label_565a2f1f-4a7b-439b-8345-96aa30bffd4a_Enabled=true;MSIP_Label_565a2f1f-4a7b-439b-8345-96aa30bffd4a_Method=Standard;MSIP_Label_565a2f1f-4a7b-439b-8345-96aa30bffd4a_Name=defa4170-0d19-0005-0004-bc88714345d2;MSIP_Label_565a2f1f-4a7b-439b-8345-96aa30bffd4a_SetDate=2025-03-19T13:09:03Z;MSIP_Label_565a2f1f-4a7b-439b-8345-96aa30bffd4a_SiteId=341c5aad-39be-47a3-901e-146d297ecd80;MSIP_Label_565a2f1f-4a7b-439b-8345-96aa30bffd4a_Tag=10,
          MIME-Version1.0
          X-MS-Exchange-Organization-MessageDirectionalityOriginating
          X-MS-Exchange-Organization-AuthSourceCY4PR08MB3608.namprd08.prod.outlook.com
          X-MS-Exchange-Organization-AuthAsInternal
          X-MS-Exchange-Organization-AuthMechanism04
          X-MS-Exchange-Organization-Network-Message-Ide7f909c5-27ef-4ce4-f7a7-08dd66e83d10
          X-MS-PublicTrafficTypeEmail
          X-MS-TrafficTypeDiagnosticCY4PR08MB3608:EE_|SA2PR08MB6459:EE_|BY5PR08MB6198:EE_
          Return-Pathyyahye@olgoonik.com
          X-MS-Exchange-Organization-ExpirationStartTime19 Mar 2025 13:16:20.3019
          X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
          X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
          X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
          X-MS-Office365-Filtering-Correlation-Ide7f909c5-27ef-4ce4-f7a7-08dd66e83d10
          X-MS-Exchange-AtpMessagePropertiesSA|SL
          X-MS-Exchange-Organization-BypassCluttertrue
          X-Microsoft-AntispamBCL:0;ARA:13230040|39142699007|31052699007|69100299015|366016|8096899003|41050700001;
          X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR08MB3608.namprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(39142699007)(31052699007)(69100299015)(366016)(8096899003)(41050700001);DIR:INT;
          X-MS-Exchange-CrossTenant-OriginalArrivalTime19 Mar 2025 13:16:19.8195
          X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
          X-MS-Exchange-CrossTenant-Id341c5aad-39be-47a3-901e-146d297ecd80
          X-MS-Exchange-CrossTenant-AuthSourceCY4PR08MB3608.namprd08.prod.outlook.com
          X-MS-Exchange-CrossTenant-AuthAsInternal
          X-MS-Exchange-CrossTenant-Network-Message-Ide7f909c5-27ef-4ce4-f7a7-08dd66e83d10
          X-MS-Exchange-CrossTenant-MailboxTypeHOSTED
          X-MS-Exchange-CrossTenant-UserPrincipalNamey6WRUmmpLst+BXEM0XXU+WLKqYh56UKaKqwVVHdHFq70tEL1QEAfAMzQRTEjH6Ch1mocX7fG3GRUjSHJqLZ3OA==
          X-MS-Exchange-Transport-CrossTenantHeadersStampedSA2PR08MB6459
          X-MS-Exchange-Transport-EndToEndLatency00:00:02.7745952
          X-MS-Exchange-Processed-By-BccFoldering15.20.8534.033
          X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(920097)(425001)(930097)(140003)(1420198);
          X-Microsoft-Antispam-Message-InfohEEO3U6Nb2df19OhdjHiOUhDMYVJ30WCH2OqzkEG2dI7vD3DRinLbqOnAvAPglEHfhd1xmJCNU89WPBHD1UWUisOoekz7PBcLRrfsvc1BIwRkEuQCAF4xQApbafB2en/oubkoj30pPUSoFqa3mV/mW7NjZNpnYN224z8UWYz66L7stDNP3OEio0R+VL0P3aIpNcmI0OHAxVR6BuI+u948FuLQcEbsUnUboIMzXcBysaD9TkPwIAp+hC6wS+sSDVxGMK1FggFiCrfKGeqEmXd+PZlvJwCUxncOi6QAYVBy/KQcg+5vLEJK5jWUPJ/4H01nTLVEjn+iQphIlSGXKU8iBXSfRiT39bdTY1gr6gVowXp2DnRBks97iyO+Z8HI0BoCJdL+XMUuta0+U4BITPcK2vLylgmW/bu8LO4kEFyEXzdFHiIWZWRkmdTf8pPmqBBLXREXoWqHVui9Wq4QVjEE0aIueqsPTaYpezejy50FVAi+0cwNpewy5zbQx3zsP5uvRqgYwWncO6G69LiGoJYHvxQOTUHjsFOB+W6Tq30zJgQYRn0KufVmI/3b0YdNQyDV4mgfw+oisrhRuZwVgw0NdzYbJR2FCRPkS3DGY7LM80pwYN12twU2k1Q43xB7hevG/yDe0pz8PI1wrNwCcJD+gYUAn75b8SVJWb6NzDkid0ABeNGZ3JVR8kiGguhC8r5Lj8y0o5ZS4no42/Xdu57LKf/c509vfgtkuAol4jVHcFlunbpgr7xx7rDkcBVDwoRG/AAbnrkgRWcxqemPEwWCqII1BJ2UbUaj4ASG0GYqM8=
          dateWed, 19 Mar 2025 14:15:53 +0100

          Icon Hash:c4e1928eacb280a2