Edit tour

Windows Analysis Report
original (1).eml

Overview

General Information

Sample name:original (1).eml
Analysis ID:1643524
MD5:541ed79c814f85be6e73410555ad713a
SHA1:ba59cf8cb618dca6669f3ee65138aafa4d78b634
SHA256:a6a53fbf8cde5576eaa44aa8b66f6ddc4d16e3f3e12dcf3d6bb5f871a1cfe3a0
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
Creates files inside the system directory
Deletes files inside the Windows folder
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6284 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\original (1).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 2196 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "39701953-8BC2-4B47-B38D-A434257EFD9D" "6709E829-DD94-433C-8DBF-1DAA5C960244" "6284" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 7128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://email.mg.dior.com.sg/c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYX MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 6192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,6093360150381680439,12896956480497846066,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2052 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6284, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: EmailJoe Sandbox AI: Email contains prominent button: 'view my timesheet'
Source: EmailJoe Sandbox AI: Detected potential phishing email: Multiple suspicious redirect links through 'mg.dior.com.sg' domain which is not related to the claimed timesheet service. Urgency creation with expiring file download and timesheet action required. Mixing of multiple services (WeTransfer, timesheet system) in an unusual way with suspicious formatting
Source: EmailClassification: Payroll Fraud
Source: https://email.mg.dior.com.sg/c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYXHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 34.110.180.34:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.110.180.34:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 38MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknownTCP traffic detected without corresponding DNS query: 167.89.123.204
Source: unknownTCP traffic detected without corresponding DNS query: 167.89.123.204
Source: unknownTCP traffic detected without corresponding DNS query: 167.89.123.204
Source: unknownTCP traffic detected without corresponding DNS query: 167.89.123.204
Source: unknownTCP traffic detected without corresponding DNS query: 167.89.123.204
Source: unknownTCP traffic detected without corresponding DNS query: 167.89.123.204
Source: unknownTCP traffic detected without corresponding DNS query: 167.89.123.204
Source: unknownTCP traffic detected without corresponding DNS query: 167.89.123.204
Source: global trafficHTTP traffic detected: GET /c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYX HTTP/1.1Host: email.mg.dior.com.sgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: email.mg.dior.com.sgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://email.mg.dior.com.sg/c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYXAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYX HTTP/1.1Host: email.mg.dior.com.sgConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYX HTTP/1.1Host: email.mg.dior.com.sgConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: email.mg.dior.com.sg
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 19Content-Type: text/plain; charset=utf-8Date: Wed, 19 Mar 2025 21:35:44 GMTX-Content-Type-Options: nosniffConnection: close
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 34.110.180.34:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.110.180.34:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.251.40.132:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7128_2113079067
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir7128_2113079067
Source: classification engineClassification label: mal48.winEML@23/1@8/106
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250319T1735270947-6284.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\original (1).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "39701953-8BC2-4B47-B38D-A434257EFD9D" "6709E829-DD94-433C-8DBF-1DAA5C960244" "6284" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://email.mg.dior.com.sg/c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYX
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,6093360150381680439,12896956480497846066,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2052 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "39701953-8BC2-4B47-B38D-A434257EFD9D" "6709E829-DD94-433C-8DBF-1DAA5C960244" "6284" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://email.mg.dior.com.sg/c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYX
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,6093360150381680439,12896956480497846066,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2052 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions
1
Process Injection
11
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading
1
DLL Side-Loading
1
Modify Registry
LSASS Memory13
System Information Discovery
Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Process Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://email.mg.dior.com.sg/favicon.ico0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.251.40.132
truefalse
    high
    s-0005.dual-s-msedge.net
    52.123.129.14
    truefalse
      high
      mailgun.org
      34.110.180.34
      truefalse
        high
        email.mg.dior.com.sg
        unknown
        unknownfalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://email.mg.dior.com.sg/c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYXfalse
            unknown
            https://email.mg.dior.com.sg/favicon.icofalse
            • Avira URL Cloud: safe
            unknown
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            142.250.80.35
            unknownUnited States
            15169GOOGLEUSfalse
            34.110.180.34
            mailgun.orgUnited States
            15169GOOGLEUSfalse
            1.1.1.1
            unknownAustralia
            13335CLOUDFLARENETUSfalse
            23.204.23.20
            unknownUnited States
            16625AKAMAI-ASUSfalse
            52.182.143.214
            unknownUnited States
            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            52.123.129.14
            s-0005.dual-s-msedge.netUnited States
            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
            142.250.64.99
            unknownUnited States
            15169GOOGLEUSfalse
            142.251.40.132
            www.google.comUnited States
            15169GOOGLEUSfalse
            142.251.32.110
            unknownUnited States
            15169GOOGLEUSfalse
            23.206.121.14
            unknownUnited States
            33490COMCAST-33490USfalse
            142.250.72.110
            unknownUnited States
            15169GOOGLEUSfalse
            142.250.176.195
            unknownUnited States
            15169GOOGLEUSfalse
            142.250.31.84
            unknownUnited States
            15169GOOGLEUSfalse
            IP
            192.168.2.16
            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1643524
            Start date and time:2025-03-19 22:34:56 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:17
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • EGA enabled
            Analysis Mode:stream
            Analysis stop reason:Timeout
            Sample name:original (1).eml
            Detection:MAL
            Classification:mal48.winEML@23/1@8/106
            Cookbook Comments:
            • Found application associated with file extension: .eml
            • Exclude process from analysis (whitelisted): svchost.exe
            • Excluded IPs from analysis (whitelisted): 23.204.23.20, 23.206.121.14, 23.206.121.15, 52.123.129.14, 40.126.24.84
            • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, dual-s-0005-office.config.skype.com, fs.microsoft.com, login.live.com, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, omex.cdn.office.net.akamaized.net, a1864.dscd.akamai.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtOpenFile calls found.
            • Report size getting too big, too many NtQueryAttributesFile calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.
            • VT rate limit hit for: https://email.mg.dior.com.sg/favicon.ico
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text
            Category:downloaded
            Size (bytes):19
            Entropy (8bit):3.6818808028034042
            Encrypted:false
            SSDEEP:
            MD5:595E88012A6521AAE3E12CBEBE76EB9E
            SHA1:DA3968197E7BF67AA45A77515B52BA2710C5FC34
            SHA-256:B16E15764B8BC06C5C3F9F19BC8B99FA48E7894AA5A6CCDAD65DA49BBF564793
            SHA-512:FD13C580D15CC5E8B87D97EAD633209930E00E85C113C776088E246B47F140EFE99BDF6AB02070677445DB65410F7E62EC23C71182F9F78E9D0E1B9F7FDA0DC3
            Malicious:false
            Reputation:unknown
            URL:https://email.mg.dior.com.sg/favicon.ico
            Preview:404 page not found.
            File type:SMTP mail, ASCII text, with very long lines (443), with CRLF line terminators
            Entropy (8bit):5.89996057584703
            TrID:
            • E-Mail message (Var. 1) (20512/2) 100.00%
            File name:original (1).eml
            File size:137'522 bytes
            MD5:541ed79c814f85be6e73410555ad713a
            SHA1:ba59cf8cb618dca6669f3ee65138aafa4d78b634
            SHA256:a6a53fbf8cde5576eaa44aa8b66f6ddc4d16e3f3e12dcf3d6bb5f871a1cfe3a0
            SHA512:849c2ae16be39935702781d98bee147569d8e3496794eb090e8d610798cdc2534d205b7caf3014b17c1d15b47a8cdaac4f95de03b27ec68d22fdc073d25b7548
            SSDEEP:1536:4B8jL+oLGFCFNaZEinRqlY6606I431D6G25vxCOa0i7qUB55ZBZmZ:4B8xGFCFNa0G6606Ixl4OniHBZI
            TLSH:1AD37D9602422375D9D4FE08642F5AB732EC75CF08F0508E0F3D6B6AE464AFC5DE6689
            File Content Preview:Return-Path: <teaipo@us.tel.com>..Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01on2071.outbound.protection.outlook.com [40.107.255.71]).. by inbound-smtp.us-east-1.amazonaws.com with SMTP id kc47mtuv6jtkupfovbbavinio0gohbcc62l
            Subject:[Phish Alert]Timesheet Notification: Action Required
            From:teaipo@us.tel.com
            To:telgreport.phishing@tel.com, db882d80-4f03-4511-be8c-78fdfd0ad442@phisher.knowbe4.com
            Cc:
            BCC:
            Date:Tue, 18 Mar 2025 20:20:55 +0000
            Communications:
            • belt@mg.dior.com.sg <https://aka.ms/LearnAboutSenderIdentification> Your Timesheet is Ready Hi teaipo, Your most recent timesheet is available for review. Click the button below to access it. View My Timesheet <http://email.mg.dior.com.sg/c/eJwUy7GOwyAMANCvgRHZBgwZGG7JfwB2WnSpiFruvr_K_PSkMPRWo9WCKZAn9oD2WSJ1ATkyaBLagHL1wWMTQDwOYLGjEFAEjxk3jwFdb8A-AeeNVAJXE-D1cDLm2_X5cp-HPctzrcv4H0O7ob1ySx2bRq2cWbhDh6hbTK6ev2ONa97R0G7fZWkd1zQB_j5u6XmD_S_0DQAA__8EWDYX> If the button above does not work, you can access your timesheet using this link: <http://email.mg.dior.com.sg/c/eJwUyl0OgyAMAODTwCPpD1R56GFqQWeiYVG38y97_5oK-GIldsUpE5MwYHwpmpeavfoKjbuxmWDxsjKvjCwSdyWgAowzVsaMyRcQnkDmSr1lsZDh3FLbx5V8nOne4qGBKBDFS59u-3uEDJ87Pf34i_hV-gUAAP__bnUnEA> Already have an account? Sign in here: Sign in to Your Account<http://email.mg.dior.com.sg/c/eJwUzDFuxCAQQNHTQIlgBgMuKCJFvkY0BmKj2GYDs4k2p4_c_Orr5eh0WmmSJRpvAcGhNnKPED69zcbP6KfiQw4uF7dqcN5iJgJZI2iYNJpgZjTWqLRqh167MEPJ1pGw-txUrq2r1E41NnnEnfkxBL4JWAQs38-avkbddlb0OxSd9NeuexawjOsOU2eBS669JG799UFHpSHwPY2TLjpeXNOQPXKh-mjC6udQXI7bkD8R_gMAAP__FwpEMw> Want to explore more? Learn More<http://email.mg.dior.com.sg/c/eJwUy0GShCAMAMDXwJEKIQQ55LAX_4HAKrVauoIz35-aB3QRhrwkr6vYQOiQHVi9SSRgolLC4nmqCSo7gJLJBw7xN2bdBAE9ODvZ6CxZkxdgF4CniLUQJ0VwrKa08zb5PExf9S7bGFdX7kfhrHD-f1r-623dhknvrnDWt4ya2nUqgqebUfcv1S_BTwAAAP__miov4Q> 2025, Your Company Name. All rights reserved. [Click 'Download images' to view images] <http://email.mg.dior.com.sg/c/eJxszcFuhCAQxvGngaOBGWT1wKGJ9djDZu9mlMElFTWA7es32_TY6-_7kr93Vi0ztZKdvhlAsKi0fLrgvUeaae57E2xr2q4DQ4GUpdAxsIwOFLQKdad71EY3y6ws3pTtemBvLAmj0tr4eORmOVJTVrm5Z61nEfgmYBQwfnPNtJfAv4-X4Vjzp8Dhcf-YHu_3SRkB9qppWiidFNf9vy2xj1cSOHCiuP1hOa68sMCh8O7XHL3MrjLF8xBGXaWpvL2i8svBTwAAAP__HW5Pww> Do you still need Hampton Inn Buckeye.pdf? Heads up, this transfer will expire on 3 March, 2025. When this happens, these files will be removed from our servers. If you want to save this transfer, you can change the expiration date in your transfer details. Set new expiration date <http://email.mg.dior.com.sg/c/eJxszj1vszAQB_BPc4zIvjsbM3h4pDyMHaLskcEHsRoDwqb9-lWjduv4fxl-0Vs1jcE04nXHSGhJ6ebhyTonE45BEROSzMbo0LPtnYkao2qSR4VGkXa6J826nUZlqVPW9SiRbQBWeWlj2o522nJblubpH7XuBegf4AA4fEo9wlpmeT0Ah99YAIciawUcwqw6F0Y7a-wMo7McyZClYBwxO_dCIDptTE8MNNTjHehyu77db_-vd8WA9qz5PoW8h7Ssf21ZYjoz0EVySM-fsmznMQnQpcgalyPF5vBVQto3YHWWtsrzW918ePwKAAD__2-wX-I> Download link https://we.tl/t-iPepE24LCu <http://email.mg.dior.com.sg/c/eJxUjsFq6zAQAL9mdXtC2t3I8UGHRx2fSikhdyNLW0fUio0tt79fAr30OsPAJO9MHMNJibcNI6EjY9XdB4yBQ_yIiIkbbm2b7GhJRj4liwZV9mjwZMiebUuWrY6jcdQYd25RErsAbMqkU142HZei90nN_l7rugP9B-wB-2_RdQbs67_8LusF-fXlAOqPWoYYyhry9ADqbte34Xa5DoYB3dPty7FFAep2eaRpy-mXF0n5KECdlJBnQFe3zz-92nyVkNcF2By7rjI_z9SXx58AAAD__1QCTyk> 1 item Hampton Inn Buckeye.pdf 167 MB To make sure our emails arrive, please add noreply@wetransfer.com<mailto:noreply@wetransfer.com> to your contacts<http://email.mg.dior.com.sg/c/eJxUjjGL4zAQhX_NuDszGilyVKg4yLm8IqQPY2niiFh2kORd2F-_GLbZ7vHe--CL3mKY-NSJV4MhTVaj6p6e3VkMqcfJDsMD2QUOEypkZxTyZKlLnpBOqNVZOa2M6sOEVg9oz44kGstgMM99TFvpw5b7OneLf7b2rqD_Ao1A46e0wmt9SOm_ZI1SX8cTaHwGoFHWP3sFGrm0FBY5IqFx6Aw50OPe8j1wfnOaV9CX2_X__fbvekcDZI-tbnsJAvpSZY1zSfGnzxLTnkFfJHNagGwrr198V3wTTu8NDO61b7IcVt2Hp-8AAAD__x53W8Q>. About WeTransfer<http://email.mg.dior.com.sg/c/eJxsjbFurDAQAL_GLpG9awwuXDyJR5nidD1a8MJZwYBsk_x-lChl2pmRJnirlplayV53BhAsKi1fvg3Yud7S2mGnHDO0rjd9GyisQTlaZfSgoFWoe-1QG90ss7LYKds74GAsCaPS1oR45mY5U1M2uftXrVcR-E_AKGD85JrpKCv_FAJGms-7Chxrfhc4PB9v0_P_Y1JGgL1rmhZKF8Xt-MslDvFOAgdOFPdfWM47LyxwKHyELccgs69M8TqFUXdpKu_fZ_nh4SsAAP__RG1RNQ> Help<http://email.mg.dior.com.sg/c/eJxUjTFvwyAQRn_NeSuCOwL2wFAp9dghyh5hODsowY4At1J_fWWpS9fve08vOiPD5E8dO2U1EhqSqru7aAc79CainZDVPNmZKE4yeBW97O3cJYcST5JUrwZSWokwSUNWmn5Ajtp40DIvIqatiLBlUZfu6e6tvSrQO-AIOH5zK36tMxfxw2vk-jhIwPEeAEde3_YKNO4t34LPL5-WFeh8vXzerh-Xm9SA5vjqtpfAQOfKa1xKin975pj2DHTm7NMT0LTy-Od3xTX26bWBlnsVjZ9Hvvty-BsAAP__IVNV1A> Legal<http://email.mg.dior.com.sg/c/eJxsjjFv8yAQQH_NMVpwBzgeGD4pn8cOUfboAhcH1cQW4PbvV606dn3vDS8Fr-OdnZJgRouEnrRRzzDRXeNDHicmstFNoyPLxiUdR2eYo8oBNTpN5mQmMtYM8a49jdqfJpRkPYPVZRlS3uoQtzK0Ra3h2fvegP4BzoDzp_TKr_aQnwJwXmXhFXDuUksDmnt9BzpfL2-36__LTVtAf_Ryi1x2zsvrL1ck5aMAnaVwXn9h244aBejc5JWWmpOqoQvnfQOrjzZ0Wb8P1EfArwAAAP__uthTvg> Don't send me these expiry reminders anymore <http://email.mg.dior.com.sg/c/eJxskE1v4jwcxD-NcwP5LSY55PAUnpQgLbsLVdrlguy_neA2diLbKaKffgW97mUOM6OR5qcrgUHJPDMVWXHKqGCYZJdK5R0rihVXHS5LDh3TAlaCGJMbrUFCZiuKaY4ZKUjJCCdLUFiwFRZFSY3mQiKOXb_UdgxLGN0y9tlQXVKaImL_IVojWl9NCtLHzjwaiNbJhMU4pXFOiNUSYJx9OqfbZBDbTGFEVBgn7YDYRmrpAqI5x9KAGQykYEF-fe-IaHvENua268DVk9r-sD99tOq1_QJa-9OxEc3H7klun9YHf2r1s25_HZvYuJbDuhHKt1Gtrxa27a15H-3p7XKVb7uLfh4-1VDeTq9kUu4wwFAS5ffkj9-_gxvs6bgru9-I5mzzkMWi6Lo8x1pyraSkqjCCYs6koNARVpQKoOO6oCWiIoUPxDYvh_355f_DGXNExZzcGaSbpO39vzJntJ3d_egDyrcZxznAnVc0XvfB6ixUyUg7jYjjOS6TGe6Qss-K_g0AAP__9AmiVA>
            Attachments:
            • phish_alert_sp2_2.0.0.0.eml
            Key Value
            Return-Path<teaipo@us.tel.com>
            Receivedfrom TYZPR03MB7668.apcprd03.prod.outlook.com ([fe80::16ae:5f31:5998:ad46]) by TYZPR03MB7668.apcprd03.prod.outlook.com ([fe80::16ae:5f31:5998:ad46%3]) with mapi id 15.20.8534.031; Tue, 18 Mar 2025 20:20:55 +0000
            Received-SPFpass (spfCheck: domain of us.tel.com designates 40.107.255.71 as permitted sender) client-ip=40.107.255.71; envelope-from=teaipo@us.tel.com; helo=APC01-PSA-obe.outbound.protection.outlook.com;
            Authentication-Resultsamazonses.com; spf=pass (spfCheck: domain of us.tel.com designates 40.107.255.71 as permitted sender) client-ip=40.107.255.71; envelope-from=teaipo@us.tel.com; helo=APC01-PSA-obe.outbound.protection.outlook.com; dkim=pass header.i=@us.tel.com; dmarc=pass header.from=us.tel.com;
            X-SES-RECEIPTAEFBQUFBQUFBQUFFK0JnV0szdVpaam5sYm1PMEF1blplSmQ5M1dQQWVPRnlIWXhtcVN2TGJKVE9VbFcrM0Q0ZUdKUXp4dXJKbEk5VFN4Y3k3cnBRRlRwVHJVUG1rUk42dnU4eFhFQ3VhR3Zoak1jUy9FSG11NUpaTUhZYkRGYnpieGY5WWl3Y1M0elJ2WDFFYmZYSmVQVzlmVFVndlRxSHp0NTV1TWdwc3FLbUNjVzNFeGJGUFJjSDdEbXd4MWlrUnIwN3V0WWF0UGdRZHF5eFpVS2pBYXJGaElJeFJubDNkbVRpYmNvbFJLWVQrV1JuVW5tTGVJazZQeW4wLzlsSDdmQ00xdmowTEEzdTNqMDlwcE9QeWFYZStVaU55aTVLTExISlNSMGZacnpOZlFsRzBHdThTV1E9PQ==
            X-SES-DKIM-SIGNATUREa=rsa-sha256; q=dns/txt; b=V7ZoMOC8bhpd4gtpW1olv7wETipGu0cBy30ByJT7SQhiYySdhK1kUTt4wD34CrnpvbGnNHGYT5MkLKnzCDgdzb5m8et0o5N79mBLRQ+3XucGujWMEnYg0O5bX3027FVYIGwuib8g1HcxkR1CSYBnyEE1QX8N6vY7LaQCVCP6jlc=; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1742329262; v=1; bh=Fe/k3zNlbesSATvzuC2Sm4n5pQuEy/Y2uSgRsU0Mxf8=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT;
            ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=W/fD6QvSGlzPaKR1mkU91UZnvILmGXZfoTBOEB9W3TBg8nG11NeTNxN5/PBZj3yjktR34ITXGkuVdlKgMMGHuAdpKZ6mId5tUYshdLOQ1kpqLnDthJWvUXZeM2uzT9qha7ntQcB8GVnctVmmaJpxw8n0+S+njN8V7Pq9IEnTuFLjIC0OKrGtr3dHTZewuK77aPXJGmFW4lPtSjlftq2945TNmbW6FlcXCr5JSy5LGORSo0v3OeoUsWUn5vSCifQJGbnFEOzwRfTJ64ez/GGY95q4VCB0gG0TcuYRz+eCrD1Q/0TORNimYdINxrVdvQi+KQNPpLbAa2Tw9vch61Zzzg==
            ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3axqCtqanV8sE/evTyircKZt8TMAj/Lqi3fAK6QRxRQ=; b=ZCiu2bLaP1duBmWxwq4s9kkf+YcjkbSw6mfm1ofEIT+ueBHGEFBU9ZJgSPz5EwZA/sCiTabe0AuFNLAAKk75apmTLukEeGUY7vuZqMItT+TYpeJHuV2fRwkoMqm2MICQtAO8Df3wScUDqd6SfpWG2sJvHnZsEpjyfGeDWt9yyZbp+SWbM5S8MV2uZiAPre1dZyhGff5pDAPSuwJR15jLoAs+QygEfRuE1Vny9ZSpVrvNjsYC+2GAamKRFJMqFxSkeKrFuOGfBEyzmeV1VAMofSwx8Wa7tybK5FmqEoEy89JlmUf8JREdt3hkJx3Bjrg8zq5sifAq4oIK5a/8t7iAIQ==
            ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=us.tel.com; dmarc=pass action=none header.from=us.tel.com; dkim=pass header.d=us.tel.com; arc=none
            DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=us.tel.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3axqCtqanV8sE/evTyircKZt8TMAj/Lqi3fAK6QRxRQ=; b=hdnb4rnrASeupJLNOlZ39W6r0oW8tesrSZ+4HhzsGlwpmG12q8rhsazWTuv/S10RqOXsD+dv6Liy3Cdq7PsWycHUlK+EJrfshe0flis//+6GBd83kkV/Anpllo3QkJum0ZayA3onVNm8nA3JqmJGILyHwhQimICZitzg1hOmSaw=
            Fromteaipo@us.tel.com
            Totelgreport.phishing@tel.com, db882d80-4f03-4511-be8c-78fdfd0ad442@phisher.knowbe4.com
            Subject[Phish Alert]Timesheet Notification: Action Required
            Thread-Topic[Phish Alert]Timesheet Notification: Action Required
            Thread-IndexAQHbmENAPFug9cDMt0+YnpQ6rw9jXA==
            DateTue, 18 Mar 2025 20:20:55 +0000
            Message-ID <TYZPR03MB7668B1668379AB63234C26DEE6DE2@TYZPR03MB7668.apcprd03.prod.outlook.com>
            Accept-Languageen-US
            Content-Languageen-US
            X-MS-Has-Attachyes
            X-MS-TNEF-Correlator
            x-logged-in-user-accountleonard.x.harvest@us.tel.com
            authentication-resultsdkim=none (message not signed) header.d=none;dmarc=none action=none header.from=us.tel.com;
            x-ms-publictraffictypeEmail
            x-ms-traffictypediagnosticTYZPR03MB7668:EE_|TYSPR03MB7944:EE_
            x-ms-office365-filtering-correlation-id2641128a-5f02-44a1-c4f1-08dd665a635c
            x-ms-exchange-senderadcheck1
            x-ms-exchange-antispam-relay0
            x-microsoft-antispam BCL:0;ARA:13230040|366016|376014|69100299015|1800799024|8096899003|4053099003|38070700018;
            x-microsoft-antispam-message-info q5Ro/PzqqQ3NlIKGQrGvj4nddhr/de8N8y+hacfvCwyL3GCOy+6lrX/2YR3OLnLT2YpnVCoNnfmhjzE8OhJ2dEgIPiZVZohKFhaZ/9d7Nbagvj9fhWYi+mYGA74bT6+GFloNcjMfVWGZsr+4+TYCQ3iC6+BFpzKq3D+adLTx0xcv6UBgRrOtRSHsmdAmvzvxbQd3QQtcbC4eFb6JEjltyOLrg5eGGxXM4YohleZBJXLjdbf7AgWDzSJ1KiHQ89k64VtaZeo3QB2OCoUX0mJhR2bCOCsQchN/ydeNhlqglwe6EEp6ItMkR4bbeo+F5C0beOFJ7LVDW58Qag+h5yquijbwjXvf9hHKwDIGy/0RSfZWPn9YBGWdeKFHUQaX80EMclszBjmaUxFJFwBG71DXGaaCzj8Cq+ur/QfOBZWugGwqsdS8cnpLkj5SzuSEPacUYeeZPVo9Cv0omJobrjcnMLZIn0q9AE/nzb6bFzMQZ5L243KRSE18xWa9AfQd7FIDe2tyrqkohwZ9GGtAwxx4s8sbr+Y0uHphdheOg+FFhAq9KBVaNEeC3lKk5LZHBAk7rcwK64FRVnA9b5KxhLagXK1IrZe2dqYQCMnps4qTwHIXZ60SPIyPbOXKBbSZkt96BbKKcvODERpWKhHfIQ4UkkYJbuUDIWODG5VtCdFuAYSbHfIdGzmnFP1yoIs2bsz3BzChv2A8YRfBCxLs0R8ThmWZWivEe/g/+gCOVF//3MKbsw9zf7PkigH/B3x659AzN29hy+VMFkxL1OOllwBYIiMzc7PMOsNZQdIkscjeypxOWJXgSSRCAH0X4NZqFzeMr7Kkr9m++kYvx8reae0IR53MCfccywz3TrgOkoV9/FGfGSyZ5ZGHfg8liQVipFRPFZ59r+EbgdsCg7eCu0FWsrsoRsOW9zyxDh4L7Wv8wLxKeP4VqmknRDlEaRd4UetVxaGLpZWlpvtBUN5iouPFS8zyocP2jZJ8VEignYCSOFvA/YA15vh4oYMpprRy4sAG7LC5b4uofYAC/8t9+bk5BLUwOX3K90sHihwazHZvdxmh+pMnoIySM+vPo81FRejyGoyn9My7EvP958f5P4wDw1h+CH55tiIk/incMgj1TSYNqs9IL+pbPqZBOxQtVkOLt/WrZI5AOq9yoO2wMDucXhFiYUbi5mCeZ7q/iB08mBAIpFlKvq0yi3PwaTISSMjC2wkMTdt5pBuVSXvNow/rFw7y0CRVc3sfxFo995OMm7Ryovl6YAMZpKoFSw9I6K9i8rJX4aT139sm5T8HBxHEh+FRjVmgct2NniRWnoxinFNykn5JBGvhagPvxcG8FjOc2rJcUioUD+DoFP64DlGYKA==
            x-forefront-antispam-report CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYZPR03MB7668.apcprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(69100299015)(1800799024)(8096899003)(4053099003)(38070700018);DIR:OUT;SFP:1101;
            x-ms-exchange-antispam-messagedata-chunkcount1
            x-ms-exchange-antispam-messagedata-0 RJUqprzr8+sVmzeAU4aBJ7Nov11L0ohhbOWZNzYw6Cef7AfYRX678e37qPMTGGZCig6ZAairhkmTiUh9AfAFTB+CJ+by7pXV+agzYSTnqbDoe5nRVG56jI2IwoVbK9fDkZP8kCdZ9TCQcvaS7AzrQQn18FnC5o5WXy41bld3UoQfw88lUeWjLDlLGfKOMlSbuIykQjzPAXX8jQ5cMrai46t2sbKOcG+Qc7eLfNJqob7bzmhvNcvAig7qrFW02JEzTogfNtEWL2Nw3pOJyqOsnvwCog16m0zq7gofSM6kGnx8QHN6J+dfPD9aY0h17q8zX9QnccLHgnYK3irt9q2FZFxz1ZLsgWdYjwTOfkWRdfll4GJtfsl8BQWYnXrO+iRfp9Z5uTnDfaekb1bsYeK58FoqFJ4uujd4LbeSlh6kiOwTHsQLKGy/19JyUHdINDgZ3JnQRm/GjNLlNGl5jw67j/gen5QVYEkn7mToZp6gBTB4rjPMLbmuBEp63HiKfXRIIyJ1J+CstzUIG4Dkl4vNHUW+hgq7EJcHb5/szR48cO7AiOUptOJz54P4lAIppxzbgLFEHnkUqX+k03efE6khNLL9e58jaFjTtueNKLPU0TdxblToHUVeaWFPeKLZjNnmOQZHns0NsAlgnQXPtfXgq34PWATFlm7Hzvsyu6MIrSORZCQifPFQbsfTXFEVI/MbfTqHEv1IaaDKgwfqyphxQ5SNDcivsXQOLeZGPK13mFJ9JFCQrwJKXDyr5XdfP7zbJqeA51p+78zy56F4SJxrZrxzNpJHGoWYi9uynInnaxomOnX3gdhjRhoxge+Z+q+OuIx2Xw+96MaqV6WETu0gZMjgSeiUVK13Dz4kWb0U6ovj+7V2DkPBSBQG8DRkqlfbIjyRArpCxNumtz16LqCVBvzsUwnaWCHFrH1/hhbd7MLq299wcIM8zyz1fiWjIG5IjoEm5vwQTE+3vbIpmBObXE/Wd+ycUCwNop+zDuotuZ3WmMfYSBU1jwzfzZ09nFJW04j5iNOUgB+GzxgZPacLVhbBH9CSlA/yVxywX4unxiZ7PlT2bkjdR+agXQ9SN+zKC/uV2aMcK9lFqZx9x+OXyLI9Xus0FEzmecxo4OPWuJfWpPg6L2r4XRAL7HYIg5JYCO4KHD3wAfgpv5u09J/w9W8pKXiG6P9ujESJRIHAGmdeVzXdZfXgPuSl9P3EDzKgs8tqCJ3YTQsJs1zpPjYLOC9yP9rKpFqEc+db5SO0OkA03fY4khJq9JystF/9YvWBiZ5SzvkgsqOn0a3Xic5fKFZPlklWg0aEeGHlthQJEYE4t4FXI9sgHcOI4/A7up+0prLP/HeYTkqRG7qKeE/G1cptXwJsPOdgZCjF8lRs22C5Rn+yYAkDt5iDdVZwgoJ5kkFya9d+LaJNp7UlEgtImCAvSOBCNOYPOn8FtxwohfCR5Xr/xYnIv6McDdsZ7ek+F1+1guvC8tUxMKiuwCEBYaGv42BAM8hCisozvFEd80nSiaUddPbF0pi0y9sKzaHUV2Tr7IvNlFW0zn1b3s1i8uvm1IIwDPLnOXUNDFDJ7q4=
            Content-Typemultipart/mixed; boundary="_004_TYZPR03MB7668B1668379AB63234C26DEE6DE2TYZPR03MB7668apcp_"
            MIME-Version1.0
            X-OriginatorOrgus.tel.com
            X-MS-Exchange-CrossTenant-AuthAsInternal
            X-MS-Exchange-CrossTenant-AuthSourceTYZPR03MB7668.apcprd03.prod.outlook.com
            X-MS-Exchange-CrossTenant-Network-Message-Id2641128a-5f02-44a1-c4f1-08dd665a635c
            X-MS-Exchange-CrossTenant-originalarrivaltime18 Mar 2025 20:20:55.6367 (UTC)
            X-MS-Exchange-CrossTenant-fromentityheaderHosted
            X-MS-Exchange-CrossTenant-id8c433003-a081-4dfb-a631-100526250b1a
            X-MS-Exchange-CrossTenant-mailboxtypeHOSTED
            X-MS-Exchange-CrossTenant-userprincipalname4A7Tt4tRAXptlPczHv7VO+HiNlZjggzS3dWxppZsLrkOtQLY/Z7i1lg0GCZKUKC/w9+A9/TWfksO41lbqijHRw==
            X-MS-Exchange-Transport-CrossTenantHeadersStampedTYSPR03MB7944

            Icon Hash:46070c0a8e0c67d6