Windows
Analysis Report
original (1).eml
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 6284 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\orig inal (1).e ml" MD5: 91A5292942864110ED734005B7E005C0) ai.exe (PID: 2196 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "397 01953-8BC2 -4B47-B38D -A434257EF D9D" "6709 E829-DD94- 433C-8DBF- 1DAA5C9602 44" "6284" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) chrome.exe (PID: 7128 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt http:// email.mg.d ior.com.sg /c/eJwUy7G OwyAMANCvg RHZBgwZGG7 JfwB2WnSpi Fruvr_K_PS kMPRWo9WCK ZAn9oD2WSJ 1ATkyaBLag HL1wWMTQDw OYLGjEFAEj xk3jwFdb8A -AeeNVAJXE -D1cDLm2_X 5cp-HPctzr cv4H0O7ob1 ySx2bRq2cW bhDh6hbTK6 ev2ONa97R0 G7fZWkd1zQ B_j5u6XmD_ S_0DQAA__8 EWDYX MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 6192 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2012,i ,609336015 0381680439 ,128969564 8049784606 6,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version --mojo-pl atform-cha nnel-handl e=2052 /pr efetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
- • Phishing
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Phishing |
---|
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | Classification: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: |
Source: | File deleted: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | Key value created or modified: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 21 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 4 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Extra Window Memory Injection | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.251.40.132 | true | false | high | |
s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
mailgun.org | 34.110.180.34 | true | false | high | |
email.mg.dior.com.sg | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.80.35 | unknown | United States | 15169 | GOOGLEUS | false | |
34.110.180.34 | mailgun.org | United States | 15169 | GOOGLEUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
23.204.23.20 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
52.182.143.214 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.123.129.14 | s-0005.dual-s-msedge.net | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.250.64.99 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.40.132 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.251.32.110 | unknown | United States | 15169 | GOOGLEUS | false | |
23.206.121.14 | unknown | United States | 33490 | COMCAST-33490US | false | |
142.250.72.110 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.176.195 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.31.84 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1643524 |
Start date and time: | 2025-03-19 22:34:56 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | original (1).eml |
Detection: | MAL |
Classification: | mal48.winEML@23/1@8/106 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): svchost.exe - Excluded IPs from analysis (wh
itelisted): 23.204.23.20, 23.2 06.121.14, 23.206.121.15, 52.1 23.129.14, 40.126.24.84 - Excluded domains from analysis
(whitelisted): ecs.office.com , omex.cdn.office.net, dual-s- 0005-office.config.skype.com, fs.microsoft.com, login.live.c om, ecs.office.trafficmanager. net, prod.fs.microsoft.com.aka dns.net, fs-wildcard.microsoft .com.edgekey.net, fs-wildcard. microsoft.com.edgekey.net.glob alredir.akadns.net, e16604.dsc f.akamaiedge.net, omex.cdn.off ice.net.akamaized.net, a1864.d scd.akamai.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - VT rate limit hit for: https:
//email.mg.dior.com.sg/favicon .ico
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 19 |
Entropy (8bit): | 3.6818808028034042 |
Encrypted: | false |
SSDEEP: | |
MD5: | 595E88012A6521AAE3E12CBEBE76EB9E |
SHA1: | DA3968197E7BF67AA45A77515B52BA2710C5FC34 |
SHA-256: | B16E15764B8BC06C5C3F9F19BC8B99FA48E7894AA5A6CCDAD65DA49BBF564793 |
SHA-512: | FD13C580D15CC5E8B87D97EAD633209930E00E85C113C776088E246B47F140EFE99BDF6AB02070677445DB65410F7E62EC23C71182F9F78E9D0E1B9F7FDA0DC3 |
Malicious: | false |
Reputation: | unknown |
URL: | https://email.mg.dior.com.sg/favicon.ico |
Preview: |
File type: | |
Entropy (8bit): | 5.89996057584703 |
TrID: |
|
File name: | original (1).eml |
File size: | 137'522 bytes |
MD5: | 541ed79c814f85be6e73410555ad713a |
SHA1: | ba59cf8cb618dca6669f3ee65138aafa4d78b634 |
SHA256: | a6a53fbf8cde5576eaa44aa8b66f6ddc4d16e3f3e12dcf3d6bb5f871a1cfe3a0 |
SHA512: | 849c2ae16be39935702781d98bee147569d8e3496794eb090e8d610798cdc2534d205b7caf3014b17c1d15b47a8cdaac4f95de03b27ec68d22fdc073d25b7548 |
SSDEEP: | 1536:4B8jL+oLGFCFNaZEinRqlY6606I431D6G25vxCOa0i7qUB55ZBZmZ:4B8xGFCFNa0G6606Ixl4OniHBZI |
TLSH: | 1AD37D9602422375D9D4FE08642F5AB732EC75CF08F0508E0F3D6B6AE464AFC5DE6689 |
File Content Preview: | Return-Path: <teaipo@us.tel.com>..Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01on2071.outbound.protection.outlook.com [40.107.255.71]).. by inbound-smtp.us-east-1.amazonaws.com with SMTP id kc47mtuv6jtkupfovbbavinio0gohbcc62l |
Subject: | [Phish Alert]Timesheet Notification: Action Required |
From: | teaipo@us.tel.com |
To: | telgreport.phishing@tel.com, db882d80-4f03-4511-be8c-78fdfd0ad442@phisher.knowbe4.com |
Cc: | |
BCC: | |
Date: | Tue, 18 Mar 2025 20:20:55 +0000 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Return-Path | <teaipo@us.tel.com> |
Received | from TYZPR03MB7668.apcprd03.prod.outlook.com ([fe80::16ae:5f31:5998:ad46]) by TYZPR03MB7668.apcprd03.prod.outlook.com ([fe80::16ae:5f31:5998:ad46%3]) with mapi id 15.20.8534.031; Tue, 18 Mar 2025 20:20:55 +0000 |
Received-SPF | pass (spfCheck: domain of us.tel.com designates 40.107.255.71 as permitted sender) client-ip=40.107.255.71; envelope-from=teaipo@us.tel.com; helo=APC01-PSA-obe.outbound.protection.outlook.com; |
Authentication-Results | amazonses.com; spf=pass (spfCheck: domain of us.tel.com designates 40.107.255.71 as permitted sender) client-ip=40.107.255.71; envelope-from=teaipo@us.tel.com; helo=APC01-PSA-obe.outbound.protection.outlook.com; dkim=pass header.i=@us.tel.com; dmarc=pass header.from=us.tel.com; |
X-SES-RECEIPT | AEFBQUFBQUFBQUFFK0JnV0szdVpaam5sYm1PMEF1blplSmQ5M1dQQWVPRnlIWXhtcVN2TGJKVE9VbFcrM0Q0ZUdKUXp4dXJKbEk5VFN4Y3k3cnBRRlRwVHJVUG1rUk42dnU4eFhFQ3VhR3Zoak1jUy9FSG11NUpaTUhZYkRGYnpieGY5WWl3Y1M0elJ2WDFFYmZYSmVQVzlmVFVndlRxSHp0NTV1TWdwc3FLbUNjVzNFeGJGUFJjSDdEbXd4MWlrUnIwN3V0WWF0UGdRZHF5eFpVS2pBYXJGaElJeFJubDNkbVRpYmNvbFJLWVQrV1JuVW5tTGVJazZQeW4wLzlsSDdmQ00xdmowTEEzdTNqMDlwcE9QeWFYZStVaU55aTVLTExISlNSMGZacnpOZlFsRzBHdThTV1E9PQ== |
X-SES-DKIM-SIGNATURE | a=rsa-sha256; q=dns/txt; b=V7ZoMOC8bhpd4gtpW1olv7wETipGu0cBy30ByJT7SQhiYySdhK1kUTt4wD34CrnpvbGnNHGYT5MkLKnzCDgdzb5m8et0o5N79mBLRQ+3XucGujWMEnYg0O5bX3027FVYIGwuib8g1HcxkR1CSYBnyEE1QX8N6vY7LaQCVCP6jlc=; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1742329262; v=1; bh=Fe/k3zNlbesSATvzuC2Sm4n5pQuEy/Y2uSgRsU0Mxf8=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT; |
ARC-Seal | i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=W/fD6QvSGlzPaKR1mkU91UZnvILmGXZfoTBOEB9W3TBg8nG11NeTNxN5/PBZj3yjktR34ITXGkuVdlKgMMGHuAdpKZ6mId5tUYshdLOQ1kpqLnDthJWvUXZeM2uzT9qha7ntQcB8GVnctVmmaJpxw8n0+S+njN8V7Pq9IEnTuFLjIC0OKrGtr3dHTZewuK77aPXJGmFW4lPtSjlftq2945TNmbW6FlcXCr5JSy5LGORSo0v3OeoUsWUn5vSCifQJGbnFEOzwRfTJ64ez/GGY95q4VCB0gG0TcuYRz+eCrD1Q/0TORNimYdINxrVdvQi+KQNPpLbAa2Tw9vch61Zzzg== |
ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3axqCtqanV8sE/evTyircKZt8TMAj/Lqi3fAK6QRxRQ=; b=ZCiu2bLaP1duBmWxwq4s9kkf+YcjkbSw6mfm1ofEIT+ueBHGEFBU9ZJgSPz5EwZA/sCiTabe0AuFNLAAKk75apmTLukEeGUY7vuZqMItT+TYpeJHuV2fRwkoMqm2MICQtAO8Df3wScUDqd6SfpWG2sJvHnZsEpjyfGeDWt9yyZbp+SWbM5S8MV2uZiAPre1dZyhGff5pDAPSuwJR15jLoAs+QygEfRuE1Vny9ZSpVrvNjsYC+2GAamKRFJMqFxSkeKrFuOGfBEyzmeV1VAMofSwx8Wa7tybK5FmqEoEy89JlmUf8JREdt3hkJx3Bjrg8zq5sifAq4oIK5a/8t7iAIQ== |
ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=us.tel.com; dmarc=pass action=none header.from=us.tel.com; dkim=pass header.d=us.tel.com; arc=none |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=us.tel.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3axqCtqanV8sE/evTyircKZt8TMAj/Lqi3fAK6QRxRQ=; b=hdnb4rnrASeupJLNOlZ39W6r0oW8tesrSZ+4HhzsGlwpmG12q8rhsazWTuv/S10RqOXsD+dv6Liy3Cdq7PsWycHUlK+EJrfshe0flis//+6GBd83kkV/Anpllo3QkJum0ZayA3onVNm8nA3JqmJGILyHwhQimICZitzg1hOmSaw= |
From | teaipo@us.tel.com |
To | telgreport.phishing@tel.com, db882d80-4f03-4511-be8c-78fdfd0ad442@phisher.knowbe4.com |
Subject | [Phish Alert]Timesheet Notification: Action Required |
Thread-Topic | [Phish Alert]Timesheet Notification: Action Required |
Thread-Index | AQHbmENAPFug9cDMt0+YnpQ6rw9jXA== |
Date | Tue, 18 Mar 2025 20:20:55 +0000 |
Message-ID | <TYZPR03MB7668B1668379AB63234C26DEE6DE2@TYZPR03MB7668.apcprd03.prod.outlook.com> |
Accept-Language | en-US |
Content-Language | en-US |
X-MS-Has-Attach | yes |
X-MS-TNEF-Correlator | |
x-logged-in-user-account | leonard.x.harvest@us.tel.com |
authentication-results | dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=us.tel.com; |
x-ms-publictraffictype | |
x-ms-traffictypediagnostic | TYZPR03MB7668:EE_|TYSPR03MB7944:EE_ |
x-ms-office365-filtering-correlation-id | 2641128a-5f02-44a1-c4f1-08dd665a635c |
x-ms-exchange-senderadcheck | 1 |
x-ms-exchange-antispam-relay | 0 |
x-microsoft-antispam | BCL:0;ARA:13230040|366016|376014|69100299015|1800799024|8096899003|4053099003|38070700018; |
x-microsoft-antispam-message-info | q5Ro/PzqqQ3NlIKGQrGvj4nddhr/de8N8y+hacfvCwyL3GCOy+6lrX/2YR3OLnLT2YpnVCoNnfmhjzE8OhJ2dEgIPiZVZohKFhaZ/9d7Nbagvj9fhWYi+mYGA74bT6+GFloNcjMfVWGZsr+4+TYCQ3iC6+BFpzKq3D+adLTx0xcv6UBgRrOtRSHsmdAmvzvxbQd3QQtcbC4eFb6JEjltyOLrg5eGGxXM4YohleZBJXLjdbf7AgWDzSJ1KiHQ89k64VtaZeo3QB2OCoUX0mJhR2bCOCsQchN/ydeNhlqglwe6EEp6ItMkR4bbeo+F5C0beOFJ7LVDW58Qag+h5yquijbwjXvf9hHKwDIGy/0RSfZWPn9YBGWdeKFHUQaX80EMclszBjmaUxFJFwBG71DXGaaCzj8Cq+ur/QfOBZWugGwqsdS8cnpLkj5SzuSEPacUYeeZPVo9Cv0omJobrjcnMLZIn0q9AE/nzb6bFzMQZ5L243KRSE18xWa9AfQd7FIDe2tyrqkohwZ9GGtAwxx4s8sbr+Y0uHphdheOg+FFhAq9KBVaNEeC3lKk5LZHBAk7rcwK64FRVnA9b5KxhLagXK1IrZe2dqYQCMnps4qTwHIXZ60SPIyPbOXKBbSZkt96BbKKcvODERpWKhHfIQ4UkkYJbuUDIWODG5VtCdFuAYSbHfIdGzmnFP1yoIs2bsz3BzChv2A8YRfBCxLs0R8ThmWZWivEe/g/+gCOVF//3MKbsw9zf7PkigH/B3x659AzN29hy+VMFkxL1OOllwBYIiMzc7PMOsNZQdIkscjeypxOWJXgSSRCAH0X4NZqFzeMr7Kkr9m++kYvx8reae0IR53MCfccywz3TrgOkoV9/FGfGSyZ5ZGHfg8liQVipFRPFZ59r+EbgdsCg7eCu0FWsrsoRsOW9zyxDh4L7Wv8wLxKeP4VqmknRDlEaRd4UetVxaGLpZWlpvtBUN5iouPFS8zyocP2jZJ8VEignYCSOFvA/YA15vh4oYMpprRy4sAG7LC5b4uofYAC/8t9+bk5BLUwOX3K90sHihwazHZvdxmh+pMnoIySM+vPo81FRejyGoyn9My7EvP958f5P4wDw1h+CH55tiIk/incMgj1TSYNqs9IL+pbPqZBOxQtVkOLt/WrZI5AOq9yoO2wMDucXhFiYUbi5mCeZ7q/iB08mBAIpFlKvq0yi3PwaTISSMjC2wkMTdt5pBuVSXvNow/rFw7y0CRVc3sfxFo995OMm7Ryovl6YAMZpKoFSw9I6K9i8rJX4aT139sm5T8HBxHEh+FRjVmgct2NniRWnoxinFNykn5JBGvhagPvxcG8FjOc2rJcUioUD+DoFP64DlGYKA== |
x-forefront-antispam-report | CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYZPR03MB7668.apcprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(69100299015)(1800799024)(8096899003)(4053099003)(38070700018);DIR:OUT;SFP:1101; |
x-ms-exchange-antispam-messagedata-chunkcount | 1 |
x-ms-exchange-antispam-messagedata-0 | RJUqprzr8+sVmzeAU4aBJ7Nov11L0ohhbOWZNzYw6Cef7AfYRX678e37qPMTGGZCig6ZAairhkmTiUh9AfAFTB+CJ+by7pXV+agzYSTnqbDoe5nRVG56jI2IwoVbK9fDkZP8kCdZ9TCQcvaS7AzrQQn18FnC5o5WXy41bld3UoQfw88lUeWjLDlLGfKOMlSbuIykQjzPAXX8jQ5cMrai46t2sbKOcG+Qc7eLfNJqob7bzmhvNcvAig7qrFW02JEzTogfNtEWL2Nw3pOJyqOsnvwCog16m0zq7gofSM6kGnx8QHN6J+dfPD9aY0h17q8zX9QnccLHgnYK3irt9q2FZFxz1ZLsgWdYjwTOfkWRdfll4GJtfsl8BQWYnXrO+iRfp9Z5uTnDfaekb1bsYeK58FoqFJ4uujd4LbeSlh6kiOwTHsQLKGy/19JyUHdINDgZ3JnQRm/GjNLlNGl5jw67j/gen5QVYEkn7mToZp6gBTB4rjPMLbmuBEp63HiKfXRIIyJ1J+CstzUIG4Dkl4vNHUW+hgq7EJcHb5/szR48cO7AiOUptOJz54P4lAIppxzbgLFEHnkUqX+k03efE6khNLL9e58jaFjTtueNKLPU0TdxblToHUVeaWFPeKLZjNnmOQZHns0NsAlgnQXPtfXgq34PWATFlm7Hzvsyu6MIrSORZCQifPFQbsfTXFEVI/MbfTqHEv1IaaDKgwfqyphxQ5SNDcivsXQOLeZGPK13mFJ9JFCQrwJKXDyr5XdfP7zbJqeA51p+78zy56F4SJxrZrxzNpJHGoWYi9uynInnaxomOnX3gdhjRhoxge+Z+q+OuIx2Xw+96MaqV6WETu0gZMjgSeiUVK13Dz4kWb0U6ovj+7V2DkPBSBQG8DRkqlfbIjyRArpCxNumtz16LqCVBvzsUwnaWCHFrH1/hhbd7MLq299wcIM8zyz1fiWjIG5IjoEm5vwQTE+3vbIpmBObXE/Wd+ycUCwNop+zDuotuZ3WmMfYSBU1jwzfzZ09nFJW04j5iNOUgB+GzxgZPacLVhbBH9CSlA/yVxywX4unxiZ7PlT2bkjdR+agXQ9SN+zKC/uV2aMcK9lFqZx9x+OXyLI9Xus0FEzmecxo4OPWuJfWpPg6L2r4XRAL7HYIg5JYCO4KHD3wAfgpv5u09J/w9W8pKXiG6P9ujESJRIHAGmdeVzXdZfXgPuSl9P3EDzKgs8tqCJ3YTQsJs1zpPjYLOC9yP9rKpFqEc+db5SO0OkA03fY4khJq9JystF/9YvWBiZ5SzvkgsqOn0a3Xic5fKFZPlklWg0aEeGHlthQJEYE4t4FXI9sgHcOI4/A7up+0prLP/HeYTkqRG7qKeE/G1cptXwJsPOdgZCjF8lRs22C5Rn+yYAkDt5iDdVZwgoJ5kkFya9d+LaJNp7UlEgtImCAvSOBCNOYPOn8FtxwohfCR5Xr/xYnIv6McDdsZ7ek+F1+1guvC8tUxMKiuwCEBYaGv42BAM8hCisozvFEd80nSiaUddPbF0pi0y9sKzaHUV2Tr7IvNlFW0zn1b3s1i8uvm1IIwDPLnOXUNDFDJ7q4= |
Content-Type | multipart/mixed; boundary="_004_TYZPR03MB7668B1668379AB63234C26DEE6DE2TYZPR03MB7668apcp_" |
MIME-Version | 1.0 |
X-OriginatorOrg | us.tel.com |
X-MS-Exchange-CrossTenant-AuthAs | Internal |
X-MS-Exchange-CrossTenant-AuthSource | TYZPR03MB7668.apcprd03.prod.outlook.com |
X-MS-Exchange-CrossTenant-Network-Message-Id | 2641128a-5f02-44a1-c4f1-08dd665a635c |
X-MS-Exchange-CrossTenant-originalarrivaltime | 18 Mar 2025 20:20:55.6367 (UTC) |
X-MS-Exchange-CrossTenant-fromentityheader | Hosted |
X-MS-Exchange-CrossTenant-id | 8c433003-a081-4dfb-a631-100526250b1a |
X-MS-Exchange-CrossTenant-mailboxtype | HOSTED |
X-MS-Exchange-CrossTenant-userprincipalname | 4A7Tt4tRAXptlPczHv7VO+HiNlZjggzS3dWxppZsLrkOtQLY/Z7i1lg0GCZKUKC/w9+A9/TWfksO41lbqijHRw== |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | TYSPR03MB7944 |
Icon Hash: | 46070c0a8e0c67d6 |