Windows
Analysis Report
FW What it takes to build a great search mobile experience.msg
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 7072 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /f "C:\Users \user\Desk top\FW Wha t it takes to build a great se arch mobil e experien ce.msg" MD5: 91A5292942864110ED734005B7E005C0) ai.exe (PID: 6292 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "0FB 93FDC-1732 -419D-833A -C0138701C 0ED" "38BF A882-F15D- 4348-9508- 0CD3F71936 2D" "7072" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) chrome.exe (PID: 6180 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt https:/ /eu-west-1 .protectio n.sophos.c om/?d=worl dmartech.c om&u=aHR0c HM6Ly93d3c uZW52Lndvc mxkbWFydGV jaC5jb20vc 2lnbnVwLXV zZXIvYW05d UxuZGxaMEJ qWVhKa1ptR mpkRzl5ZVM 1amJ5NTFhd z09L05UYzF NUT09&p=m& i=NjUyNDBm ODUxNzM0OT U2OGY5NzE0 ZWFi&t=Wlo 3QkdqVkpQe nIwbUZnOGh JKzU3ZGI0R DhqNThYQy9 XNmNUa0UwR 1pkVT0=&h= 7712d165c3 3347ce8b62 b974797daf 19&s=AVNPU EhUT0NFTkN SWVBUSVa-I 5G8dJpbCOK cqB6FvZNNr OD_w7_MjEw FCAXh6udcl w MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 6848 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=2088,i ,850904259 7815076517 ,303292557 9814416831 ,262144 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion --vari ations-see d-version --mojo-pla tform-chan nel-handle =2264 /pre fetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
- • AV Detection
- • Phishing
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | Classification: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | HTTP traffic: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: |
Source: | File deleted: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | Key value created or modified: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 11 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 4 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Extra Window Memory Injection | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.env.worldmartech.com | 205.134.255.228 | true | true | unknown | |
response.insightsforprofessionals.com | 172.67.69.208 | true | false | unknown | |
d35tlz0p71apkp.cloudfront.net | 108.138.128.37 | true | false | unknown | |
resources.insightsforprofessionals.com | 104.26.11.229 | true | false | unknown | |
cdnjs.cloudflare.com | 104.17.25.14 | true | false | high | |
www.google.com | 142.251.41.4 | true | false | high | |
s-0005.dual-s-msedge.net | 52.123.128.14 | true | false | high | |
eu-west-1.protection.sophos.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown | |
false |
| unknown | |
false |
| unknown | |
false |
| unknown | |
true | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
205.134.255.228 | www.env.worldmartech.com | United States | 22611 | IMH-WESTUS | true | |
142.251.35.170 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.65.163 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.65.195 | unknown | United States | 15169 | GOOGLEUS | false | |
104.26.10.229 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
184.31.69.3 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
20.189.173.4 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.111.251.18 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
108.138.128.37 | d35tlz0p71apkp.cloudfront.net | United States | 16509 | AMAZON-02US | false | |
52.123.128.14 | s-0005.dual-s-msedge.net | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.250.64.99 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.81.238 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.40.110 | unknown | United States | 15169 | GOOGLEUS | false | |
172.67.69.208 | response.insightsforprofessionals.com | United States | 13335 | CLOUDFLARENETUS | false | |
104.26.11.229 | resources.insightsforprofessionals.com | United States | 13335 | CLOUDFLARENETUS | false | |
142.251.16.84 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.176.195 | unknown | United States | 15169 | GOOGLEUS | false | |
104.17.25.14 | cdnjs.cloudflare.com | United States | 13335 | CLOUDFLARENETUS | false | |
142.251.41.4 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.65.234 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654446 |
Start date and time: | 2025-04-02 10:38:57 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | FW What it takes to build a great search mobile experience.msg |
Detection: | MAL |
Classification: | mal60.phis.winMSG@24/9@16/164 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): svchost.exe - Excluded IPs from analysis (wh
itelisted): 184.31.69.3, 52.11 1.251.18, 52.111.251.19, 52.11 1.251.17, 52.111.251.16, 52.12 3.128.14 - Excluded domains from analysis
(whitelisted): ecs.office.com , prod1.naturallanguageeditors ervice.osi.office.net.akadns.n et, dual-s-0005-office.config. skype.com, fs.microsoft.com, n leditor.osi.office.net, prod-n a.naturallanguageeditorservice .osi.office.net.akadns.net, ec s.office.trafficmanager.net, p rod.fs.microsoft.com.akadns.ne t, fs-wildcard.microsoft.com.e dgekey.net, fs-wildcard.micros oft.com.edgekey.net.globalredi r.akadns.net, e16604.dscf.akam aiedge.net, prod-canc-resolver .naturallanguageeditorservice. osi.office.net.akadns.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtReadVirtualMemory ca lls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data. - VT rate limit hit for: www.en
v.worldmartech.com
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 22688 |
Entropy (8bit): | 5.223240277623455 |
Encrypted: | false |
SSDEEP: | |
MD5: | C4499184878D17D8AF6F4181C0D03102 |
SHA1: | C5A2FF013FA357C1D2A6571B5D8E658E670080EA |
SHA-256: | AA1D80CDF0990E97A21069AB16C048EF90A35DF1165B87D19ACCABD7C4EDC860 |
SHA-512: | 0DA5E2CD6EEB9DE26233F5CE9D341543BC0364154D5DFE54F6B13CF013D8850704438A63684665097E61818DFEE02DCAF758DF7695166F3F2DF262FF8350434F |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.min.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 20434 |
Entropy (8bit): | 7.950776955324463 |
Encrypted: | false |
SSDEEP: | |
MD5: | BC37C4C2A572900186D99A86EF9D24EB |
SHA1: | 0E591804D3568D5630289AB8D005E8144FB01373 |
SHA-256: | 5B4C130C97125884E8C1F80C75D5A15780C43F105E912B2A2F2328BDC666E213 |
SHA-512: | 21A09A9E5720859582CF3E2DEE59A79E2A2B43A10B4BFC8CFB4FA084BC019D22A388E52FEBFBC6F5F2D5A2E4AB0B492CB23F683E35F9892CDAD4E82E36853E80 |
Malicious: | false |
Reputation: | unknown |
URL: | https://response.insightsforprofessionals.com/Asset/Inclusion/463938/Reference/promo-image |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26154 |
Entropy (8bit): | 7.9909950621693415 |
Encrypted: | true |
SSDEEP: | |
MD5: | 7DAC54DB9E97771216FFDEED9560BE52 |
SHA1: | AE7D858E37F9F222EFC4FCBB7B6027192298CCEE |
SHA-256: | 394BA2818201B88011B73208A27E27B3C5DD4B3AAC496041A296531D366CB43B |
SHA-512: | AA9B42D785AE863B724CAF9566FB72FB91432E44448AA2EEDE4301D10AC5E55AA1998D0ABC6E4D09C60FD677A03DC476F9370593589DFE8CB1EF498995A7A12A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 236 |
Entropy (8bit): | 4.6136472859144035 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3DEA6E4A74AE5C8A6B8DD3BAE0DE6081 |
SHA1: | 0B2672DB2629A86272CA21084220113C548195DB |
SHA-256: | 6C09A3F77E8A1CE36FFDF1BF0CFF8AA9BB5C17616BA8F31DB31D8B5946245362 |
SHA-512: | 9B86BD1B8867C44AD5431A94991E517F73A639F03BFCA39DAF2BC6A9883C5C68E0CA8B69662A2A48E35922960F80B0679EB8E9CB7BACDAC6EF93D46C4B10A9D4 |
Malicious: | false |
Reputation: | unknown |
URL: | https://www.env.worldmartech.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 121200 |
Entropy (8bit): | 5.0982146191887106 |
Encrypted: | false |
SSDEEP: | |
MD5: | EC3BB52A00E176A7181D454DFFAEA219 |
SHA1: | 6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68 |
SHA-256: | F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C |
SHA-512: | E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B |
Malicious: | false |
Reputation: | unknown |
URL: | https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18585 |
Entropy (8bit): | 5.292936072934826 |
Encrypted: | false |
SSDEEP: | |
MD5: | A5DFC0939AE28B8F04E49ECB531C6CCF |
SHA1: | 93F0373CAFFD48E298D72AA45E0853B088662646 |
SHA-256: | 1C1BA20E28E8C777890E298A39FDEF985D5EE65CC236723C027A9B55860BC974 |
SHA-512: | 616EB6D21A4C3562623CF089130413ADB00A361CC7087AEABB05E10F8D9CF43BE2C7027C79E6A4738D1394A18F3798355B8DF10165286B2F111A92FAA6F6F5DD |
Malicious: | false |
Reputation: | unknown |
URL: | "https://fonts.googleapis.com/css?family=Josefin+Sans:300,400|Roboto:300,400,500" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 168 |
Entropy (8bit): | 5.212486991126727 |
Encrypted: | false |
SSDEEP: | |
MD5: | 091B2BE985EA4ABFB01A1AD9CDF92A60 |
SHA1: | 8A6F0CF49BA8D8AB0A07DD1505D05EE232B61C37 |
SHA-256: | 666A891A74C317E2D2A23BFE6FF249F0C6CBA83271DA3A3816038D54EDD60E29 |
SHA-512: | C80A5792D76D24766B1844B217EEA4E7C5D1BB17A00FA1461D243A3A31CB6C76510B80EC7A56FB98D00E149F6B3855A4B49456064600DDA0D05AF93A6DA1E543 |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhJfCUHFZyXMBR1vEgUN1Yx-IxIFDYdNGaYSBQ14bxIZEgUNU_J1YRIFDZIFVM4SBQ08K4tVEgUNQSVWeBIFDd6uuR8SBQ3uEZ3nEgUNJZ-c2xIFDaB52aYhyALoGLBqwjQ=?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 45282 |
Entropy (8bit): | 3.7870197617583066 |
Encrypted: | false |
SSDEEP: | |
MD5: | E0C9BC967AF4D18F43568D505B6AC706 |
SHA1: | F49D6283AA8AF29188B033DF6E6D4343F7868469 |
SHA-256: | AF29A93637CA949AE11560172F4DE367533053B7F917AF21F73BC56F063099D3 |
SHA-512: | 21E5A7B557AABFD91F55441898C52E8129112C91F57A7F70DF9FACADC5B7DB91A818AC78707A7C911EB21E5802DA2F371E8C9A41A71EECF7DD21E8C96C83BEA5 |
Malicious: | false |
Reputation: | unknown |
URL: | https://www.env.worldmartech.com/signup-user/am9uLndlZ0BjYXJkZmFjdG9yeS5jby51aw==/NTc1MQ== |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40788 |
Entropy (8bit): | 7.923570776234729 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3C0D85B9EAE7D6097982CE18E60896A0 |
SHA1: | C2F56C627766B6038259D28AB3BB60BC703DC150 |
SHA-256: | 8F392B46E400D345CE8569C581B91BE471F7F82E15DD145627F6C581E0188CBB |
SHA-512: | 758A2743ECC1D1ACD634C375025901099649C1414C9E89B2AD1749407AFD1F359B163741E3203165AE5377DD823A3D2EF1B9DC46607A5F0386431C31F58C57A3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 4.198337129657051 |
TrID: |
|
File name: | FW What it takes to build a great search mobile experience.msg |
File size: | 85'504 bytes |
MD5: | 8ec47aca8634972c019696f320871c03 |
SHA1: | 4ee888faec6724409b21d14f9bbc43b5b027f1d5 |
SHA256: | bef6dada01df6f2fb995a3207dbab4cc6b7e171c8a48344df4a6cf02858b3104 |
SHA512: | 602d1d576d90351f33bb85785350347b1b137e06505ec8db3e25cad8f2dd80c08771ce1fbc300b223901f8427e7a36eaa60b6bfdd8eb3ccf18e39d292731d1b3 |
SSDEEP: | 1536:ubAM/mFugomsW8pmNW+WVR5WJW+WXSAHtTWvci:M/LgomsW8Wci |
TLSH: | 4583002536F94215F277AF364EF780978936BC92AD24CA8F3191730E0672941E961F3B |
File Content Preview: | ........................>...................................".................................................................................................................................................................................................. |
Subject: | FW: What it takes to build a great search mobile experience |
From: | Jon Weg <Jon.Weg@cardfactory.co.uk> |
To: | Security <Security@cardfactory.co.uk> |
Cc: | |
BCC: | |
Date: | Tue, 01 Apr 2025 17:19:13 +0200 |
Communications: |
|
Attachments: |
Key | Value |
---|---|
Received | from VI0PR03MB10398.eurprd03.prod.outlook.com |
15 | 19:13 +0000 |
Authentication-Results | dkim=none (message not signed) |
(2603 | 10a6:20b:4ff::20) with Microsoft SMTP Server (version=TLS1_2, |
2025 15 | 19:13 +0000 |
([fe80 | :834c:3892:fcbc:5f6a%3]) with mapi id 15.20.8534.043; Tue, 1 Apr 2025 |
Content-Type | application/ms-tnef; name="winmail.dat" |
Content-Transfer-Encoding | binary |
From | Jon Weg <Jon.Weg@cardfactory.co.uk> |
To | Security <Security@cardfactory.co.uk> |
Subject | FW: What it takes to build a great search mobile experience |
Thread-Topic | What it takes to build a great search mobile experience |
Thread-Index | AQHboxd/AGTKttgerUm0YMAfnk6MG7OO7Grp |
Date | Tue, 1 Apr 2025 15:19:13 +0000 |
Message-ID | <VI0PR03MB10398278EF9ECCB3A138E3D44B8AC2@VI0PR03MB10398.eurprd03.prod.outlook.com> |
References | <67ebfb02192e2@worldmartech.com> |
In-Reply-To | <67ebfb02192e2@worldmartech.com> |
Accept-Language | en-GB, en-US |
Content-Language | en-GB |
X-MS-Exchange-Organization-ModifySensitivityLabel | ;c9610a5f-04c0-42eb-9845-623a2065dcb9 |
X-MS-Has-Attach | X-MS-Exchange-Organization-SCL: -1 |
X-MS-TNEF-Correlator | <VI0PR03MB10398278EF9ECCB3A138E3D44B8AC2@VI0PR03MB10398.eurprd03.prod.outlook.com> |
msip_labels | MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_Enabled=True;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_SiteId=7956b84e-0c99-46b5-81c6-28689cfa7221;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_SetDate=2025-04-01T15:18:19.7139486Z;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_Name=General;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_ContentBits=0;MSIP_Label_c9610a5f-04c0-42eb-9845-623a2065dcb9_Method=Standard |
x-ms-reactions | allow |
MIME-Version | 1.0 |
X-MS-Exchange-Organization-MessageDirectionality | Originating |
X-MS-Exchange-Organization-AuthSource | VI0PR03MB10398.eurprd03.prod.outlook.com |
X-MS-Exchange-Organization-AuthAs | Internal |
X-MS-Exchange-Organization-AuthMechanism | 04 |
X-MS-Exchange-Organization-Network-Message-Id | 108ec0f1-29c3-46f8-73a3-08dd71308f2b |
X-MS-PublicTrafficType | |
X-MS-TrafficTypeDiagnostic | VI0PR03MB10398:EE_|AS4PR03MB8256:EE_|AS8PR03MB7414:EE_ |
Return-Path | Jon.Weg@cardfactory.co.uk |
X-MS-Exchange-Organization-ExpirationStartTime | 01 Apr 2025 15:19:13.3000 |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Office365-Filtering-Correlation-Id | 108ec0f1-29c3-46f8-73a3-08dd71308f2b |
X-Microsoft-Antispam | BCL:0;ARA:13230040|4022899009|366016|8096899003|13003099007|41050700001; |
X-Forefront-Antispam-Report | CIP:255.255.255.255;CTRY:;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKI;H:VI0PR03MB10398.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(366016)(8096899003)(13003099007)(41050700001);DIR:INT; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 01 Apr 2025 15:19:13.0455 |
X-MS-Exchange-CrossTenant-FromEntityHeader | Hosted |
X-MS-Exchange-CrossTenant-Id | 7956b84e-0c99-46b5-81c6-28689cfa7221 |
X-MS-Exchange-CrossTenant-AuthSource | VI0PR03MB10398.eurprd03.prod.outlook.com |
X-MS-Exchange-CrossTenant-AuthAs | Internal |
X-MS-Exchange-CrossTenant-Network-Message-Id | 108ec0f1-29c3-46f8-73a3-08dd71308f2b |
X-MS-Exchange-CrossTenant-MailboxType | HOSTED |
X-MS-Exchange-CrossTenant-UserPrincipalName | YSL+b5Dx5ReAXgtL80tLpntBxI8HwnXEzHNgVJK4EAt362/RQW27sAEhzc589yYnRhgGEfjYMCXHvqn/Wnb1UHUcg+Wbw3c8wA9VpgdEvo8= |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | AS4PR03MB8256 |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:01.7201532 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.8534.033 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(920097)(425001)(930097)(140003); |
X-Microsoft-Antispam-Message-Info | =?us-ascii?Q?tuh9r77WmFbiYTgaNDoJpNyO3xJiDDt7COmg6/lsLpk91ur9Ludgat/T5lR+?= |
date | Tue, 01 Apr 2025 17:19:13 +0200 |
Icon Hash: | c4e1928eacb280a2 |