Windows
Analysis Report
Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- OUTLOOK.EXE (PID: 1044 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\Fw+A dfast+Cana da+Request +For+Propo sal+(RFP)+ ID#9009.em l" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 3748 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "99C 40A0F-776A -487C-8E8D -11929B287 FEE" "A374 1322-3BCF- 4797-9D59- E5629B96B7 4B" "1044" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) - Acrobat.exe (PID: 6244 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \AppData\L ocal\Micro soft\Windo ws\INetCac he\Content .Outlook\L LD12K7J\Ad fast Canad a Request For Propos al (RFP) I D#9009.pdf " MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 6488 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 6724 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=21 60 --field -trial-han dle=1552,i ,115495160 6379697362 6,51766064 6227545079 4,131072 - -disable-f eatures=Ba ckForwardC ache,Calcu lateNative WinOcclusi on,WinUseB rowserSpel lChecker / prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 2 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
2.19.11.102 | unknown | European Union | 719 | ELISA-ASHelsinkiFinlandEU | false | |
52.109.28.46 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.109.68.130 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
184.28.90.27 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
13.89.178.26 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1529325 |
Start date and time: | 2024-10-08 21:07:56 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml |
Detection: | CLEAN |
Classification: | clean1.winEML@19/38@0/6 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 184.28.90.27, 2.19.11.102, 2.19.11.103, 52.109.68.130, 13.89.178.26
- Excluded domains from analysis (whitelisted): omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, onedscolprdcus00.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, frc-azsc-000.odc.officeapps.live.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-frc-bronze-azsc-000.francecentral.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, prod.odcsm1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadFile calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Report size getting too big, too many NtSetValueKey calls found.
- Timeout during stream target processing, analysis might miss dynamic analysis data
- VT rate limit hit for: Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml
Input | Output |
---|---|
URL: Email Model: jbxai | { "brand":["Adfast Canada"], "contains_trigger_text":true, "trigger_text":"Please find attached an important RFP (request for proposal) from Adfast Canada which requires your attention.", "prominent_button_name":"Allow sender", "text_input_field_labels":["File access key: rfp"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":true, "text":"Ce message a t envoy de l'extrieur de l'organisation - This message was sent from outside your organization. Please advise if this is spam or a virus Drew Hauser Director of Design & Business Development Hons. Vis. Arts, B.Arch., OAA, FRAIC, AIA, CAHP Cell 289.260.1171 From: Nils Keschtkar <nils.keschtkar@adfastcorp.com> Sent: Tuesday, October 8, 2024 2:43:14 PM Subject: Adfast Canada Request For Proposal (RFP) ID#9009 Bonjour, Veuillez trouver ci-joint une RFP (demande de proposition) importante de Adfast Canada qui requiert votre attention. Cl d'accs au fichier : rfp [ID RFP #9009] Publi : 7 octobre 2024 Date limite de soumission : 31 octobre 2024 In English: Good morning, Please find attached an important RFP (request for proposal) from Adfast Canada which requires your attention. File access key: rfp [RFP ID #9009] Published: October 7, 2024 Submission deadline: October 31, 2024 Thanks, Nils Keschtkar Business Development Representative/Project Manager Nils.Keschtkar@adfastcorp.com 2685 rue Diab Montreal H4S1E7 QC Tel (514) 337-7307 ext:7054 www.adfastcorp.com", "has_visible_qrcode":false} |
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 118 |
Entropy (8bit): | 3.5700810731231707 |
Encrypted: | false |
SSDEEP: | |
MD5: | 573220372DA4ED487441611079B623CD |
SHA1: | 8F9D967AC6EF34640F1F0845214FBC6994C0CB80 |
SHA-256: | BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D |
SHA-512: | F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.153822439869807 |
Encrypted: | false |
SSDEEP: | |
MD5: | AE0959250BDE37DDFC13F44F4FDE4C1B |
SHA1: | 7D518D846F52B486DF347BE08FBCE65A8BBEB620 |
SHA-256: | F34305B026262DE01B6A0891F0B503BF2B9971F6F683B4E6F0534A59403B917B |
SHA-512: | 39F5AC64652ACB8EA058301AAA10A6270C1DEEE03B588B24FE486FFA75852D977E89DF71F298A194556F7B79A03506F008821D7BDD68BF7AF8139BF6B77FA8E8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 5.1538766241041705 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9E86179230019BDC88A595284ABA517C |
SHA1: | 54837B5CF79709F56E48EA5BB2F560AFA006B6A0 |
SHA-256: | 95E0F504803917FB21E815A8E60DF72B15825737A3E8BD46262C5538E52007BC |
SHA-512: | B68A332274FAFD8C9408C9A12212C216489AEF4C5470FE9CDCBC30FB2919032C8A1B074060BE74BE5286F3AB58368088AEE2EE9BA4E23CEB2541031771EBEC1C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1d310dc6-eed5-4ac5-94cc-9b5ce214fd4a.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 266 |
Entropy (8bit): | 4.8399217827843 |
Encrypted: | false |
SSDEEP: | |
MD5: | 189D1E7452200FB5F191CA4C9612EEA9 |
SHA1: | 946C6758AFEC0895387158C16B7DBC0CAEDC6ABE |
SHA-256: | 1BCC5FA9D73827B9F71217A320DA24E399596699AD273F6B2D5C430058E75B74 |
SHA-512: | 7F325B33BAEC7001241643BED036D81D4A15280A646E4D76598FF67E210A401943967C3EBC60183A483E52DC020995E3059AF09DEE2EE5505CAAE52F1756F8E7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 189D1E7452200FB5F191CA4C9612EEA9 |
SHA1: | 946C6758AFEC0895387158C16B7DBC0CAEDC6ABE |
SHA-256: | 1BCC5FA9D73827B9F71217A320DA24E399596699AD273F6B2D5C430058E75B74 |
SHA-512: | 7F325B33BAEC7001241643BED036D81D4A15280A646E4D76598FF67E210A401943967C3EBC60183A483E52DC020995E3059AF09DEE2EE5505CAAE52F1756F8E7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6678 |
Entropy (8bit): | 5.243105497601438 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1BA911249419BBA7DD5C334035C55E4E |
SHA1: | 4A5265D23AC5436A5E742FB311950EC5635E6408 |
SHA-256: | 7D59526A9B02A3765D052AA1070B468DA24070EAAD3847455673972F197E9FEC |
SHA-512: | 826D2788E825FD181E6DF4EB28A2FF290550657683BB286B64CA8B709E0751F9E608BB2DD81E84D9CF8A0E3D901F3223BF81FD14ED412BA1833E71F580C05E80 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 5.146482779828938 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7154D2543AEAF0D808CB0DDFA7179B6C |
SHA1: | C35D28B04B1216F0192EFEDE33F3C6D1648F9805 |
SHA-256: | 39B9A5A185519D33E7ACD6FEBBC40099269373C00C82F18218FF6B6FE4C2D241 |
SHA-512: | B97AD818DAE24DD811BF85FE536C9715095CD73A0797A6950AA12776790398F9E61B93598D2D35AF2953BD44E9A9934B602FCBD124B5BB10933584D4940D6ED6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185099 |
Entropy (8bit): | 5.182478651346149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94185C5850C26B3C6FC24ABC385CDA58 |
SHA1: | 42F042285037B0C35BC4226D387F88C770AB5CAA |
SHA-256: | 1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808 |
SHA-512: | 652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 259864 |
Entropy (8bit): | 3.202660492858591 |
Encrypted: | false |
SSDEEP: | |
MD5: | BE9BCC8BB2DB177C5D0157BDE4A1D3FE |
SHA1: | 31836566F2EBE2EB88519AA3771D24DB439D9457 |
SHA-256: | 19D825CC20881511801CAA8DD9107805442C3B7685AF39FF16944287482659AD |
SHA-512: | 6BB9C6B2AD532D72F5B5D687B8D9F04CFBB4DFC62294283DCE484928F20BCAFD21E61798F303FA3CF7288B10CF0F4A6AC2B83E17C55BE9E819A9960ABF61BDCE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1969 |
Entropy (8bit): | 5.048440461942604 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8484E4DA1AC9B6B94814400A7741E64C |
SHA1: | 607164F77E463A29EA9E5DC7C536109205A8359E |
SHA-256: | 2099864D0A19E93E97184C5FBEAE1FB32502C1DE619FE4076A6199178657BAB4 |
SHA-512: | 65408D38A79A7ACAC4D0A559A00EED401926D6C54D1A70B94BD4E36BD3B032B96848BF6BE8B7F31904AE73E101A2145153F69005DCDE659AA9E4FA0E452D05F8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 1.3575285153617682 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1464847484D9FA61F6C9653E28225E7C |
SHA1: | A3C6851FC8B237099F337225948A32521ACBFF64 |
SHA-256: | 755CC17EB249124467B40E3D50270251BF3294B94AFC335E442F3439CB1D39BD |
SHA-512: | E5A95B24A8F57251C57BE9DF072A32094AE67D8EB62CF4B2A80399350429C41CEF14EEBDBC10313476A0257B3F7E4C38C3C6FB0978C12685DF2E1B8CD64C97F6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.8309110093885994 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4376DAEBA12A327B0836BAD488DE7384 |
SHA1: | 17AAF7F4160BDA6213FD32E3EEB9C17D0A349A59 |
SHA-256: | E8CA99216BFC8B1A628C401280DA60B39A6E3174604A5ADF8E42170D8575719E |
SHA-512: | D39EB8BD89096E32A25B0E53210857880399B22DAC2427D81945BF3E49E8AC3D3A6D1808EDE79E449B1ED55A8126D037148B2A4DDCEAE911F708EFBC33A87F9C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 245980 |
Entropy (8bit): | 4.211036427230395 |
Encrypted: | false |
SSDEEP: | |
MD5: | C82E9E7CF713D194ADA0A8A16F46F400 |
SHA1: | 8FEBE01B226FF0DD964CD33D1AE55F28E8055039 |
SHA-256: | A4442206D92C3761ED40F1BD7F2C21E18A73AE6D7A5ADF7A26D0F8B89ABBC629 |
SHA-512: | A43C85CDF3D68948C50709A71D6422424C09A43FAB316BCDA6916F21A6DCBB876985A61CD608E107B99901C5C1726C57B1C10FE769352E2E9BD460E179D52D15 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2159 |
Entropy (8bit): | 5.108771901994279 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7D8647769CD3B8FDF0EDACB9C0E04368 |
SHA1: | 7D8E1DFE971F10972CD1E1A38D79603BA3B75B93 |
SHA-256: | D1050064829B107EBD67EF9E973ED89FF2EDA47A251CECC147DACA9134F5769A |
SHA-512: | 323B454D0EA0D29137ABDD8968011D700F585142BD001B37445732F80229D59FB22E5A7FAC3EAA3308CF6943D103C53FD3B4D31D511199AD937484A38AE856B5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 521377 |
Entropy (8bit): | 4.9084889265453135 |
Encrypted: | false |
SSDEEP: | |
MD5: | C37972CBD8748E2CA6DA205839B16444 |
SHA1: | 9834B46ACF560146DD7EE9086DB6019FBAC13B4E |
SHA-256: | D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7 |
SHA-512: | 02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 217276 |
Entropy (8bit): | 6.419567239266024 |
Encrypted: | false |
SSDEEP: | |
MD5: | D7D5D4588A9F50C99264BC12E4892A7C |
SHA1: | 513966E260BB7610D47B2329DBA194143831893E |
SHA-256: | 13C03E22A633919BEB2847C58C8285FB8A735EE97097D7C48FD403F8294B05F8 |
SHA-512: | CE9F98208CD818E486A12848B2D64BD14E12D42D84B2E47436A3C4420A242583EEFC4A9B42401B51CC204146C6133645975682E4BB5D48527B3796770EFA3397 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 224452 |
Entropy (8bit): | 6.418018034788758 |
Encrypted: | false |
SSDEEP: | |
MD5: | F5331CB6372B6C0D8BAF2DD7E200498C |
SHA1: | 8387D4F8E061C264DC3AEBEBE6068B66E45D7C6F |
SHA-256: | 1B43DE2449D39B65FF6F63315D4AFDA585F72FBBEC2E3D9A56F59DE6C75149D3 |
SHA-512: | B534A27EE82942784155E087FF2A546AB6EAA7A6CDD1C449687B97DCEE2028D3ABF6F9B0A7459667797DFAEDA30C0342C01DB0F2826F7E80B6B9CCDC9902166A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 773040 |
Entropy (8bit): | 6.55939673749297 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4296A064B917926682E7EED650D4A745 |
SHA1: | 3953A6AA9100F652A6CA533C2E05895E52343718 |
SHA-256: | E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083 |
SHA-512: | A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.4464393446710155 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5685ACDA068996814E30049F84ECF33D |
SHA1: | 094C85323D5F455C79A9C781E0546D574883AA76 |
SHA-256: | 57F64E3416173B950F7574586D8C0F0D9803B64912E78A450E186E57E05D9A3C |
SHA-512: | ACCD84A5EE258059755B2709A907C878C2A4429902A0888A4C4F5700025B230502775882EF4C0A6083F37A290D5C93B2B2BA475FBDD2EBDF6D2DF9C8CF772EC7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\46CCCB43-45EC-4403-8E9B-79696940D29A
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 177810 |
Entropy (8bit): | 5.287216901012841 |
Encrypted: | false |
SSDEEP: | |
MD5: | EF1EC099292213D2B4413246C8AF6A1C |
SHA1: | F3DD520FEACDBC4927B082BFC16DC91FE6EFD32E |
SHA-256: | 1EB137DD713E1AE67F1FEF5284EE3E96FDE0ADCF484A711B371A77299B2C1066 |
SHA-512: | 0A984EFB5C1A5C3F3C174EDC079D59C5F6588E46CDD7055325206868DB4EEE9D69AAE9681914646336CC8F3675A2FABCE59631ADF8ECC911128A3D65254ED217 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04489304881463721 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7DD96A81EA515F1075B7A50E360AB835 |
SHA1: | 8817E2A482BE4842365088FAC084AC6220E961C5 |
SHA-256: | 29AA3FF9F7AE20A76D151F272CFD41EF643114F7421DA93C1270EAF606F04F00 |
SHA-512: | 475D2BB242A53E7BD3972721D8F62C48810F39417511FEFF3BF3EAD4FFE464892748D3E33D765C85905F5B9CAF8B34E90B72AA8475C06C909CA091AB38409C34 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 49472 |
Entropy (8bit): | 0.4849706447255319 |
Encrypted: | false |
SSDEEP: | |
MD5: | 42DDE42D9089A39A5D4B21B3FB53271A |
SHA1: | 3FF3DC4458F598ADCDFBD8E2F015E3B712F8E69C |
SHA-256: | 0063336CDDEC7DCB97DA60C347979D818D82C669A217D2ACCED11D8197F485B8 |
SHA-512: | A50194CF08536E88EAB5179A2C46621B03791FB9E1FD7FAA65AF7721066049E6936E8DECF206A8CEE055F572AF5FE12C194786A4401EC32DA45AA934F27F6BD9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\LLD12K7J\Adfast Canada Request For Proposal (RFP) ID#9009.pdf:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{4FBA726E-1413-4A34-9246-A7635A10E0BA}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16804 |
Entropy (8bit): | 3.7063670775696 |
Encrypted: | false |
SSDEEP: | |
MD5: | F8319DD346E3B524CAB2E4C38F4ADB62 |
SHA1: | 2E4F76087AEEEA84907DBCC6C04F498B4D10019A |
SHA-256: | C6A74045EF55330AC689B4B34DE16D3A9D017B4CC5F33F49DB73A2E8311ACA1F |
SHA-512: | 28E17C06368000D1D9744CD12D2724C8B8020182C5514599032CA7B4E2EA34501B15506867C5874DD5AE0D5AC8CAE641DE549F9EE1239FA3697A5B70FB9985C8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728414519562687900_EEE10F61-8964-4FDA-9F00-4F7FDEF43855.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.18564750567319296 |
Encrypted: | false |
SSDEEP: | |
MD5: | A176708737AC347E545941C1C4677501 |
SHA1: | 2F32A59E5A5708F913462EC5C0CCDB1D5E21B800 |
SHA-256: | C10B66DF24E5E740EFBE0FAAC49E3B296E28C49A5F7A221E2CA76E15BFA9D386 |
SHA-512: | F70B8A5C9BE155A2F2646B244CADE3DBB27217BD98184C5C5CFF2C4DA0D392F5E2899C3DF4F6BBEB41134FE7FC2F100C9DD3089F8CF0CD7B89FD00C1BFE07E34 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728414519563422000_EEE10F61-8964-4FDA-9F00-4F7FDEF43855.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241008T1508350184-1044.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 4.46126909393952 |
Encrypted: | false |
SSDEEP: | |
MD5: | B7F48FD24355F545393603143FC8E158 |
SHA1: | 9D16AE5AE64F70766B2A5E509AE13C52DD0B131C |
SHA-256: | D5FFCA6307367D5B8096FB08C075E273B16F1A825D07642DEF801BE29F542BC2 |
SHA-512: | 56997D4A921389BCBEEC97820151F71608CE88596DD8C755C53321CFD87C8E1BC7E5B48997A5DF3A1C45A86A710285BB864B091367620C8F02E42BCD91E34380 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 15-08-50-081.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.359827924713262 |
Encrypted: | false |
SSDEEP: | |
MD5: | 06DEAEDB81D09FD8FB5FF668D8E09CB2 |
SHA1: | 28A02BCBD5975117B97A08AFB049F2C94F334726 |
SHA-256: | D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64 |
SHA-512: | 948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16603 |
Entropy (8bit): | 5.3474368558716145 |
Encrypted: | false |
SSDEEP: | |
MD5: | 30189435A0FFA4C9A61ECE45DA6A4B12 |
SHA1: | 58C26A02ECD5166FCE79FF7410FF7678A5A82AFE |
SHA-256: | 167922DE0E65FA7C5DE1B7A09EEBB5EBA00B85FF7FF254C4DDF7ABBD1F31DC87 |
SHA-512: | 380DA8F9B834C633301395A8492AEC8DC0C7C4E6A630C085C7F1019483937A41D9441E18ABE6C5F1DCAAD57D71EF9D8DD87E8C53B6F2D823028E86AB0A3E4793 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35814 |
Entropy (8bit): | 5.4205732909158 |
Encrypted: | false |
SSDEEP: | |
MD5: | A701753D4E310D71C44093D346706785 |
SHA1: | 3F476207AA2ABC0C46631B0A89BDF44351D7568B |
SHA-256: | 4D5495107C17E743389D9D08654D0D42C6D86101584BF0F4B9155ABEC34B2466 |
SHA-512: | 59B9C4464FF888D43EAF266AD5E8F6BB4C72F0C75E012578A6C82DA8BBEABCA173F5F28527F673CDAC9D146D22AE749EE1D1E4AC6CD147CBD6DAFEB2E0D1CB92 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.3613836054883338 |
Encrypted: | false |
SSDEEP: | |
MD5: | 679672A5004E0AF50529F33DB5469699 |
SHA1: | 427A4EC3281C9C4FAEB47A22FFBE7CA3E928AFB0 |
SHA-256: | 205D000AA762F3A96AC3AD4B25D791B5F7FC8EFB9056B78F299F671A02B9FD21 |
SHA-512: | F8615C5E5CF768A94E06961C7C8BEF99BEB43E004A882A4E384F5DD56E047CA59B963A59971F78DCF4C35D1BB92D3A9BC7055BFA3A0D597635DE1A9CE06A3476 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7C86AB673C66E7D920609D71A1992C43 |
SHA1: | 624761EA98CB629EDAC8E6ADF1C1FB1E6360DC53 |
SHA-256: | 1F973842C653BE42FD7D2238AE6C2959F7F99285AB3A9310ED24A0721D7027A9 |
SHA-512: | 54721940CDDE717B23ED6C420643522D0C3BABE5F8E704CB6E341B1A960F5818AEA26317205F3D6AEBD02375A160B79D98A4EFDBE00F1E5631B82F962257984C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.6699171651619305 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1916076FE41C1970E1EDC96D33C1C40E |
SHA1: | 971DC46099618F42B804A53EE0E8C72D9B9321B4 |
SHA-256: | E3D8A6B413BCF2B23379BEEEC65EBFE2E832597CBC5B737C99E3B9C36128FED2 |
SHA-512: | 5A51A5B19348A2183637F810AC3D6219A53BA99409538A74242EBA0A696A86C443CB24DAF185CDE260161E78672A44152EEDF77C7DC9DEFFB2B32933DF724DA7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 0.4173503542368155 |
Encrypted: | false |
SSDEEP: | |
MD5: | BA2D1F6C64F753FF7D150D4844974B73 |
SHA1: | 723B901433FB7701CEF12EBB678597C449B42B18 |
SHA-256: | 49838E9F750B1C9DA606B9B7F573B71A2F8AA53C8ED2D27851CC813D7CDC16F4 |
SHA-512: | 310B9CC6DB4BA1DF17A042B3E68153FA07F72A79C64810848DFA3A2B47EDE97D66658EFB6D7C2BFC219826399BABFEBDA12BA6662D39B059B66794FE4F0338C8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.547662323273604 |
Encrypted: | false |
SSDEEP: | |
MD5: | 338C1377B46DEEE42A5194C205751C82 |
SHA1: | 3A64A5278F2C4B158E0DF408FCD4A1F7A43C54FE |
SHA-256: | 3A6497B389529641043FB9167B0B1C01F84DE60E9351506A9FA9F8B55D016987 |
SHA-512: | 2E92EA3DE1EF5279A3C42BAC74A92B77A25F823549B4DE4E489512116DC3BA46FF6A95100A36C024977973D549702767CCEE49E2607AEE7185F20CB2123C9AD0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 5.987703618135619 |
TrID: |
|
File name: | Fw+Adfast+Canada+Request+For+Proposal+(RFP)+ID#9009.eml |
File size: | 62'219 bytes |
MD5: | 4277402f0f8e64fceaa82e1cc90aeba6 |
SHA1: | 6beda0fe292fd63f1053233f2b23ed14478f368e |
SHA256: | 093e125920085275e5721961bb35039022950fa5729da3e5c6744f3adf31f8cb |
SHA512: | a22b0944e9039c4b3f18ede10e7d8d4a1581d1352dd99a7b471cd8b5a48434528489059e8b247ee7ade0b8581ce45f3e5119e83c00932daebcf4a02164c1b163 |
SSDEEP: | 768:NOKb+l3NrlYnkfyka7BoxKXf/+aEP9jC+0Pa4r4CIoZnQU:NOKb+l3xlYnktC1EoXbIyh |
TLSH: | A953F680AA500111F1B71A9C2F0ABD4EA6217A0FEED3CDD131E6619BDEDF467871B349 |
File Content Preview: | Received: from YQBPR0101MB6441.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:42::9).. by YT2PR01MB5086.CANPRD01.PROD.OUTLOOK.COM with HTTPS; Tue, 8 Oct 2024.. 18:25:56 +0000..Received: from YT4PR01CA0020.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:d1::23).. by YQ |
Subject: | Fw: Adfast Canada Request For Proposal (RFP) ID#9009 |
From: | Drew Hauser <drewh@mccallumsather.com> |
To: | Quadbridge Support <support@quadbridge.com> |
Cc: | |
BCC: | |
Date: | Tue, 08 Oct 2024 18:25:31 +0000 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Received | from YQBPR0101MB4745.CANPRD01.PROD.OUTLOOK.COM ([fe80::d224:1b0c:7cac:4756]) by YQBPR0101MB4745.CANPRD01.PROD.OUTLOOK.COM ([fe80::d224:1b0c:7cac:4756%7]) with mapi id 15.20.8026.020; Tue, 8 Oct 2024 18:25:31 +0000 |
Authentication-Results | spf=pass (sender IP is 40.93.18.6) smtp.mailfrom=mccallumsather.com; dkim=fail (body hash did not verify) header.d=mccallumsather.onmicrosoft.com;dmarc=bestguesspass action=none header.from=mccallumsather.com;compauth=pass reason=109 |
Received-SPF | SoftFail (protection.outlook.com: domain of transitioning mccallumsather.com discourages use of 103.246.251.226 as permitted sender) |
X-Sophos-Product-Type | Mailflow |
X-Sophos-Email-ID | 858e926441be40aba494d0911cf671d2 |
Authentication-Results-Original | dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mccallumsather.com; |
ARC-Seal | i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZewJeks+HTPXPuGHzq+S2HtpePpVgRV0iJih8S/WFhsb1rxn4Wgxv2L04lC4MHwZZe1HETQwiTTi1CzccZWLepT+uyx9hHCsGMpO1f/YJhfB8WN18Vpvc8ND7BfUldn4Sh+15ro4AKr/gh94OOgGbgZYzMRifuHDgQT7T05DoAzLhANbmFdWCKwxRYr466Pskc2bW5isbQjKdxJ7E2jsthnUAwoukmuC74c1TpEZVADhmUwe7lqKKha7nFRg5L1efGv/UIfId6SyF2M53XorZRCG5acbAzayYUkX+KHghWL6B6ysU5MdADC4cL8GiV0RgsxlCpVXTqW0P5P+W5CpGg== |
ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UyRM5Kzce6jJBuonjEkO7s858rLs52ka5C/gkFl6H34=; b=zDKXWhJAL2o+BIGfgoCuV+BKetmF2DPLMSMjnI8OYuexQzTHubyxIxfhzW0bsIszQIM7Jd/kaSKkGbD5BCvnNPpfirava7otu1wmOmjs3YFhj5M609MyQJDo64/EEw0e8334FM7P2QW30DZ/wnE3gVD/9aHPKI5XI5vGqP6C6coP3C/YfGKAbxlDYtIefJJ8G+8qj9L7eKDVwk/unsVH1gsKwYCmEkuaBLmtZtqrmFKBLNQ0NmSwpN2EJ4PqKvzr9WdQ1fo9thewZCAMhOVIbfKXsvWC9MjDngWTq8T/FYvBs3jFt2lZHWJsEGxYSP64m0cfrLZ3THUnJSFsWP4sUA== |
ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mccallumsather.com; dmarc=pass action=none header.from=mccallumsather.com; dkim=pass header.d=mccallumsather.com; arc=none |
DKIM-Signature | v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1728411931; s=v1; d=mail-dkim-us-east-2.prod.hydra.sophos.com; h=Content-Type:Date:Subject:To:From; bh=j/Q1PN5VioNMM7Ny0hMFGxfSj9HUzG2eioN5pwWRjwE=; b=DP/z/tQ8yXhOCXH8f3u53PuR6lVtxjiOsT4jdts2oDeeP+KAR64CbbiSZY03syFz d+DdG8oQ4GqRaz8Lgj3wuFK2sKADjIbfkpP24c1zncPyxpyxUk8hbC3BQ3vep0EZuAl ETvDnP4IV12lhpAOg+G/JQ5o+T2kJ+RKfDiCVXYjmgljDn6J6fHCaKr6d5XFan9zJrW 1b6HnVSJLQp2hE2GcQXP40BMjHvpHkYqPwFPaLr04mPR2nCEqB3kgpl2T9Qns3l0VjO uK4bEsH/6l7kJ/2kuzoZ2d0yoxFhZn5H0k2ACnqwvcnHaEszAjFfQhgZjyoKxieKex6 MdQ+OZ499Q== |
X-MS-Exchange-Authentication-Results | spf=softfail (sender IP is 103.246.251.226) smtp.mailfrom=mccallumsather.com; dkim=pass (signature was verified) header.d=mail-dkim-us-east-2.prod.hydra.sophos.com;dmarc=none action=none header.from=mccallumsather.com; |
From | Drew Hauser <drewh@mccallumsather.com> |
To | Quadbridge Support <support@quadbridge.com> |
Subject | Fw: Adfast Canada Request For Proposal (RFP) ID#9009 |
Thread-Topic | Adfast Canada Request For Proposal (RFP) ID#9009 |
Thread-Index | AQHbGag2rEwFZ9z8H0eULv3zP3a8obJ9K3EB |
Date | Tue, 08 Oct 2024 18:25:31 +0000 |
Message-ID | <YQBPR0101MB4745A2BD1C03CBDC88CB9839D47E2@YQBPR0101MB4745.CANPRD01.PROD.OUTLOOK.COM> |
References | <YT2PR01MB10792AFF7908EADCB96D92537F27E2@YT2PR01MB10792.CANPRD01.PROD.OUTLOOK.COM> |
In-Reply-To | <YT2PR01MB10792AFF7908EADCB96D92537F27E2@YT2PR01MB10792.CANPRD01.PROD.OUTLOOK.COM> |
Accept-Language | en-CA, en-US |
Content-Language | en-CA |
X-MS-Has-Attach | yes |
X-MS-TNEF-Correlator | |
msip_labels | |
x-ms-reactions | allow |
x-ms-traffictypediagnostic | YQBPR0101MB4745:EE_|YT4PR01MB9814:EE_|TO1PEPF00005346:EE_|YT2PR01MB5774:EE_|YT2PEPF000001CD:EE_|YT2PR01MB8517:EE_|YT2PEPF000001CD:EE_|YQBPR0101MB6441:EE_|YT2PR01MB5086:EE_ |
X-MS-Office365-Filtering-Correlation-Id | aa5e2d48-76ec-40ca-5916-08dce7c6a43d |
X-MS-Exchange-SenderADCheck | 1 |
X-MS-Exchange-AntiSpam-Relay | 0 |
X-Microsoft-Antispam-Untrusted | BCL:0;ARA:13230040|35042699022|3613699012; |
X-Microsoft-Antispam-Message-Info-Original | uUVJ0L9TxRVsLpOBQUy7pVwM7hVyH410he/yQSmFK1RUqpY5FrINS+TTRhhr3GXfLEsAqg4umEtlm/CBNq1mMfRmNvKaYbZpxIFrZFoklQTRCdQ5IYgzGqRN25PsgvsY775yWfDEnowNQN4zNthiHxxHOp43kvr5d4vmKKOAKW6Qo9aTn+QKq1Gcf2hCcCMbWLua+jgRChopWPHAgITBubioh5z5DjF8/Lxld3cH9Xm2zG99msd/5wkQWT7Q9OYSByEoYbcSj/RolnfSovxvlt3lhGxQpmiR8PGZSdAApNY20ryEiUA0uVTMu7z87UX9pk9mTZW2jqBW7/wkuwbecWy0u8OhtEyu9mtAdLJk0R0ZFRyFmeXg6Yg49h5G/532KQnSCX18hb0gDYyoKmMOBwjCpdh49BWt5TZsPCGlR//6CKo6UJggX28uJGdTXR8S/ewhVLmoz4iYQdMsjveZ8pLCBzttDQG/80bPhV3D5SwYEOmbpfBvKwAPJCp8aeSrPaE3Bf2LQW3MiKzuD7VMu9/lnkmjJU/u2PXgm7Dd2bEYkJW2wcHnavBRbr7BLGpT9z1rA+AbnYOw9X61U8n8HJU3ct6MboRgNOpIg/0VybZg04rOAXJ1nFcqhweoNgaoEzMzrGZWNafngVMtiS0EpkBadMhINaot7V9LENRW5rOZX3zUvXeV2Alh3lGX7fyWCNaN7q5T81fTVfcsRN2/RCFgMDwMlJd5Zanjl1QSBGKyzhMxPFRy+OppyHdFFlc9PR7c20tSjm9KFGa0K4b2SOomUwBiuKo1RDg7RDv3x1xR7W9oQecWvUbz2o5koakJSTCA9Rb7CiUE/4+AFBJqcCow/T55s69Mymi5jn0od4lgXB7UAHnqKz4kYOG4b7hcgvNubfHAp0QqhwvAzszDKv8eGOmCA8WrQqyGM9ZVdTqJv2RyaBsDnpkMGiUkwrn+vIiywodEGi8VqR9eAnLiCpGd+JC/wsTkW5NsmzJsmMfxISpReNJsB2Xa/NRdk6mmx1qp76nlHoryjzGIcPKmw8G+biqo4zQbL6BSW0AcihksrQdI1Q/4d75wVpMbVVHNyx0qGl5VRFaXLptBbXYW+iOjM6Zjhn61YVPrwbn65akaP0Uq7NLiyMlUylZrZZoDWvcXrK0jXJ8HrXiNj35h4j2d00/XrLXyBOyKIaMA621/x8NINF1xTnVoQKItZDYaF7E1crPvBtNBpn6hnZ5j3UHVre9WV28cV/W2CtepwMS+sCN59cIAUmdXkU72IwkLOA//1Rxy+/CPQ0mZDtC9747d/FE4MAhPd2/E7bQSKSUdLKVHIV0WlztZ5ThNx0tMYsLSnRRTOzHBocbFc+LjL6lL+5r6WPii87wOMKbujR25PNYkAhx0dX4iuIC7kTF9EfgiBWcL8xaKPOjVvmmZvK4nNaSHynKxKzA38q44UsnRWIj/A4lCQduMccuDB4DAVW4TacPm3S0Fmqjhe7LdzHlTOd2EZFSfk76Jy6vwuSMqb8eOGkO8qA8/E6R9L7EZZiCvCI3mQOVVffgulfzIfXYe5BsDaztFVYdGrCsLs3VcU9XS6BykFZi/ObeA1J6w8uzAx6Hle8ERzI+9AJea6aIMizpLTMN6tN5nOl/adUaSRhgz5rbeNnEOfd4145TG63cdYTN+jn7MR9sNlcxsn3DwYdppV4hhsN5GkXB1NWALFH4Y+PiSmk4FCbw8rPVoLpqQgHfiGc+EFwjNoKrkSvQAcvM7HRk0HSnxa/NKKQ8i5gH0KDhRpondbTYyE9OygJC+bJEuPfA9mT0r4YYtmZTUVFabxfgG+TBGZYqmPlf2WIr2dfLObFI+l4qmR3u11j1AUf13Az3vYVOo+7JnsTqmBCkdGxs7kwKyxxsXmL0= |
X-Forefront-Antispam-Report-Untrusted | CIP:40.107.193.72; CTRY:CA; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YT6PR01CU002.outbound.protection.outlook.com; PTR:mail-canadacentralazon11022072.outbound.protection.outlook.com; CAT:NONE; SFS:(13230040)(35042699022)(3613699012); DIR:INB; |
Content-Type | multipart/mixed; boundary="_010_YQBPR0101MB4745A2BD1C03CBDC88CB9839D47E2YQBPR0101MB4745_" |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | YQBPR0101MB6441 |
X-Sophos-Email | [eu-west-1] Antispam-Engine: 6.0.0, AntispamData: 2024.10.8.174815 |
X-LASED-From-ReplyTo-Diff | From:<ableone.com>:11 |
X-LASED-SpamProbability | 0.091123 |
X-LASED-Hits | ARCAUTH_PASSED 0.000000, BODYTEXTH_SIZE_3000_MORE 0.000000, BODY_SIZE_10000_PLUS 0.000000, BODY_SIZE_25K_PLUS 0.000000, BODY_SIZE_50K_PLUS 0.000000, DKIM_SIGNATURE 0.000000, DQ_S_H 0.000000, ECARD_KNOWN_DOMAINS 0.000000, FONT_STYLE_0PT 0.000000, FRAUD_ATTACH 0.050000, HTML_90_100 0.100000, HTML_FONT_INVISIBLE 0.100000, HTML_NO_HTTP 0.100000, IMG_AR_1 0.000000, IMG_ATTACHED_2P 0.000000, IMP_FROM_NOTSELF 0.000000, INBOUND_SOPHOS 0.000000, INBOUND_SOPHOS_TOP_REGIONS 0.000000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000, MULTIPLE_ATTACHMENTS 0.000000, NO_FUR_HEADER 0.000000, NO_URI_HTTPS 0.000000, OBFUSCATION 0.000000, PDF_ATTACHED 0.000000, PDF_ATTACHED_1 0.000000, PNG_PIXPERBYTE_LOW 0.000000, PNG_PIXPERBYTE_MED 0.000000, REFERENCES 0.000000, SUPERLONG_LINE 0.050000, SUSP_DH_NEG 0.000000, TEXT_DIRECTION 0.000000, TEXT_DIR_LTR_ONLY 0.000000, URI_WITH_PATH_ONLY 0.000000, WEBMAIL_SOURCE 0.000000, __ANY_URI 0.000000, __ARCAUTH_DKIM_PASSED 0.000000, __ARCAUTH_DMARC_NONE 0.000000, __ARCAUTH_DMARC_PASSED 0.000000, __ARCAUTH_PASSED 0.000000, __ARC_SEAL_CV_FAIL 0.000000, __ARC_SEAL_MICROSOFT 0.000000, __ARC_SIGNATURE_MICROSOFT 0.000000, __ATTACHMENT_NOT_IMG 0.000000, __ATTACHMENT_PHRASE 0.000000, __ATTACHMENT_SIZE_10_25K 0.000000, __ATTACH_CTE_BASE64 0.000000, __ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __AUTH_RES_DKIM_PASS 0.000000, __AUTH_RES_ORIG_DKIM_NONE 0.000000, __AUTH_RES_ORIG_DMARC_NONE 0.000000, __AUTH_RES_PASS 0.000000, __BEC_SUBJ_KEYWORD 0.000000, __BODY_TEXT_X4 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __BUSINESS_SIGNATURE 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_MIXED 0.000000, __DQ_D_H 0.000000, __DQ_IP_FSO_LARGE 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __DQ_S_DOMAIN_HD_10_P 0.000000, __DQ_S_DOMAIN_HD_1_P 0.000000, __DQ_S_DOMAIN_HD_20_P 0.000000, __DQ_S_DOMAIN_HD_5_P 0.000000, __DQ_S_DOMAIN_HIST_1 0.000000, __DQ_S_DOMAIN_MC_100_P 0.000000, __DQ_S_DOMAIN_MC_10_P 0.000000, __DQ_S_DOMAIN_MC_1K_P 0.000000, __DQ_S_DOMAIN_MC_1_P 0.000000, __DQ_S_DOMAIN_MC_50_P 0.000000, __DQ_S_DOMAIN_MC_5_P 0.000000, __DQ_S_DOMAIN_RE_49_L 0.000000, __DQ_S_DOMAIN_RE_99_L 0.000000, __DQ_S_DOMAIN_SP_0_P 0.000000, __DQ_S_HIST_1 0.000000, __DQ_S_HIST_2 0.000000, __DQ_S_IP_HD_10_P 0.000000, __DQ_S_IP_MC_100_P 0.000000, __DQ_S_IP_MC_10_P 0.000000, __DQ_S_IP_MC_1_P 0.000000, __DQ_S_IP_MC_5_P 0.000000, __DQ_S_IP_RE_0 0.000000, __DQ_S_IP_RE_49_L 0.000000, __DQ_S_IP_RE_4_L 0.000000, __DQ_S_IP_RE_99_L 0.000000, __DQ_S_IP_RE_9_L 0.000000, __DQ_S_IP_SC_1_P 0.000000, __DQ_S_IP_SC_5_P 0.000000, __EXTORTION_MALWARE 0.000000, __FRAUD_INTRO 0.000000, __FRAUD_MONEY_BIG_COIN 0.000000, __FRAUD_MONEY_BIG_COIN_DIG 0.000000, __FUR_RDNS_OUTLOOK 0.000000, __HAS_ATTACHMENT 0.000000, __HAS_ATTACHMENT1 0.000000, __HAS_ATTACHMENT2 0.000000, __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_X_FF_ASR 0.000000, __HAS_X_FF_ASR_CAT 0.000000, __HAS_X_FF_ASR_SFV 0.000000, __HIDDEN_HTML_CONTENT 0.000000, __HIGHBIT_ASCII_MIX 0.000000, __HTML_ATTR_DIR 0.000000, __HTML_BAD_END 0.000000, __HTML_BOLD 0.000000, __HTML_DIR_LTR 0.000000, __HTML_TAG_DIV 0.000000, __HTML_TAG_TABLE 0.000000, __IMG_ATTACHED 0.000000, __IMG_SIZE_1K_10K 0.000000, __IMG_SIZE_1K_LESS 0.000000, __IMP_FROM_NOTSELF 0.000000, __INBOUND_SOPHOS_EU_WEST_1 0.000000, __IN_REP_TO 0.000000, __JSON_HAS_MODELS 0.000000, __JSON_HAS_SCHEMA_VERSION 0.000000, __JSON_HAS_SENDER_AUTH 0.000000, __JSON_HAS_TENANT_DOMAINS 0.000000, __JSON_HAS_TENANT_ID 0.000000, __JSON_HAS_TENANT_SCHEMA_VERSION 0.000000, __JSON_HAS_TENANT_VIPS 0.000000, __JSON_HAS_TRACKING_ID 0.000000, __KNOWN_SPAMMER_ADDRESS_5 0.000000, __MAIL_CHAIN 0.000000, __MIME_ATTACHMENT_1_N 0.000000, __MIME_ATTACHMENT_1_N_N 0.000000, __MIME_ATTACHMENT_N_2 0.000000, __MIME_ATTACHMENT_N_3 0.000000, __MIME_ATTACHMENT_N_4 0.000000, __MIME_HTML 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MODEL_THREAT_GE_25 0.000000, __MODEL_THREAT_SINGLE_GE_25 0.000000, __MSGID_32_64_CAPS 0.000000, __MTHREAT_50 0.000000, __MTL_50 0.000000, __MULTIPLE_URI_TEXT 0.000000, __PART_TYPE_HTML 0.000000, __PHISH_PHRASE10_D 0.000000, __PHISH_SPEAR_GREETING 0.000000, __PNG_AR_1 0.000000, __PNG_WIDTH_100 0.000000, __RCVD_PASS 0.000000, __RDNS_WEBMAIL 0.000000, __REFERENCES 0.000000, __RUS_OBFU_PHONE 0.000000, __SANE_MSGID 0.000000, __SCAN_DETAILS 0.000000, __SCAN_DETAILS_SANE 0.000000, __SCAN_DETAILS_TL_0 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __STOCK_CRUFT 0.000000, __STYLE_RATWARE_NEG 0.000000, __STYLE_TAG 0.000000, __SUBJ_FORWARD 0.000000, __TAG_EXISTS_BODY 0.000000, __TAG_EXISTS_HEAD 0.000000, __TAG_EXISTS_HTML 0.000000, __TAG_EXISTS_META 0.000000, __TEXT_DIR_LTR 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_PATH 0.000000, __URI_NS 0.000000, __URI_REDIR 0.000000, __X_FF_ASR_SCL_NSP 0.000000, __X_FF_ASR_SFV_NSPM 0.000000 |
X-LASED-Impersonation | False |
X-LASED-Spam | NonSpam |
X-Sophos-Mailflow-Processing-Id | 68ac95dac2cb497189789a5b0fa09d48 |
X-EOPAttributedMessage | 2 |
X-MS-Exchange-Transport-CrossTenantHeadersStripped | YT2PEPF000001CD.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Office365-Filtering-Correlation-Id-Prvs | 39a76dcb-d6b5-4611-ea47-08dce7c69cb6 |
X-EOPTenantAttributedMessage | 7136a643-f43a-4e59-b470-0f0804af0ab7:1 |
X-MS-Exchange-Transport-CrossTenantHeadersPromoted | YT2PEPF000001CD.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Exchange-AtpMessageProperties | SA|SL |
Content-Transfer-Encoding | 8bit |
X-Sophos-Email-Scan-Details | 27140d1e1540510e7e771140550e7d75 |
X-Sophos-SenderHistory | ip=40.107.193.72, fs=9003032, fso=9003032, da=221870556, mc=803, sc=6, hc=797, sp=1, re=0, sd=0, hd=20 |
X-Sophos-DomainHistory | d=mccallumsather.com, fs=50040471, fso=63513402, da=82613380, mc=3578, sc=0, hc=3578, sp=0, re=21, sd=0, hd=24 |
X-Sophos-MH-Mail-Info-Key | NFhOUGJNMlZyc3pSaFF0LTE3Mi4xOS4xLjU= |
Return-Path | drewh@mccallumsather.com |
X-MS-Exchange-Organization-ExpirationStartTime | 08 Oct 2024 18:25:52.4792 (UTC) |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Exchange-Organization-Network-Message-Id | aa5e2d48-76ec-40ca-5916-08dce7c6a43d |
X-MS-Exchange-Organization-MessageDirectionality | Incoming |
X-MS-Exchange-SkipListedInternetSender | ip=[40.93.18.6];domain=YT3PR01CU008.outbound.protection.outlook.com |
X-MS-Exchange-ExternalOriginalInternetSender | ip=[40.93.18.6];domain=YT3PR01CU008.outbound.protection.outlook.com |
X-MS-PublicTrafficType | |
X-MS-Exchange-Organization-AuthSource | YT2PEPF000001CD.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-MS-Exchange-Organization-SCL | -1 |
X-Microsoft-Antispam | BCL:0;ARA:13230040|35042699022|2040899013|82310400026|3613699012; |
X-Forefront-Antispam-Report | CIP:198.154.180.200;CTRY:CA;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKN;H:YT3PR01CU008.outbound.protection.outlook.com;PTR:mail-canadacentralazlp17010006.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(35042699022)(2040899013)(82310400026)(3613699012);DIR:INB; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 08 Oct 2024 18:25:52.1823 (UTC) |
X-MS-Exchange-CrossTenant-Network-Message-Id | aa5e2d48-76ec-40ca-5916-08dce7c6a43d |
X-MS-Exchange-CrossTenant-Id | 7136a643-f43a-4e59-b470-0f0804af0ab7 |
X-MS-Exchange-CrossTenant-AuthSource | YT2PEPF000001CD.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:04.7656370 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.8048.010 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(4955320)(920097)(930097)(140003); |
X-Microsoft-Antispam-Message-Info | mJE5opqRBTQpv+6AHbttsZK6U5qUmSn476Js2wiu72PTudoJuJybi5C9lzQ90NR/GQ7Kmffizwa5MExxvp8NkcF+QOnhwyhNr3zdNH60t0xcOqyOhBaBc+6fN62qa9IAa8hHHeR7wVfPoJzxxyhMMIM6q+bdC3u2/QLcASULIEbQXN1w4t2HbPq7rYho3lqzAOXowu0UcdkIa9bKeiMMTVKOK18wAyLwozcfPSg6a7Z4+XyfRwIdh0JjHRh6PpgXVahFJaPTVQXCRxbnQEnNzY8f9JroLoGsb2YypnfYXdUlgMV44OqePcScjnF7Zzn1d82jzR6K9UkD+vwSwN8y+gaYkOj6fI5pR90PASNnPvqeLgWaC5GsrPRiuvH6Vbr7TP+sVu9JaH/cm9filNdgbYTf5o+rZqJecXpP88TsbtHiKH3addoOu0ygh6KilVOjpRLPb3+ZYwKtiYhtHxvEPTjjPKHr73Y9tLyXwqJimVUwOky0Vbw1zVQ1c82MZ5K1m3UxZawo/Apys3RtlYpcDMXLZT4zVhReIWWOc596PcSu7pQatyEjdk5WjsWPGzlZkJHGy6bTw1H/aZYyVOfNSFOLCw/f6Zr5a6lvpHR5qlW0RRpyDSU1Mkz2ov+q7bcNC3TwCXz/98LbgmmyzzhlSRCyOWiixVUa6Mf/ctGlOmx7ReA4HepfYDlw3XxVO24bjk0v5aMTkBzr+EmLeti2arv9ziAgIxBmnTykYElLP/yQ0ZeFkVhoEnisZa/diKxIjz10OlLc9wOuusVZVUAnPfjk+LmYCRxlShaWQSeLpLBMBf6aj6sGSZHpYbFVfDt6MnazECRKtHBNqU+jFO0eA25Onv+iAFC6yIJXJvN0mx3eyqGcc2cpM6hC1VwXu/m+n9Sp6H00uDBjF8SXrGDKlqS5aEC5SZpkvoEvcdjKngk+3OeOtz2AzkFDkiPeK6z/LMGs821q705RYYC+xlSDsNccTw+VtEWGlpHk6luhuceMy/Q19EzJ5cTKUDiG/WS5Q5nktq7IIjuK8TJ0FqtSmJiU8YYeJx74h2Peyu2ehoUbjkEYNj7koaODB5l3yMcJkPvyEVBzsNFF+uOSaSELxLLusKOYEU+rqkYCJKcW0b7ibqvBnA6HYSvYaAWFeIWEoM2G6aTnnUmKf6/P1jSGHXgbNv4nhkZJZHwsYcgTC9DnTLWOFzhypKCzz/57VBXv29S4BuKpb7IbJIr+9R9uo8Hm4gHtb+46WCwSmIj/qSvEHs5kFri59/6OmWem8dhos1oCAeMLPnL7ImLvXDZpHD65zmuLyfl8q3Q4LKC6a/d983fu6n7vNCEwwWPGpgiMPbBKA02cfpgmZFtWerHd0i1PlpvCI3fgejjLAPgNtlDpNyUCkPPZhxMhY0QaQFR0KpToLsBSrcdJ/zXCu1feBPSL+VoeYzukgElpHHjujz8q9DxnjANJCWqhnnS1Oj5dEq7WXgZEutk1rKlVMvw5mV+rtcWd0S4yL51lXaGQeEcy0RWVeGivoEqyTbU/9+6Syjagy5rcbmz3iDKhLS4fXVdRbOXx462dLc0Ho/RRO9rdJSKvPmVVTF4MxW8wpKVPdzxkgapx4st4w7QBURBsJJaEZ0yQMFQVvxqFPFdfehiC7DCm28ivIoCApI20IgctAEAPA3vlmgAE/INpijHnQUtc3I9q9fXDgnKS91h97NpMY+mN8fAzuh6rVNtNRxsTlg4eW9N+sT9L62/Zhy59Kl2m3WCkveWEXK3uWtolxX1qlAZobTh49CZatyoSnKu2MgqPeTS/34AJhTy6l06tfobMz+1H5MP2yFm5ZUFJDr9koaoRfQ8dB7ocqpxTTaTq+Jv9UplA3hFPvJqrjxbjtwuw279GDS39sxrALJePjMZgbxrdV3bQpZ684JZvA54ajnKAZWXeQpICLdWZPkvOvCyRd28eTA2FYj9ZqLOX5njYuMW3OR9ellN/zXQcxMTO2ysa1bF+WL04gnJk20cuygmag6YO5nTP7H3y7e4H/klRBF7AwrcM1M3O3q8nh4ZgZc/CQbpN8eWSGq3HsSRV13cOWBWZ4yX9yINN06k016ybmuWw7n1Y05ftu7WYfX1UEZxIAuucxSScaJzIem5fjUT7N6PiyhpUjVwBDnq1YXJ2q3ejYApAXGfrSPlaYLzCcXlQXFJeTS+3lBR+CtHdlINLHeGi1v69cySHWBvsjig= |
MIME-Version | 1.0 |
Icon Hash: | 46070c0a8e0c67d6 |