Windows
Analysis Report
email.eml
Overview
General Information
Detection
Score: | 25 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Signatures
Classification
- System is w10x64_ra
- OUTLOOK.EXE (PID: 6964 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\emai l.eml" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 6408 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "D4E EA062-4FD0 -4301-840F -1F49053A2 E87" "8637 6162-623D- 4435-AE13- 210F3DEF52 02" "6964" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) - EXCEL.EXE (PID: 6260 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\Offi ce16\EXCEL .EXE" "C:\ Users\user \AppData\L ocal\Micro soft\Windo ws\INetCac he\Content .Outlook\8 SZEA0ME\94 0-CJV-000- GEN-MOS-00 001_DRS (A ) - Copy.x lsx" MD5: 4A871771235598812032C822E6F68F19) - EXCEL.EXE (PID: 4596 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\Offi ce16\EXCEL .EXE" /Emb edding MD5: 4A871771235598812032C822E6F68F19) - splwow64.exe (PID: 1344 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
- chrome.exe (PID: 3552 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2356 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2220 --fi eld-trial- handle=184 0,i,167964 8640014665 5648,14553 7177206936 79175,2621 44 /prefet ch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: X__Junior (Nextron Systems): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
Source: | File opened: |
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Window created: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File read: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | File opened: |
Source: | Window detected: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Persistence and Installation Behavior |
---|
Source: | Section loaded: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Key value created or modified: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Window / User API: |
Source: | File Volume queried: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Clipboard Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Modify Registry | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Extra Window Memory Injection | 1 Process Injection | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Extra Window Memory Injection | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
plus.l.google.com | 142.250.184.206 | true | false | unknown | |
play.google.com | 142.250.185.142 | true | false | unknown | |
www.google.com | 172.217.16.196 | true | false | unknown | |
s-part-0032.t-0009.t-msedge.net | 13.107.246.60 | true | false | unknown | |
apis.google.com | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
88.221.125.185 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
52.182.141.63 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
13.107.246.60 | s-part-0032.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
23.211.8.90 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
52.109.28.48 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
52.109.28.47 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
2.19.126.160 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
52.109.28.46 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.168.112.67 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
172.217.16.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
2.18.64.138 | unknown | European Union | 6057 | AdministracionNacionaldeTelecomunicacionesUY | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1538483 |
Start date and time: | 2024-10-21 11:49:55 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | email.eml |
Detection: | SUS |
Classification: | sus25.evad.winEML@25/47@6/77 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.113.194.132, 23.211.8.90
- Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, fs.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, s-0005.s-msedge.net, e16604.g.akamaiedge.net, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetValueKey calls found.
- VT rate limit hit for: email.eml
Input | Output |
---|---|
URL: Model: claude-3-5-sonnet-20240620 | { "explanation": [ "The email appears to be from a legitimate business domain (egis-group.com)", "The content and structure of the email are consistent with a professional communication", "The email includes standard corporate disclaimers and confidentiality notices" ], "phishing": false, "confidence": 8 } |
Is this email content a phishing attempt? Please respond only in valid JSON format: Email content converted to JSON: { "date": "Thu, 17 Oct 2024 09:06:32 +0000", "subject": "WF000792", "communications": [ "EXTERNAL SENDER: Do not click any links or open any attachments unless you trust the sender and know the content is safe.\nEXPEDITEUR EXTERNE: Ne cliquez sur aucun lien et n'ouvrez aucune piece jointe a moins qu'ils ne proviennent d'un expediteur fiable, ou que vous ayez l'assurance que le contenu provient d'une source sure.\n\nHi all see attached the WF000792 Cable trunking and traywork method statement for any further comment\n\nRegards\n\nSimon Brogan\nSystems Dept | Interface / Integration Manager\nAbu Qir Metro PMC\nCell: +010 10048489 | UK Cell phone: +44 7856745222\nSimon.Brogan@egis-group.com<mailto:Simon.Brogan@egis-group.com> | www.egis-group.com [egis-group.com]<https://urldefense.com/v3/__http://www.egis-group.com/__;!!PWAseTJI!-O7PTdTb4pClaGGCcs9sM7MegcMcDkEbZO_TzV4oOPDVqz1EIUsOTWht405qvmG3dXyTdHsLHTSyn0NWyoUfXQvwYRY$>\nFloor 4, Makateb Building, Banks Centre Street, New Cairo, Egypt\n\n[cid:image001.png@01DB208C.FFFBBD80] [egis-group.com]<https://urldefense.com/v3/__https://www.egis-group.com/__;!!PWAseTJI!-O7PTdTb4pClaGGCcs9sM7MegcMcDkEbZO_TzV4oOPDVqz1EIUsOTWht405qvmG3dXyTdHsLHTSyn0NWyoUfa5BDbOk$>\n\n\n________________________________\nCe message et ses pi?ces jointes peuvent contenir des informations confidentielles ou privil?gi?es et ne doivent donc pas ?tre diffus?s, exploit?s ou copi?s sans autorisation. Si vous avez re?u ce message par erreur, merci de le signaler ? l'exp?diteur et le d?truire ainsi que les pi?ces jointes. Les messages ?lectroniques ?tant susceptibles d'alt?ration, Egis d?cline toute responsabilit? si ce message a ?t? alt?r?, d?form? ou falsifi?. Merci.\n\nThis message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Egis is not liable for messages that have been modified, changed or falsified. Thank you.\n________________________________\n" ], "from": "BROGAN Simon <Simon.BROGAN@egis-group.com>", "to": "BAILEY Simon <Simon.BAILEY@egis-group.com>, MUDAMBI Simbarashe <Simbarashe.MUDAMBI@egis-group.com>, DUNDAR Tarik <Tarik.DUNDAR@egis-group.com>, HASHEM Mohamed <Mohamed.HASHEM@egis-group.com>, BETTE Nina <nina.bette@socotec.com>, MASWIR Devid <Devid.MASWIR@egis-group.com>, RAAFAT Walid <Walid.RAAFAT@egis-group.com>" } |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.37836624366395 |
Encrypted: | false |
SSDEEP: | |
MD5: | E5C189DED1FBD3E35B1C18FADEDCBAB7 |
SHA1: | A20771E4F6FEEE61633F1344733A89E9423932A5 |
SHA-256: | FC7587B2FAC8167B29C64284B1D37D774E8167608281C99061F4ADBB02C35E71 |
SHA-512: | 5D45C254A153890597AAAA325A0B785AA57186AF2686A70C310A3921B67E95B96658A2611F27A3551C5FAE303739C4E24DF6ABC7DBABF0E3780C74B4A77702C1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 1869 |
Entropy (8bit): | 5.0833538109742555 |
Encrypted: | false |
SSDEEP: | |
MD5: | 94288D547BAC449965090E7298AB6DD4 |
SHA1: | 8D21DC21BC7E8E6F2DB3010C76C38F8C9E5422BC |
SHA-256: | B9F9B1FF55423824DC528447A2B67B776AEBB4A6951EB0EE973B04C1964DFDB0 |
SHA-512: | F9A04BCF7C6CD30CF00183CF5ED26A754038B21C2971C100D27C28D1A2BCF078DAC343F8AC523D885375E349859832CBC96EEDCFF4288278B40507B5F718B1C9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 521377 |
Entropy (8bit): | 4.9084889265453135 |
Encrypted: | false |
SSDEEP: | |
MD5: | C37972CBD8748E2CA6DA205839B16444 |
SHA1: | 9834B46ACF560146DD7EE9086DB6019FBAC13B4E |
SHA-256: | D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7 |
SHA-512: | 02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 773040 |
Entropy (8bit): | 6.55939673749297 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4296A064B917926682E7EED650D4A745 |
SHA1: | 3953A6AA9100F652A6CA533C2E05895E52343718 |
SHA-256: | E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083 |
SHA-512: | A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.9219280948873623 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9EFCBB62A721B61336FBADCEFD5C569B |
SHA1: | A89266B36F95DA95A47919EC9BF115C4AF075273 |
SHA-256: | 04466AB4B99D6989E1E3E075B47B2987294B35AE7C085228075967A8AF93B057 |
SHA-512: | A365F0F74786322F8483FB5AAC571C3A440C81E8E075B0A6DB72BA2324542388206952BD83308B3BEC27B5E361A16A0EB99DAAC20E1988AC9E768049F11E3285 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7397F178FE0D4AB7699061BE22F7BE6A |
SHA1: | 7FE823620A11B85863A5B84DDFBEB5E2628B2388 |
SHA-256: | 6889C46C86A3B76B701980C8DFABFF2F8F1A44AEEA6389C970C28145E689B046 |
SHA-512: | 67D5D9BD04138A6454BD3558341708EB673369C1E9700F53347DA03457F630FCBD6BD41229A523F2A86E901AA0EA8A881D105E7A58D01F01F0DB9F87455A8A03 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.13760166725504608 |
Encrypted: | false |
SSDEEP: | |
MD5: | F1A946C52166F6EDF325E05111187C72 |
SHA1: | 6BDB7245E694CE01669C963C994437F146DB09BD |
SHA-256: | 0F109939691E81A953CA51CCA165BAC4A3D74F373538F036BF7617148978B2C3 |
SHA-512: | FF45D86FCE1C2C4348B55640EF8BC36E987C5332176801F3047F5F9B512C2AA3E25B8BC86E45DE4D45F824FEC0B8481AA355EFE2C3B7200803534445BDDA9BD9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 331364 |
Entropy (8bit): | 7.878912906864061 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2CE20455651865A5CD1CF694CB4B55A8 |
SHA1: | 96EC840FD8D3AF574B03308ADD1CAA499F6CB54E |
SHA-256: | 6F7FF7C83F1C55A6F8229CCA2F29A01F48BE8B5C094E6984C887CA4701E47F82 |
SHA-512: | 12E37592B7AAC292B24332D729ACD3CEFDA9915E76374AD124D654E0414B76F3A08737076A5D621E67D4854F4EBD9EE9273768BDA0A53E220DA49CADFA1E5478 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 34840 |
Entropy (8bit): | 7.9785507286144846 |
Encrypted: | false |
SSDEEP: | |
MD5: | 49A30465B4AC272CF579C429697C319D |
SHA1: | 91DE2A0418C1797170E094CD522B294AC3A6EE7E |
SHA-256: | 129327BC487B8D47200718EC9DD503767B163FCDE822C9637B0C8FD63C280487 |
SHA-512: | 2B82047EB28019B634D1A04B416A5028E712B936CF8CD6010117FA211E0D5583536AA88F78AC222213142FF0CBB754890A497DE001CC35FD1A68998F0000C4F7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8SZEA0ME\940-CJV-000-GEN-MOS-00001_DRS (A) - Copy (002).xlsx:Zone.Identifier
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | |
MD5: | FBCCF14D504B7B2DBCB5A5BDA75BD93B |
SHA1: | D59FC84CDD5217C6CF74785703655F78DA6B582B |
SHA-256: | EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 |
SHA-512: | AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8SZEA0ME\~$940-CJV-000-GEN-MOS-00001_DRS (A) - Copy.xlsx
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.3520167401771568 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9AC4D67F6E514F452D4A1DB79CE3B2E8 |
SHA1: | 33F8C665ECBB81275D2E49D48F2565A58A282043 |
SHA-256: | 407E1D871964C93DBDBD4D00613CD0A9E30D3ED6352D8052C58E7A252D52FC5A |
SHA-512: | 018D0F54AB0AB01F27E9FB870A128F2F581A58487399DD7FB56A94EC4AAEC6874708A5AD5650F362485E45E2C6A557ED08524C5B8335F83F240E0962281A0F1A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{04AA47F8-4D19-44A1-B5E3-33F1447083B5}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4516 |
Entropy (8bit): | 3.3179265500408355 |
Encrypted: | false |
SSDEEP: | |
MD5: | CEA98466E9AAC5961227322CDB0ACB01 |
SHA1: | 37302FCF7EAE75730117514C12459FC37F0AD159 |
SHA-256: | 07419E75462F7CCE1B0AA5ED6725EAE8A9105D68A06A10ABE61EA3536827587C |
SHA-512: | 8F41379D47D0B0EB0AF48D596BA4D76EB762D19FDC3EFBC1D2ED8F85EEB6D3448CE130E90123AF611F2175ACB07F5F4084030068F921D109D6ABD25BDC4BE461 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Microsoft\Office\16.0\UsageMetricsStore\FileActivityStoreV3\Excel\1380790193167760279.C4
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | BB7DF04E1B0A2570657527A7E108AE23 |
SHA1: | 5188431849B4613152FD7BDBA6A3FF0A4FD6424B |
SHA-256: | C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479 |
SHA-512: | 768007E06B0CD9E62D50F458B9435C6DDA0A6D272F0B15550F97C478394B743331C3A9C9236E09AB5B9CB3B423B2320A5D66EB3C7068DB9EA37891CA40E47012 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\1924FFB3.png
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 70276 |
Entropy (8bit): | 7.989584795913617 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8306F6BA2D74796502DCB22064393E53 |
SHA1: | C95026909CB004B21AF855C6D608DF60E38304BF |
SHA-256: | 504A86E96ED98FD8702339DB44A4E192FC2BCC291114B6C68731D4CFC2EAFB48 |
SHA-512: | 52AEDAB0ED33BB2369576365C093C3F6DE35A9ECF3068EA4F6C4CA779EB9EBF1F9400236CC082D0B068CE0F696FF3B821B68BA858CB5FC87806421BB87E2E02B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\358ED395.png
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16093 |
Entropy (8bit): | 7.978579584793853 |
Encrypted: | false |
SSDEEP: | |
MD5: | 02E1FFAF1915905822BC02656AF153FA |
SHA1: | 755B15B5C8EA2714B348B26E6EFA532E202DA57B |
SHA-256: | A74EA5640982A27F7D597687A37E0A9F6701897ECE3FFF786BF9450CE857BD9F |
SHA-512: | 503F83C959CB1BB35460773CF2EBB49A9BFDBAA3D4A86AE948784CC9D1792A48458ABE390B4B4DB73949FFE1CC0C440BBAA658B791FEE50FA6DF20F3B6331F4D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\4923B0E4.png
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3960 |
Entropy (8bit): | 7.85035397197527 |
Encrypted: | false |
SSDEEP: | |
MD5: | A5B18494A54163672787DB695FAE18C1 |
SHA1: | 0C71A9A923E6678138074A6F9477289F5449FAE5 |
SHA-256: | 8B991DE32DF70F2122EA8AA455B92F8BDB74A74F373B3A703BD46A32D97F20B7 |
SHA-512: | 965114A7C2CB9A70F1B8228E2ACD01F38913F872134F41C96D4E8BBE31F7BDDC5AA218B57F84921FCEBD9DEE46789D0D55436D9D97F8DCF99EC1DC91BA9C298D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\4A1B1C92.png
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 59729 |
Entropy (8bit): | 7.987900656815908 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C19E098998FD5DC523300195F78AC15 |
SHA1: | 956A08ABC16A82E8AF93B3358310D2D25748133F |
SHA-256: | FED055D148BB190707C9DBB08E63B91713FB4C3DB12BCB88A55943AADB746040 |
SHA-512: | 6618B9BB74B3A26D1D59B7549CFF643244CFC453B88A3864ED73C5AA98723A1A34E34AC49188EC80C16BA8AA0EE6069036F04B5D1C7EA76B8EE0140A6E0FCD4D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\72E293E6.png
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6279 |
Entropy (8bit): | 7.9629609853447265 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7DA9A61F09BD53A999F2C44EFF7CD2D5 |
SHA1: | 6797B744463B1AD13D1A7027ABAA3952A9E0CCE4 |
SHA-256: | 83C5B2036EAAD7F952CA68A65F8E84B482B91D8B7CF51B902D49382FFBC63878 |
SHA-512: | C27760958B2190FDEDC6C298CFE5620C4332E169034B1B022757CF2A0052E1C56DA1075F6256A14573E4F98B009597DEF2B0E0E7474891FF9FF48D79003FD465 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\8DE526AF.png
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7036 |
Entropy (8bit): | 7.953513912778157 |
Encrypted: | false |
SSDEEP: | |
MD5: | 96AF74F066B34F01D29C1BF087554C52 |
SHA1: | 248ABE40FB726C987EF016BB8F3A3BCA0B055A4E |
SHA-256: | CC9E1C1AD0E7E92369294E4646C76F79159D625CE49E744ACEBEC7C7AF08EFFC |
SHA-512: | A3F6772FC48FDAB7B7B1E13D723BB9FA1DA8B8DDE79E4CE939F51FB0B7B71D7564CB49E52E84328803586C6D58BD71DF3FF27493F827DD8291AE188DF071207A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\Diagnostics\EXCEL\App1729504271598345200_5C856275-EEE5-4A24-8349-DBC88E78744F.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.011590307238908642 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6B04F8870EBEB7A56F913DABABC6BF37 |
SHA1: | AFFA25781E1BA7C3A4846AB678A5364F328D3A3D |
SHA-256: | 1976D0EB23289CA8B07D3943EB8C7D9BE2E744A6003D83CFAF7621711789764A |
SHA-512: | D12C29B2FEAC81DE95600C76790BF1A837F303161351583D2BD22AC9D182B3B5A962AAE5F7382E26D493ABEA13A76495B023D2C747B6C2882DAD12E5847510AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\Diagnostics\EXCEL\App1729504271601968200_5C856275-EEE5-4A24-8349-DBC88E78744F.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\E9928739.png
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 69141 |
Entropy (8bit): | 7.061746523567722 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3200BFEBAE3D6F2E08BE208E6644220D |
SHA1: | 08CF1ABDE6347801CC02BBACE93B3FB76147AB99 |
SHA-256: | 0162A7C2E85D72DC2FBC0E319BA0475C27C01467BE11AF027715FDAC60C3995D |
SHA-512: | 28A59AA68470B07D7D1F123E506DD03F399D92D382D000CF56A9858651BF8B5AD5E0FD9B29B720EB8B39CEE5F81169DD16232EF93B7592A2949F4FDFEAD42964 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\FD3D4E18.png
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 48138 |
Entropy (8bit): | 7.973856556595367 |
Encrypted: | false |
SSDEEP: | |
MD5: | D3D02DB4E2177D62A6B87EC5B5736411 |
SHA1: | C55A9743D139017D19036664B6CD0057B0FC6494 |
SHA-256: | BAA20527EDD26BC2E44026BB9E5975380226ABA308A83F7B4CCCDE68677BD871 |
SHA-512: | 55558A312A0D3E1C98D864ECA739685AD69EAA1151D92B48FE737C6138CD51D8C394FB538484DDEAEC446FEFAD11A595EE329CA5554B5825912B7FCF7A8765F0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Packages\oice_16_974fa576_32c1d314_32db\AC\Temp\mso8747.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3237 |
Entropy (8bit): | 4.6317012858785604 |
Encrypted: | false |
SSDEEP: | |
MD5: | B9E32D2158DA8850BFCB310250F64928 |
SHA1: | 52D7DC0D96F70CEF6361072CF8BD72523AAC434E |
SHA-256: | AEC3BEF4F6DB20C4100631C42089C3139A7083C01FAED8B26D5E0AB4C5E42D74 |
SHA-512: | 9015603AFCF3ECEE75E8D10286C90582F7F44F346BB0A672DEEDAECCA3BA4423D8B8485367551CE5C6E946E1FDB978D8749A6B0B957A1B7465672BC765AF4C43 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1230 |
Entropy (8bit): | 2.7146670657611214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7397F178FE0D4AB7699061BE22F7BE6A |
SHA1: | 7FE823620A11B85863A5B84DDFBEB5E2628B2388 |
SHA-256: | 6889C46C86A3B76B701980C8DFABFF2F8F1A44AEEA6389C970C28145E689B046 |
SHA-512: | 67D5D9BD04138A6454BD3558341708EB673369C1E9700F53347DA03457F630FCBD6BD41229A523F2A86E901AA0EA8A881D105E7A58D01F01F0DB9F87455A8A03 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241021T0550250967-6964.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 114688 |
Entropy (8bit): | 4.625950176110524 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3225D21A526CE6A06C4F0E0A04595B51 |
SHA1: | 0CF8D3306E1A9B63C690A331C41BB252975E226D |
SHA-256: | A6F2A2DB3116B3B0BF5BC5BF3501C06BC20A5CB11C24167D38F05109AABBCA82 |
SHA-512: | 0D696FAEAADF11DC12D02B907429C9F66791187F9772841165CB04473AB0D43FDED675674CB1D7CB7C5E3CBFF884E91E6B9A1CB4CB91699433124259F64B6CC8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 200292 |
Entropy (8bit): | 7.7580337599469 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6A4B78DB9F84F47D3DB22F55AA54A864 |
SHA1: | CF3B15AC80D19518E7F30FAC1824AFA9448E3A57 |
SHA-256: | 9A71E21CF395599268C9970381BBD66EDAA98F02EADEC1B236264EFE44556124 |
SHA-512: | C492509F3837C991D6B0137DFC46A6D40BCAB38AF1A19E1E237153434D54FB92F543AC301E06D06AABD932441794DE85673F91424BE8C4326F6DF76C72506446 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5F9F0C2645813B127FE515D32808CEFF |
SHA1: | A63FBDF6761936536EFB920E06B696AC35735F14 |
SHA-256: | 32BB853F754937168C8B7E5532E7CD0DFB62752AB461AE63E5BD9DB17DC400CF |
SHA-512: | D52CAD21BF690A4665270F27F4C845461477F6B7EDCAEF497A2B0E167D7801117D8E8552E6F5D4F99540E47FA257472D6CD95565D81C8CCAB4A2BABE6847D036 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10428 |
Entropy (8bit): | 3.4700900910032932 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5F9F0C2645813B127FE515D32808CEFF |
SHA1: | A63FBDF6761936536EFB920E06B696AC35735F14 |
SHA-256: | 32BB853F754937168C8B7E5532E7CD0DFB62752AB461AE63E5BD9DB17DC400CF |
SHA-512: | D52CAD21BF690A4665270F27F4C845461477F6B7EDCAEF497A2B0E167D7801117D8E8552E6F5D4F99540E47FA257472D6CD95565D81C8CCAB4A2BABE6847D036 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | 697552832226EFEE9B478CFE6BCB2C55 |
SHA1: | 5F453B2CF7999AECE9BE3358B21E76217EA6E03F |
SHA-256: | 03393A638E973EA807FBFA6C0C38847BC9C3DDE3477B005D5AF963B14AB2FE24 |
SHA-512: | 76DEBD80534E6CA99C567E9AE54A5F1D0599F2CA176F36A520CD1D2254CE8B3A9B878F83336EE12EAA9E6722EF59755231D8ED0A8428CF7ED7695E289D7BA642 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 2.021954885049738 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1031078A039FA4867BE955C1FF0B9178 |
SHA1: | 9A844F5BFA4DA9A7925DD39BA8AB80F90F233EEA |
SHA-256: | 1700E4A46BD2B0BE639959A140F12BC28CFA596679FAFA3581BB077092142B1A |
SHA-512: | ECA37D737520D9883B48ABAB941536F4487CC0D2A677F79F8671934B288826B151D871F2E3DCC566C0D4FC4B1CC4EE4B0676F45BCEC21D148B33BFB3A189649E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0609F276F21984C021166A3AE90A7FCA |
SHA1: | 79931D2B3B5A970214B624D0CCF08E98831AE6AD |
SHA-256: | 7B88C03AC3B09CF5C600303CE812633CE06A42124CC36F132746E78D364BF848 |
SHA-512: | 94C5BF1BAABB5B949932244AE36542325519A58B868C3F29E5F73087AC9B7E96F913D9AD43DF13BC4BA5A1D90D763589B29729F2C29DBB90358EE05C0E04EEE5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 3.782482493156145 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0A0FD2C7EF91432DBB602ECC2C9DD8C0 |
SHA1: | 53A610C4F1439EE992ECDE1D24847CF0D64D37DB |
SHA-256: | 3917FB525B16319636305354B119B28AA9E22CF93E489A9C0566EB0824C52355 |
SHA-512: | 0A868E359EC005AC7C60A00584B6B5F1592B27E4FD2E1B53BB9E6A778EB40C6A1575F009E3A5F9852465417BC76D46635F3A9AC068F744704697F8684F2EC641 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 19609 |
Entropy (8bit): | 7.478686904879618 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0609F276F21984C021166A3AE90A7FCA |
SHA1: | 79931D2B3B5A970214B624D0CCF08E98831AE6AD |
SHA-256: | 7B88C03AC3B09CF5C600303CE812633CE06A42124CC36F132746E78D364BF848 |
SHA-512: | 94C5BF1BAABB5B949932244AE36542325519A58B868C3F29E5F73087AC9B7E96F913D9AD43DF13BC4BA5A1D90D763589B29729F2C29DBB90358EE05C0E04EEE5 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 2.699513850319966 |
Encrypted: | false |
SSDEEP: | |
MD5: | C5A12EA2F9C2D2A79155C1BC161C350C |
SHA1: | 75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A |
SHA-256: | 61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D |
SHA-512: | B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9867084069136993 |
Encrypted: | false |
SSDEEP: | |
MD5: | 55E614E14E645E062F61C57FBF9ACC45 |
SHA1: | 7B643C593DB658089882C3623E35F950B43522CE |
SHA-256: | 4D4CD0F1F781209FD0AFE5970BF6C6C946CAA09DD50F9D7B265E62198C3C6D87 |
SHA-512: | E9FF866D9A7A64DB94F909C54ACF8C1525BFBE5D212F2F2A82B10079162C3DFDD3CE2B1E22A3ED6B20E2D190F93CC5EBAD332ECEB3A5E95B81D89B447C3D95E6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.003948760275371 |
Encrypted: | false |
SSDEEP: | |
MD5: | 523016A3933B8C1E0422074DEC51E15C |
SHA1: | 6361085487CD316364FB326B9047F520F7FF0536 |
SHA-256: | 5C41535B05ABA56AC3803F33B7094874AFAB0BB028E4F81A24A572071C4C08E9 |
SHA-512: | 629A75E2205E6126FBE987E785FCBA35D9A22A1E903818A8971CBB6A19C04F3C13D36719E953111BA506946F623046449E47D39EE709835993EED2F70FBF41D1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.009675368383242 |
Encrypted: | false |
SSDEEP: | |
MD5: | F7F47A559B165768A2B423205C88D79A |
SHA1: | BBC2F129268085D3972B533F25D0D6EF2401DEB4 |
SHA-256: | AB11262372893FC2097EB42D5E9D05F449FB62E7AF001DC96100482A8C31CA66 |
SHA-512: | B719C081EE15158F26EBA5D7E9ECCBF5F406C43B443A2ACA2DE8602BF8EA86E90DFE847914C2F2328F6C7DCF1B8832C159635240B8EB964DCAA1B5C160ED68EB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.001512522164512 |
Encrypted: | false |
SSDEEP: | |
MD5: | B41BB293869D4EC6007E40391C00CA2F |
SHA1: | 34CEF19E359264BBE81EF32E9AA497CD53F34A3E |
SHA-256: | 94081189C713BA4540FE7920F4561AF67B75DFFF79E5151EFA99E6C348B78D87 |
SHA-512: | CD5FBBADB37EAB4250307343915A36712C4F97006B057D6AB85D64B10425124546270523B5D01032761339C5CBBD7CD4BF3A7E951C6A01040A87BE017F227E9E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.990313427170383 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1DE39CAA39C6A5D5AF9D0AE3070F1AA0 |
SHA1: | C1043DD530122E5E69AA9149EE0D79F5CD78D995 |
SHA-256: | 4EE738C6E4494D85FB630133B479D199CF9C67396F89FDA885F6E5E5049621A6 |
SHA-512: | 6BEB253F8E7E4EAF0FDD56B668811FFB0D2044097EFF59454743334F34A05110A4E96E9C4D7A1779A6FAFCDAF702B471EEFD26143C235CB5A0177F62876B1351 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9995881263749036 |
Encrypted: | false |
SSDEEP: | |
MD5: | 06C4E219E8877496B39181FEE3031628 |
SHA1: | 57B5C29A6ED9AF401D82801DF172198FA17B55E2 |
SHA-256: | D569548B15BC39C7B1F6F35338FE48840990EBF45DB7A51E9DD950E3DFAA4F6E |
SHA-512: | D16BFCFBBF8CE26974AE617087C4020222A01F209C48956EC03C2BB02075F210217320C328DCDC8D601CC12B2D0FBF682B7C676FAEF11310F019E8A0558D6B71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2302976 |
Entropy (8bit): | 2.3003329241202697 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2D124B81537E42AC7D9134C43C6322D9 |
SHA1: | 05AEB69768755D8445027DA6593398824CEE87B9 |
SHA-256: | 90B98AE631D32C0E9D3E5CE77E913D635C62F10B87B8849054FEF8196FA6DF32 |
SHA-512: | C4531A00370E8C711E677D09EBBEDAC2D753EA9FFCD6F8860F9633FEA063F04F85FDE95E0EC16DBED55A1CE3815C95D47102BFB90C6C7658555C60F252A84B12 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 524288 |
Entropy (8bit): | 6.99390863315539 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5A787516CB794F3256D6EF989700B7B3 |
SHA1: | ADCBD075CBCFC92672F264EFF82E99498F5897DD |
SHA-256: | E3DAEDBD32965B97F516FE81A678B217C00AE926FDE12C6796F746F65195F4DD |
SHA-512: | 405D6F893DBE53C6E6F30041F4F799AF96E46BA807DD76474835D42368D6490919601E5356CAD593753BF41F2C0FCE05E6B95706BF39E4A64CF99CA48968F87D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4231 |
Entropy (8bit): | 5.835052078287081 |
Encrypted: | false |
SSDEEP: | |
MD5: | 53E30001E4CCA8CF052A8858B21122BA |
SHA1: | FA2B3A744480051AFE947608866EEA43BCEE8A03 |
SHA-256: | 940DF410E0CFB2AEC782064F98C9846458B84A3527607783689A18B8FBCB5026 |
SHA-512: | 14EB8616F3AF970AE492F9D32E14E040026F0172A347BA3C88DAA5C5D8040F87B5682D1F62B2FB433D0B5A04DF566BE1CD016EDBC1425D3B558131034DDBF46E |
Malicious: | false |
Reputation: | unknown |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 29 |
Entropy (8bit): | 3.9353986674667634 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6FED308183D5DFC421602548615204AF |
SHA1: | 0A3F484AAA41A60970BA92A9AC13523A1D79B4D5 |
SHA-256: | 4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D |
SHA-512: | A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5 |
Malicious: | false |
Reputation: | unknown |
URL: | https://www.google.com/async/newtab_promos |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 133794 |
Entropy (8bit): | 5.434622489356859 |
Encrypted: | false |
SSDEEP: | |
MD5: | A9298AEBC49F239A505FC5B9300BAEC5 |
SHA1: | 1D9D46B9EC1921B7A5DB6B999A81B759EDBF9880 |
SHA-256: | F2ABF4632845212373DE3CDCCB401A39077148E360FA5B6EEFB7423063A0F333 |
SHA-512: | 1C9BE230D75044662E891EE5AE4812F0C6D2D7CC4E6DB45CA1E9B1CB1B1F217C59047B831C9D7D607D25F523B3DEDA4BF3C50C19AD0C684EF9FC50E2D3E28C3C |
Malicious: | false |
Reputation: | unknown |
URL: | https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1660 |
Entropy (8bit): | 4.301517070642596 |
Encrypted: | false |
SSDEEP: | |
MD5: | 554640F465EB3ED903B543DAE0A1BCAC |
SHA1: | E0E6E2C8939008217EB76A3B3282CA75F3DC401A |
SHA-256: | 99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52 |
SHA-512: | 462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0 |
Malicious: | false |
Reputation: | unknown |
URL: | https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5162 |
Entropy (8bit): | 5.3503139230837595 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7977D5A9F0D7D67DE08DECF635B4B519 |
SHA1: | 4A66E5FC1143241897F407CEB5C08C36767726C1 |
SHA-256: | FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D |
SHA-512: | 8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567 |
Malicious: | false |
Reputation: | unknown |
URL: | "https://www.gstatic.com/og/_/ss/k=og.qtm.w7uZcIyFZsQ.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTtQO3fUcONTNQ0-jEHtQyhEn9DXYw" |
Preview: |
File type: | |
Entropy (8bit): | 6.068364451826333 |
TrID: |
|
File name: | email.eml |
File size: | 528'851 bytes |
MD5: | 2d18b85cc5f0d0da838d9b337a55a5ac |
SHA1: | c3d5afc9bb359666eb72d3d1caffb0bdd01b4dd4 |
SHA256: | c73ee54eb46678a9a0580e0a9c7c78d7b28d4795bd6eb800a619e43de7a7f66b |
SHA512: | b71b8e8f41a66ec79fff444dbd1bf4fec5ac69ebe0d8904906c0615ae0f4dc5a12f1e1f9fc04b3f3022c19019a3bee04870742ba6aaf91c6beba07551575d469 |
SSDEEP: | 12288:98sFGlSlqYd9qY+pdnQrFCdNyC1z7XDJK/cYwZyvyMQLpawbG:5lhBhoNyC1z7DJK/wMvypLswS |
TLSH: | DEB412393E035DDB4B3261E2BDDEBCC15ECDBB57918195F026AE493115AC0E4CAF2A21 |
File Content Preview: | Received: from DU0PR03MB9080.eurprd03.prod.outlook.com (2603:10a6:10:467::19).. by AS2PR03MB9586.eurprd03.prod.outlook.com with HTTPS; Thu, 17 Oct 2024.. 09:14:03 +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=fail;.. b=tY9FDv |
Subject: | WF000792 |
From: | BROGAN Simon <Simon.BROGAN@egis-group.com> |
To: | BAILEY Simon <Simon.BAILEY@egis-group.com>, MUDAMBI Simbarashe <Simbarashe.MUDAMBI@egis-group.com>, DUNDAR Tarik <Tarik.DUNDAR@egis-group.com>, HASHEM Mohamed <Mohamed.HASHEM@egis-group.com>, BETTE Nina <nina.bette@socotec.com>, MASWIR Devid <Devid.MASWIR@egis-group.com>, RAAFAT Walid <Walid.RAAFAT@egis-group.com> |
Cc: | FARAHAT Diaa <Diaa.FARAHAT@egis-group.com> |
BCC: | FARAHAT Diaa <Diaa.FARAHAT@egis-group.com> |
Date: | Thu, 17 Oct 2024 09:06:32 +0000 |
Communications: |
|
Attachments: |
|
Key | Value |
---|---|
Received | from AS8PR06MB7589.eurprd06.prod.outlook.com ([fe80::3bb0:30dc:4437:e439]) by AS8PR06MB7589.eurprd06.prod.outlook.com ([fe80::3bb0:30dc:4437:e439%3]) with mapi id 15.20.8069.016; Thu, 17 Oct 2024 09:06:32 +0000 |
ARC-Seal | i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=erPKR64WVzCdjvcr6qnUcC+7aVs93bTDHEX5IjALiGSwV2zrSPWUx4YRoAP5ZnpHMkL8N7b4oc1c5wpgNXiEnzIhQFqv1zVUAmfLqWY1JV3uZHlwGilBP1DXqL9DHQ1WbMkjBLPTTdynDXAuHeL3Cmk/YZZ7pZRjaiaCAMM8guiNjMFKt66Z8D4WIv30y0BOMqEgopPG6cE+FY5RJXxTnGveMx6Wu5dDGWwyKODfhC5kli2ar/37JPDHA4Jq/WGNiLZzzHz5OTsCTuwLepoxRgCseepwmcZDUOHmL2CKzXg2FAmez3OJrien33nsYmBh3N/JPmk5iigUhDiGEMMKLQ== |
ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dPVCkbyjseRrw2CEFRHqSRCWz4sTLZx4Wzh8O7brn6U=; b=Jl9FOfRypQfR5m85Stw45FHVUFZkiMJCMwFes8MqA9IQZLyekPZv5x+vF3TL6xwZvo7Ot8945BsZ8wNZmMObWx6gYHgKJXLevG+XhYnEWc0Cqlsik6vqQuzaBa9mmeZkNZuS8pZFeVaNiQpKcPMDYl/uRJPc0z2YGnDkb88uhdjUlK9gbzepa96NBLbpKadBsht1Mh/edaT5nDxXrF+TrL6POTS7mCgfwvJXY749BIxpABd1jBpuQmD9sTqCjjjMgZTUU+sEnZCIUVzxQzncdshAjEAgQV30xoF35JV+hFKIz/aD2snYAd8ufyCLIUd3ApZJ/sGEsP3umHIg/miLFA== |
ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=egis-group.com; dmarc=pass action=none header.from=egis-group.com; dkim=pass header.d=egis-group.com; arc=none |
Authentication-Results | spf=fail (sender IP is 91.207.212.148) smtp.mailfrom=egis-group.com; dkim=fail (body hash did not verify) header.d=egis-group.com;dmarc=none action=none header.from=egis-group.com;compauth=none reason=405 |
Received-SPF | Fail (protection.outlook.com: domain of egis-group.com does not designate 91.207.212.148 as permitted sender) receiver=protection.outlook.com; client-ip=91.207.212.148; helo=mx07-001ef801.pphosted.com; |
Authentication-Results-Original | ppops.net; spf=pass smtp.mailfrom=simon.brogan@egis-group.com |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=egis-group.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dPVCkbyjseRrw2CEFRHqSRCWz4sTLZx4Wzh8O7brn6U=; b=SFURnIIXrTHvr0fsKotloBbnfqb7bZOrZXmrSInB7tM67nTeSYRsvSAv6ToW0eNG/0Oqjr0txtdsi/jbkoAUfm0AfCyTbhDnHmBCCSVRqx//dFGUPR8OsGuLjCKp4OKbnI8euv6dmUKobQEhJWs3w6cB2pSaFsd4Jx8Hm8M7/LLDi+t2VWCxdELQJ9/T8F7QT8PmEhGIikO8sHpms9o7q1JgoaN3g2Mt22LJQhpLXlaAI4h6CoXNWuiRP1hmRg8siK8D6zRHgtJ3p/Zs6zqtlWLz4DoHykClR2ew3KtLDctNO5/xJAIhZ+CCzcyTwMbrmSXfcVB40XPQ5Mkx0rQivw== |
From | BROGAN Simon <Simon.BROGAN@egis-group.com> |
To | BAILEY Simon <Simon.BAILEY@egis-group.com>, MUDAMBI Simbarashe <Simbarashe.MUDAMBI@egis-group.com>, DUNDAR Tarik <Tarik.DUNDAR@egis-group.com>, HASHEM Mohamed <Mohamed.HASHEM@egis-group.com>, BETTE Nina <nina.bette@socotec.com>, MASWIR Devid <Devid.MASWIR@egis-group.com>, RAAFAT Walid <Walid.RAAFAT@egis-group.com> |
CC | FARAHAT Diaa <Diaa.FARAHAT@egis-group.com> |
Subject | WF000792 |
Thread-Topic | WF000792 |
Thread-Index | Adsgc4gvNkP95fYCQX+6TO6WMl6P5g== |
Date | Thu, 17 Oct 2024 09:06:32 +0000 |
Message-ID | <AS8PR06MB75891F145431AB8971E2DD1EB0472@AS8PR06MB7589.eurprd06.prod.outlook.com> |
Accept-Language | en-GB, en-US |
Content-Language | en-US |
X-MS-Has-Attach | yes |
X-MS-TNEF-Correlator | |
x-ms-traffictypediagnostic | AS8PR06MB7589:EE_|AM9PR06MB7266:EE_|AMS0EPF000001A5:EE_|DU0PR03MB9080:EE_|AS2PR03MB9586:EE_ |
X-MS-Office365-Filtering-Correlation-Id | 253c1745-d342-4d10-0c9c-08dcee8b6c77 |
x-ld-processed | a5877034-8d6a-496a-8cf8-ceb5e3451109,ExtAddr |
x-ms-exchange-senderadcheck | 1 |
x-ms-exchange-antispam-relay | 0 |
X-Microsoft-Antispam-Untrusted | BCL:0;ARA:13230040|376014|366016|1800799024|38070700018|8096899003; |
X-Microsoft-Antispam-Message-Info-Original | fNoTbPxzihhtZ/4VgT3wlP2Sy7URz0y8yyzZC3MCvSxLCIwj1MEF9eYAdJU2Z6rKkshZAx2c+LwjXBNVs8MdWUUdHrfj2MQkUINZL4fxF4i2xaF/jQTmmQnMLXefkiiY4spXJaHOTCgeyC9F0hsAHZqTpiR4Lz3Gst45O8pP5+vOQgjf6PkibvYWqbXcduUWxM9FLvRr8bbbw0yAJxlFIK7j7OvB/li1qhR8/vCutrwCvexIvxNiHjdTLEakwVDMLv3tHT/xtkgJIp4Gsz5zDX0tD6sFKddXkeZdJbqyUvEI40YI3cbLRAOO2T7DffwxG3YA+ktN7xBWuF9nGd769I5ON9Yt+snhDdWVk/0SGmoEEAe1pJAqb73elbXNrbWl2VSAk/ISya4Fn2yx5EAXXwkfc4hXGDFNQdz7gYlBlng7WRgUnpE7wyFvkppM+Ra3DOH42fVLSjSdFKCdpBeP97ZTm8PAILEUbx8HF/V9ieyC4rSPYj+vjkjufl8v2MZBCPtYrt4YfMAzeS6jYY/f0+epgbvM7R0icO1uOelkTxxx0lXXia6UJu0l2VL1TGBoI/u9OIMM2NaJj8DTZQ+nUA0bboJgGs/fDfQt2KQGf3Mh0aMi7XBQvMjOooYXAL4Rpmy7ZPKsr/XqT3nxHTX/SrRaeMAVMKo2+D0ku7KB+C46AcLraCamsDkJr/xnEsYf9ou4v5Tr7i1uLCf8k45mpXpab3l+qeyQ8es8RZl8xYuxlQBfE1e7x2UAGj87x14FJwGAApVVU3tPTDjiIOZZ2nBtiB4i5h+l2V9PxKiz+FcccgDIIFTxziAZ503PqSKxHcmuKebQI5bgn9d/ESc/b/B5JBOrJX43FdfDykGvDn0YRX6UXPeUS4fxufVBPWFc6otfrpqF6js6v2oiwYo/Fzxuoqy1v/naTdMOsrGuapcnVdy/O0N+w+GebLsnH5lgnnTVwvdnf1EelZDCUDTUOJ8AsPYRjFICdwvwpTpVOEDDG+2Qe2kSGxweDqBVHlgGr5XfU/JevdhynwBN9+rPMzA6LSYG0fR0LgjTIfzsVzrEXSVPC8klx2KPvJFAK9cCNoTyTGpF20Gr9VNcJHPxmW0W/LSWREMTMP3Y+s6lJ+6VrTjyWXA6iNZdhqI1750thVbJf3BEz8291QUYsGwBidcFZlqWA7Z1ojfGbIx0F7Mc4MleHgvu+iKuhdLLy602yD1/ophqSxG6dWPzGDf0ltNRZSwtlM9GgJFTlFqrpkp+E8S56YIFWj7Tm/pNKXW4 |
X-Forefront-Antispam-Report-Untrusted | CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR06MB7589.eurprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018)(8096899003);DIR:OUT;SFP:1101; |
Content-Type | multipart/mixed; boundary="_006_AS8PR06MB75891F145431AB8971E2DD1EB0472AS8PR06MB7589eurp_" |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | DU0PR03MB9080 |
X-Proofpoint-GUID | vkS5bAmD9MfINR5eed40g0eX0jKSgOy_ |
X-Proofpoint-ORIG-GUID | nXiUxbWwjR9ywX9AKbqkqiKyd22W0asi |
X-CLX-Shades | MLX |
X-CLX-Response | 1TFkXGBoRCkx6FxoRCllEF2BzY0VQf0wdXE1vEQpYWBdgXxlrZnlvUlJSYRE KeE4XbXxuG19LYBhhchkRCnlMF2dMTkwSX2VdHnMfEQpDSBcfGxEKQ1kXGhEKQ0kXGgQaGhoRCl lNF2dmchEKX1kXGRobEQpfTRdnZnIRCllJFxgZcRsGHh93BhgaGgYbGhpCGxkGGgYHGBgGGnEaE Bp3BhoGGgYaBhoGGgYacRoQGncGGhEKWV4XaG55EQpJRhdZRUlFXk9JdUJFWV5PThEKSUcXeE9N EQpDThdEckN/Ukh9XUB4E1NdchNrYUhbQVtDYVNOGBh9GktZQxEKWFwXHwQaBBkdHQUbGgQSGgQ bGR4EGR8QGx4aHxoRCl5ZF094REBYEQpNXBcHHh8RCkxaF2lra2sRCkxGF29ra2Nra2sRCkJPF2 kcGVJ7RGNeYEwZEQpDWhceGgQbGh0EGBsEEhkRCkJeFxsRCkReFx0RCkRJFxsRCkJFF2hZcEh4W RJhaBpOEQpCThdtfG4bX0tgGGFyGREKQkwXYF8Za2Z5b1JSUmERCkJsF25sbml7f2dNexNrEQpC QBdiYltoRwV/H0JdQhEKQlgXbXwZS2AdUllTYmgRCk1eFwcbEQpaWBcdEQp5QxdgZV0eYnwdX38 TaREKWUsXEhwYHhEKcGcXZHMFaAUYQkxEX08QBxkaEQpwaBduAWN8fV8eT0d/ExAHGRoRCnBoF2 tsAXxwZmxNRUhMEAcZGhEKcGgXbUdNaWZPE01vT2sQBxkaEQpwaBd6b2NYQUJEU01SYRAHGRoRC nBoF297ehtgeh5EQlhvEAcZGhEKcGgXZ1tMT3lFWmVPAUQQBxkaEQpwaBdiRmdcbFJtRhJfGhAb GR8RCnBoF2ZceGweExpGbklGEAcZGhEKcH0XZ0V6flxdBWhkSUgQGx8bEQpwfRdgfVgabGFbYl9 6YBAdEhEKcGMXY0dGGxNLaX5vBQUQBxkaEQpwfxd6RkxPS1lkfBtLBRAbHh4RCnBfF21ofnNDS0 h7S0tYEBseGREKcH8XaUsBYX9JaEYYaHMQHRoRCnBfF2lAbUVyH3loSxocEBweEQpwbBdgfBNcY BNaaFJvRBAHGRoRCnBMF28aQgEeRGhJZnB5EAcZGhEKbX4XBxsRClhNF0sRIA== |
X-Proofpoint-SPF-Result | pass |
X-Proofpoint-SPF-Record | v=spf1 mx include:egis.fr -all |
X-Proofpoint-Virus-Version | vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-10-17_09,2024-10-17_01,2024-09-30_01 |
X-Proofpoint-Spam-Reason | orgsafe |
Return-Path | simon.brogan@egis-group.com |
X-MS-Exchange-Organization-ExpirationStartTime | 17 Oct 2024 09:09:36.7373 (UTC) |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Exchange-Organization-Network-Message-Id | 253c1745-d342-4d10-0c9c-08dcee8b6c77 |
X-EOPAttributedMessage | 0 |
X-EOPTenantAttributedMessage | 33135fa5-f5a7-4d5c-8632-9a17d4acfa5b:0 |
X-MS-Exchange-Organization-MessageDirectionality | Incoming |
X-MS-Exchange-SkipListedInternetSender | ip=[40.107.21.83];domain=eur05-vi1-obe.outbound.protection.outlook.com |
X-MS-Exchange-Transport-CrossTenantHeadersStripped | AMS0EPF000001A5.eurprd05.prod.outlook.com |
X-MS-PublicTrafficType | |
X-MS-Exchange-Organization-AuthSource | AMS0EPF000001A5.eurprd05.prod.outlook.com |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-MS-Office365-Filtering-Correlation-Id-Prvs | f2484983-4db4-4615-4029-08dcee8afee5 |
X-MS-Exchange-AtpMessageProperties | SA|SL |
X-MS-Exchange-Organization-SCL | 1 |
X-Microsoft-Antispam | BCL:0;ARA:13230040|82310400026|35042699022|5063199012|5073199012|4073199012|22003199012|4076899003|8096899003; |
X-Forefront-Antispam-Report | CIP:91.207.212.148;CTRY:GB;LANG:fr;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mx07-001ef801.pphosted.com;PTR:mx08-001ef801.pphosted.com;CAT:NONE;SFS:(13230040)(82310400026)(35042699022)(5063199012)(5073199012)(4073199012)(22003199012)(4076899003)(8096899003);DIR:INB; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 17 Oct 2024 09:09:36.6905 (UTC) |
X-MS-Exchange-CrossTenant-Network-Message-Id | 253c1745-d342-4d10-0c9c-08dcee8b6c77 |
X-MS-Exchange-CrossTenant-Id | 33135fa5-f5a7-4d5c-8632-9a17d4acfa5b |
X-MS-Exchange-CrossTenant-AuthSource | AMS0EPF000001A5.eurprd05.prod.outlook.com |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
X-MS-Exchange-Transport-EndToEndLatency | 00:04:26.7033436 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.8069.009 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1415005); |
X-Microsoft-Antispam-Message-Info | c1/JI+N0eMUBlI2lblTEOZMrQcjlFJ65NjEwP+lQNvj9uPJDGnkkpus1+yz2okn6cTUdDtQtoukViLyFwfII8fmNmR2DtayPezzXcktBcqLxVerbrQ2ZIr9pqdGZ8Y2g362rcHjhj1bClMfguAVfPxXDhbSn0+GRSVRaA8NfXu8yUVssqT/WtYeVE0IMmyiq3ZncxKJwhxrQqVKtCgUqUVYa7dLXe5LaQK0BN6ezhiALTnry3cUMYnerjuGXyojNroBkUl/BFZTEc17FsNNZ1RHE5cXV92en7CPLAEs2zTDptcMI1BciaiFvRgCvvrlWGX3XOb6EGH0CWjIvP/tMN8xWxnTPDkU2d/EI/Yp1pV+Di0iPcuQjbKbaArQeUnkALKOO6ehw6yfly4P1QLoZjlCQ5nZz0RF92AZM/G3WSDI0RwiLbMr65688lL92txxMOFzFNHjuHMFZOB+D5SagXPPtKFqGOH/vKuUhCQkYpFvCIe+kIRNNbGmWkbM1BYjYuhxd2RP+A4UXsAAbaEr602QyFkkWUbesVrAA69wlJ8GWqdAlX35GZ4YRd6gZa/GpzZql8/n6/KwAZWhkhu3YPCMRh+bZ+Ut1f29eseNJGxVoj8vdZ5jVtYhFc3esPcsryzIsTWHHBEzXt4Wr6G7rMLZUgJ230eFNPPCLboCBqHJCYBCpbF3f49LbYfeX1fwu2txn3iY0AfzDhlY5mSV3bUManmctBpTWkMtQ0Yv/8cELHkeAQy/fu+sXNty9WGG0LnIwURyV+HCgZQzq30efSZpHWQOqtuye++rm9fsaI5pqRjg2ykyIu7hpP+5XF05fwgpeZ3Eh3RjnSYWGw41kpAup7cZ7Kmx63IFM5DX2NksKuM6W9rAaxaW5jATWHObZGqo5668wJQrbix89Lfh/GUk5IgihMlrWWRyMQG6Dk75Jlx2UwkYqGMjKghrk4QAkqkKI8/QKZZ9lL3oJfiH7NcGcws7G1XOf+axHilbunZfS1kVXjzTJ7DGsDBnTt6WURj7+KoyULea9qaQhvbRLexuI9bWvc5rrnBa0EPYfz/w5VIJRrcivbXCEKdKVXxA8nyxPJlzLpBEHJgPu8x4PcoWHggQNVe+0zrFxJ5raOjnnGr+6zU+OWG4xcryF5g8eXUc65fu5lQXQ+TfRTbsi/XeuZa9gOIIP+3jjEmXOS6y7IKpjxhSkjPLA5dq3682UcdH9uHjtICXzcU4eiLO1hKXfq/rBwoj8OB6p+EOFQD6BRkWq4TJEbgOSsMJt4oH8yLdVJcUUWGQOtgpkm01j2Wt0STSknxmWzhfOvLA4fFMTy2n7yxhKd3OdFQxaG2f02G8dS3t4z25Duy52Rj1qajhVjFYhQe7b962FzW1v+cPDvDlZF1UDTnBSrkf3APDCIDssEfI5I5SOlR02X7/v2+i8nKhmBuUWUEMiaI7Hw0TWI0dDVX/KkigV8huLZHB1SxtgYvG94igC9GpsSOPMncYwfWfYHeD3jHriEGwhiiK2zy8PfcMj6HfEsWmgpyB7WprqbGqcC3LVDmveFcTvzc0p1ABG00Q/L3B3BamDzNfKXjbNIVOeUh5LyK68UUQTWpp1Ye+HPN8jgwejAGSBYS9UDImI89mt99fqKFXXF5WHfsX797VhkJQ3kdvM1z0Xy/tgIMPWz6WiUNZYao7qDd4RRTYqoiEE/bc+R1zoUFH+eUTGaM1uLMD7ZpiLcMsdACFfPjIjAE0I1w2BbqVXUjmkOfx2YsmRsh75rfzxfGSw+5dje/4ilQvHmT5xT7tRFI+tYKx+Dir2znBx+No5UtdQVwQk2YZHddBH5Z42qWKgYRFOKeAra3WP56Kiwn+kWrSUXe4xP2z73bzQPOLPdqRW4QG5AvfXcBmN5R6OA4tN5zIFTlTT65u7b7+Oqzil7ag6ihMVsTBPx/IqhPU/RK67ieUsyLyx3muV/CFXaLB+rN6j0/cxOgudU2r6wJYKzIOwcejmG8/u52Z7lvOiXFdSHTezSbfHwKYciezgpxs= |
MIME-Version | 1.0 |
Icon Hash: | 46070c0a8e0c67d6 |