Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Untitled.msg

Overview

General Information

Sample name:Untitled.msg
Analysis ID:1467161
MD5:47f3efb7d8b0960cf7f68a65d0e39772
SHA1:9b8208b39537eb6d048a2c0ef1ca3cc7cf64e8ac
SHA256:86a9dee1d2ca6cca0549324edbfc8a6d3a41bc00e611a09f37b22a8baeb12928
Infos:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected BlockedWebSite
Creates a window with clipboard capturing capabilities
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 4312 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Untitled.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6720 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "25F9ED43-C08F-4984-8D6D-A89245D3E8E7" "0ED1ADA8-6B1A-41CD-95C5-8E7C04054298" "4312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3Dhttps%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3D%2F%2Fbgvhdjcbjfdhjkbgfddgfghgfd.pages.dev%2F%23%3Femail%3DY3BsLmNsYWltc0B0bWhjYy5jb20%3D&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033146227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Gjxi%2BHtTyi3ieM1f%2FcNLr2UeKdM5koKAad3MshWUE4k%3D&reserved=0 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 2012 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1996,i,6066983195221331460,15650143334102468708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_79JoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

    HTML

    SourceRuleDescriptionAuthorStrings
    0.0.pages.csvJoeSecurity_BlockedWebSiteYara detected BlockedWebSiteJoe Security

      Sigma Signatures

      Sigma detected: Office Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 2, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4312, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\AddinsData\UmOutlookAddin.FormRegionAddin\LoadCount
      Sigma detected: Suspicious Office Outbound Connections
      Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.18, DestinationIsIpv6: false, DestinationPort: 49700, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 4312, Protocol: tcp, SourceIp: 2.19.244.127, SourceIsIpv6: false, SourcePort: 443

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Yara detected BlockedWebSite
      Source: Yara matchFile source: 0.0.pages.csv, type: HTML
      Source: Yara matchFile source: dropped/chromecache_79, type: DROPPED
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49697 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49699 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49700 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49702 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49703 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.18:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.23.209.176:443 -> 192.168.2.18:49733 version: TLS 1.2
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: unknownTCP traffic detected without corresponding DNS query: 2.19.244.127
      Source: global trafficDNS traffic detected: DNS query: augloop.office.com
      Source: global trafficDNS traffic detected: DNS query: nam10.safelinks.protection.outlook.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
      Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49697 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49699 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49700 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49702 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.18:49703 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.18:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.126.31.73:443 -> 192.168.2.18:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 2.23.209.176:443 -> 192.168.2.18:49733 version: TLS 1.2
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASS
      Source: classification engineClassification label: mal48.phis.winMSG@17/28@7/137
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1338380544-4312.etl
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Untitled.msg"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "25F9ED43-C08F-4984-8D6D-A89245D3E8E7" "0ED1ADA8-6B1A-41CD-95C5-8E7C04054298" "4312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "25F9ED43-C08F-4984-8D6D-A89245D3E8E7" "0ED1ADA8-6B1A-41CD-95C5-8E7C04054298" "4312" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3Dhttps%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3D%2F%2Fbgvhdjcbjfdhjkbgfddgfghgfd.pages.dev%2F%23%3Femail%3DY3BsLmNsYWltc0B0bWhjYy5jb20%3D&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033146227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Gjxi%2BHtTyi3ieM1f%2FcNLr2UeKdM5koKAad3MshWUE4k%3D&reserved=0
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1996,i,6066983195221331460,15650143334102468708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3Dhttps%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3D%2F%2Fbgvhdjcbjfdhjkbgfddgfghgfd.pages.dev%2F%23%3Femail%3DY3BsLmNsYWltc0B0bWhjYy5jb20%3D&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033146227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Gjxi%2BHtTyi3ieM1f%2FcNLr2UeKdM5koKAad3MshWUE4k%3D&reserved=0
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1996,i,6066983195221331460,15650143334102468708,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXERegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXERegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		1
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      Process Discovery      		Remote Services1
      Clipboard Data      		2
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Registry Run Keys / Startup Folder      		1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory22
      System Information Discovery      		Remote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Registry Run Keys / Startup Folder      		1
      DLL Side-Loading      		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      nam10.safelinks.eop-tm2.outlook.com
      		104.47.55.28
      		truefalse
        		unknown
        www.google.com
        		172.217.16.196
        		truefalse
          		unknown
          nam10.safelinks.protection.outlook.com
          		unknown
          		unknownfalse
            		unknown
            augloop.office.com
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3Dhttps%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3D%2F%2Fbgvhdjcbjfdhjkbgfddgfghgfd.pages.dev%2F%23%3Femail%3DY3BsLmNsYWltc0B0bWhjYy5jb20%3D&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033146227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Gjxi%2BHtTyi3ieM1f%2FcNLr2UeKdM5koKAad3MshWUE4k%3D&reserved=0false
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                52.113.194.132
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                2.19.244.127
                		unknownEuropean Union
                		16625AKAMAI-ASUSfalse
                142.250.185.67
                		unknownUnited States
                		15169GOOGLEUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUSfalse
                52.111.236.32
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                20.189.173.9
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                172.217.16.206
                		unknownUnited States
                		15169GOOGLEUSfalse
                52.111.243.2
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                104.47.55.28
                		nam10.safelinks.eop-tm2.outlook.comUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                52.109.28.46
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                172.217.16.196
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                142.250.186.99
                		unknownUnited States
                		15169GOOGLEUSfalse
                66.102.1.84
                		unknownUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.18

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1467161
                Start date and time:2024-07-03 19:38:07 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:17
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Sample name:Untitled.msg
                Detection:MAL
                Classification:mal48.phis.winMSG@17/28@7/137
                Cookbook Comments:
                • Found application associated with file extension: .msg

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe
                • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.111.243.2, 52.111.236.32, 52.111.236.34, 52.111.236.33, 52.111.236.35, 20.189.173.9
                • Excluded domains from analysis (whitelisted): fs.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • VT rate limit hit for: Untitled.msg

                LLM Input / Output

                InputOutput
                URL: https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3Dhttps%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3D%2F%2Fbgvhdjcbjfdhjkbgfddgfghgfd.pages.dev%2F%23%3Femail%3DY3BsLmNsYWltc0B0 Model: Perplexity: mixtral-8x7b-instruct
                {"loginform": false,"urgency": false,
                Title: Microsoft Defender for Office 365 OCR: This website is classified as malicious. Opening this website might not be safe. https://hr.economictimes.indiati... We recommend that you don't open this website, as opening it might not be safe and could harm your computer or result in malicious use of your personal data. For Feedback on Microsoft Defender for Office 365

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):231348
                Entropy (8bit):4.384105612600937
                Encrypted:false
                SSDEEP:
                MD5:B546C48BF3D0A7108B2449C607B4BDEE
                SHA1:738299DF6733761768A2A1BD21AB002842F23975
                SHA-256:91DBF50E4A8C4EA967DFB4A9360A55BF27540E51E836AF99CA33021091D08CA9
                SHA-512:43C5A8660CAE5D84A8A4FA369688C8FEA360DC9B1C1222EED1781DD6987F642FB58FC355A5C52AA1613DB31CFBDDA7469A0BFF0D9BFBE8A52D949DD08900CDB3
                Malicious:false
                Reputation:unknown
                Preview:TH02...... . .=.o.......SM01X...,...@2/.o...........IPM.Activity...........h...............h............H..h...............h...........H..h\nor ...ppDa...h.^..0...h......h..............h........_`wk...hZ...@...I..w...h....H...8.|k...0....T...............d.........2h...............k..............!h.............. h..............#h....8.........$h.......8....."h..............'h..............1h...<.........0h....4....|k../h....h.....|kH..h0'..p.........-h .............+h.................... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:XML 1.0 document, ASCII text, with very long lines (2147), with no line terminators
                Category:dropped
                Size (bytes):2147
                Entropy (8bit):5.077279735780348
                Encrypted:false
                SSDEEP:
                MD5:24230835360B0E0B5B977A29A6601C71
                SHA1:4A3EFAFD9F8077C01EEB3CCC5FFF14B9D34EDA9A
                SHA-256:AD328D97174EB55AD9AD4869A465701C20E7F9B73C0889015DE0CE5916021F79
                SHA-512:543BDF519A5E99A78DCEE19774154FCE5F3D35E3DBAB7DE98F05F106390B4530736C1EAC7A867A0A260E3ADBE051110E537A3DFB28ECF42CC396D6515DCE018C
                Malicious:false
                Reputation:unknown
                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>14</Count><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-06T10:24:51Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T10:24:51Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T10:24:51Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876482</Id><LAT>2023-10-06T10:24:51Z</LAT><key>29442803203.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-06T10:24:51Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T10:24:51Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Res

                C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:JSON data
                Category:dropped
                Size (bytes):521377
                Entropy (8bit):4.9084889265453135
                Encrypted:false
                SSDEEP:
                MD5:C37972CBD8748E2CA6DA205839B16444
                SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                Malicious:false
                Reputation:unknown
                Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Roboto\29157941112.ttf

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularGoogle:Roboto Regular:2016Version 3.
                Category:dropped
                Size (bytes):469544
                Entropy (8bit):6.8480115015387035
                Encrypted:false
                SSDEEP:
                MD5:4F6375B8EA6B4094295CCD33334B0B7A
                SHA1:1476EDA17FED0A7F71B30161265D40DBE26E5577
                SHA-256:2F420C946304315909C1672B14CB4343A3D70C45879C39B85D2345A75850C287
                SHA-512:63DF47FCE03B3458E05472B6541B3E6317B50DBB561AF896CFAF3E9D86D6297E189E1D34C52DDAA877E85F39286473317E06C11C2960F031441903D1C69C8A16
                Malicious:false
                Reputation:unknown
                Preview:............GDEF..."........GPOS&.........>.GSUB..q|......-.OS/2...........`cmapg+.B..6.....cvt ;.&}..bD....fpgm...2..O.....gasp............glyf..qR...4....head.?,........6hhea...M...T...$hmtxo..,......4.loca$A....cD..4.maxp...m...x... name>.n...'0....post.7....*.....prepyX...._t..............Y._.<.........................\.s.................l...........\.................:.....;.P...v......./.......u.................3.......3.....f..................P.!....!....GOOG.@.........f.... ........:..... .....d...............................w...n...i...f.f.h.......'.r.....N.....6.&.....M.....s.......^..._...5...........N...q...d.......)...H.d.../.....K./.m.8.......5.x.@.......l...s.z.....-...j.5.....O.............w.......n.......Q...2.0.........=...:.......W.....I.).....X.@.....y.9.Z.m.~...0.]..._.>.]...=.~.a.h.......................k.....\.~....._.....!._.....i.....!...+...*.......Y...@.........q.......a.i...[...i.4.........[.Y.e.I.\.......e.n...J.[.........G.a...B...?...{.......D.......t...{

                C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Roboto\31996480045.ttf

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldGoogle:Roboto Bold:2016Roboto BoldVersi
                Category:dropped
                Size (bytes):471760
                Entropy (8bit):6.849571568567551
                Encrypted:false
                SSDEEP:
                MD5:F5D861C69936190F6B631ACEB948515F
                SHA1:9F6F314D0576415F85E71EC8658E30517C066D48
                SHA-256:464B4AFCC2F464A3D3A76C4DBEB86F3718F8D10E3ECDDED96368ABF7D63F1FB8
                SHA-512:3A2758E647A58D06534C1A580495518828DCDA2AA4908EC58B57BD474D43D16F60BD64F54CF4A81AB2AE362DBE44702C875B54B1FEABECB65E3E528E0723FDD4
                Malicious:false
                Reputation:unknown
                Preview:............GDEF..."........GPOS.k.Z......>.GSUB..q|......-.OS/2..m.......`cmapg+.B..6.....cvt ;.&}..bD....fpgm...2..O.....gasp............glyf..C....4....head.8,Y.......6hhea.......T...$hmtx........4.loca$.....cD..4.maxp...m...x... name?bn8../.....post.7....1.....prepyX...._t............Gz.r_.<..........................{.s.................l...........{.................:.....;.P...v......./.......u.................3.......3.....f..................P.!....!....GOOG. .........f.... ........:..... .....d.....................*.z...>...;...\...`.B.G.J.?...}...(.....\.8...&.'.s.R.~......._.......G...?...9...i...d...<...^...V.A.{...;...6.....!.w...-.,.L.`.......<.V.3.......d...t._.....W...x.*.....T.............V.(.....T. .....E...).F.u.:.....#...........I.7.y._...7.....-.......8.H.B...p.+.B...C.R.G.......E.{.i...m.....F.p.......o.|.j...B...p...C...p...7.....{.h...................J...0......."./.j.C.....e...c...Q.J.........^...a.I.X.......L.h.~.I.X.........L.X...9...1...e.......M.j...&.a....

                C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                Category:dropped
                Size (bytes):773040
                Entropy (8bit):6.55939673749297
                Encrypted:false
                SSDEEP:
                MD5:4296A064B917926682E7EED650D4A745
                SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                Malicious:false
                Reputation:unknown
                Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):0.04591939678467531
                Encrypted:false
                SSDEEP:
                MD5:9088D9C55134E1F3B7202D046E5E63CB
                SHA1:848DC5240CF3B7149B5A2AF2D8E2534A194EE585
                SHA-256:15B482FA9B800C88C666665AC21F5E53C6A87F018C17CD706C6A5D35E9EACD8A
                SHA-512:4D9296405091AA230FBC69A365BC26E4CE1F8332EEC79F275F6087BF8353460875DF0E6F6677762B1322C06760731AEE65E2F52714A9A355C3B337DC88968938
                Malicious:false
                Reputation:unknown
                Preview:..-.....................e.G..2g.eZ...A^P.... .^b..-.....................e.G..2g.eZ...A^P.... .^b........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:SQLite Write-Ahead Log, version 3007000
                Category:modified
                Size (bytes):49472
                Entropy (8bit):0.4829569437970356
                Encrypted:false
                SSDEEP:
                MD5:8A2EBDE59079C7F0873B3712AB73D099
                SHA1:66BE123FC240F71139B27BBDEE77CE3536BF7068
                SHA-256:8D9EE5E48E93CF27CC2321EBD26A09E38D42A5D72054D00ACE24F90B5DA071C6
                SHA-512:B5061F064C0DE9507F30EBD06F006705599487FB3D1824539C838A7E0BCECF82BF22F59BD6CC94B7F5F626E2F4612915FE88EF6110B8995B19FED1859C4C6E45
                Malicious:false
                Reputation:unknown
                Preview:7....-..........eZ...A^P.f]x.v.........eZ...A^P!gl&+.+.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D3B453F3-646C-4C66-AB83-22CF5FEFC6DA}.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):3072
                Entropy (8bit):2.5051961761666783
                Encrypted:false
                SSDEEP:
                MD5:35A2E8BF8CEB1420CCF181E34EE599FF
                SHA1:81A02E7741E99AADE8F1E1A2C912CCFFBACE278A
                SHA-256:F566D537AD4742D870E42490D024A5EA79B2006C63EEB5CB745C1F86DA4718C5
                SHA-512:EB3A757C75FC23D7C73B10D7001A042980650813F3B562EEC771BE4C9400DB111A064E4FAA92376893C9A1022A2055BB8323B5DD611A5201246FCD848BCF63DC
                Malicious:false
                Reputation:unknown
                Preview:....1.2.....1.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...n.o.r.d.i...n............................................................................................................................................................................................................................................................................................................................................................................................. ..."...(...*...0...2...8...:...@...B...H...J...P...R...V...X...\...^...d...f...l...................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{DD4E6AA3-E36F-409C-A2AF-3DA5028A7C10}.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):39836
                Entropy (8bit):3.8723122867280675
                Encrypted:false
                SSDEEP:
                MD5:F41C1C5ED6A6826E8ADFE7CCB4987785
                SHA1:801A9CCE61740726D3801C6A362A4D110C2845F3
                SHA-256:1599C628CA4027FDDC738502D51558849F56E6AE09E1F11FF5E78C5B8A935FDE
                SHA-512:FA3594F8B6562D528CA23D08BBBEB65F315295007035E846AD27AD44D27432755F491B7779280DBF3358982CA226C342581ABCCBEDF17C569806B3BAC245D3A1
                Malicious:false
                Reputation:unknown
                Preview:....D.o.c.u.s.l.g.n. ...H.e.l.l.o. .....1. .D.O.C.U.M.E.N.T. .S.H.A.R.E.D. .F.R.O.M. .".........................................................................................................................................................................................................................................................................................................................................................................................................................................................Z...\...^...&...(...*.........................................................................................................................................................................................................................................................................................................................................................d...d.[$.\$..................$.a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4.

                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720028318752000200_D8501A09-D99A-46AE-A706-19FBBAC49A3F.log

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:ASCII text, with very long lines (28762), with CRLF line terminators
                Category:dropped
                Size (bytes):20971520
                Entropy (8bit):0.21115508124025187
                Encrypted:false
                SSDEEP:
                MD5:708CC402E366A9F19416CEF40BAA5D54
                SHA1:5C648F251B18CA3A22B2DFEC863B0570371EFCD9
                SHA-256:C8D8D5C911FAE2B1352017E46A4714593FC220382A995C7E5377420769658B23
                SHA-512:14BCE5EBEB29E8EB6DA4F7B0032305F38E49501065B5C7DB3C96B4FE78E70346261EBD07AFBCFC604F28178D5E4FF992F8FB10832E468BB295C6EF82F445B581
                Malicious:false
                Reputation:unknown
                Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..07/03/2024 17:38:38.782.OUTLOOK (0x10D8).0x11B8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-07-03T17:38:38.782Z","Contract":"Office.System.Activity","Activity.CV":"CRpQ2JrZrkanBhn7usSaPw.4.9","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...07/03/2024 17:38:38.797.OUTLOOK (0x10D8).0x11B8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-07-03T17:38:38.797Z","Contract":"Office.System.Activity","Activity.CV":"CRpQ2JrZrkanBhn7usSaPw.4.10","Activity.Duration":10442,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720028318752659100_D8501A09-D99A-46AE-A706-19FBBAC49A3F.log

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):20971520
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:
                MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1338380544-4312.etl

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:modified
                Size (bytes):94208
                Entropy (8bit):4.449966117967248
                Encrypted:false
                SSDEEP:
                MD5:AF0FD2DB0C521185394906A90F26A293
                SHA1:7FD43816BBD69D62D724D2C2D5B342D838934EE1
                SHA-256:6B5FC83F5340C82B723DA51F9A3058EAC098E966D9327B33821112EE1EA1F24C
                SHA-512:D2F9076418AB3229BF0C73A8928A15D4B29557C21CE71FD0679594EFA0B19A46615AAFEAACBCCF14FBCA68F54E2DA46B5B137C3B20472B6546D5146ACB6A15DA
                Malicious:false
                Reputation:unknown
                Preview:............................................................................b..............o...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`.\1.Y.............o...........v.2._.O.U.T.L.O.O.K.:.1.0.d.8.:.9.7.f.a.1.f.8.9.6.e.e.2.4.9.9.b.b.9.f.c.0.b.1.8.9.4.c.7.1.c.1.2...C.:.\.U.s.e.r.s.\.n.o.r.d.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.7.0.3.T.1.3.3.8.3.8.0.5.4.4.-.4.3.1.2...e.t.l.............P.P............o...................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):538815
                Entropy (8bit):5.985974188094535
                Encrypted:false
                SSDEEP:
                MD5:B9B6306B5C9FFB78619FB2B76678D5DD
                SHA1:209B8AFE4B4EEB5A86A675A06D529C3E6B821E7C
                SHA-256:DA0479710B8A47BD4B21566BF308C806941CA5EFA51F3D455115869A6FFBC63B
                SHA-512:B4CF12D78F9B25E598A32CD70C1D8FFFC2611562900CFBA6ACB0BD1DB9548FF9A3BE143F07D3DE836853AE1943CCEDA95C367FDB48FC61744058593772CD3519
                Malicious:false
                Reputation:unknown
                Preview:RNWPREP...A..<.l........|8.......R...j\.z-[.J^.%-.Pu*.v.l}..fq.@...P.Q.....uY|d8.......$S.,..`......L`.....$S...`VY.....L`.....M.Rb.................c.@........... ...D..Qb..4e....XI..`.....D..Qb*.n{....wl..`......Qb.@.!....se..`......Qb2.z{....wv..`*....D..QbV@x.....$u..`.....D..Qbn.......In..`.....D..Qb~..G....ed..`.....D..Qb.......es..`.....(D..Qb.@......Bc..`.....D..Qb.@@.....im..`.....D..Qb...J....Ka..`h....D....`<.....Qb.@.s....Pr..`.....D..Qb.@......$c..``....D..Qb...X....Es..`......Qb.AV.....Uh..`......Qb..r.....cI..`:.....Qb........yl..`......Qb.A=.....Yh..`......Qb..@.....eC..`l.....Qb........MC..`......Qb.A[.....Om..`.....D..Qb2.......qv..`......Qb6Ap.....Ul..`......Qb:.n.....Mm..`......D..QbnA.+....ow..`.....D..Qb..\m....cm..`R....D..Qb..|.....Ik..`0.....Qb...C....sa..`......Qb.A(.....ar..`......Qb........F_..`.......E.`.....D..Qb.../....Am..`N.....Qb..0p....dT..`......Qb..B.....jI..`.....D..Qb.A.x....EC..`..... D..Qb..j.....kS..`.....D..Qb..q.....pS..`.....D..Qb.B.....

                C:\Users\user\AppData\Local\Temp\~DF33C61E0B8F5958CF.TMP

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):163840
                Entropy (8bit):0.32864030061108107
                Encrypted:false
                SSDEEP:
                MD5:595F220C6A4FCAB14A7264D44C984CC1
                SHA1:B34E452589EBB6F2D62B50B4E89B30C1AEE303DE
                SHA-256:4314C87B2F4119A3AAF560C22D90C94965C946D091B9F5539E169710CFEF2C70
                SHA-512:077C2BA26D02C54E34A9D4BD37B1DCACD81630BD5C075C804C38F4CC5EB97FFC39E7B0DA413277A6545E0383C0C3D0C18C46DA6E40B674B32F1CEFA151DD5B16
                Malicious:false
                Reputation:unknown
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):30
                Entropy (8bit):1.2389205950315936
                Encrypted:false
                SSDEEP:
                MD5:60A94F33A939BEF74F89D61A0EF8B498
                SHA1:03F805C197E4693E915583D29DBDFA543FECDE2C
                SHA-256:EE8381AFCBEDB9F75DDC3E52C53B5CFF8EEE71BF884F12AED224F54A88DD80B8
                SHA-512:1446F3D2432E7E1D9D7988B6263E80390C203CA2B089EB8C75553722C686730351AA28B17D0C88671FC25A7D8991466F5CA9D73CE95A0FE17489B1DB18EA1F48
                Malicious:false
                Reputation:unknown
                Preview:..............................

                C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):16
                Entropy (8bit):2.771782221599798
                Encrypted:false
                SSDEEP:
                MD5:3B16E9648F3B7DAFA340BCC881915BFB
                SHA1:F8C0B28679B0C71FAAE77BE7CE81FE796E7E6E51
                SHA-256:0114438C2EB5EB5DCEF887D31DC2D717F237254E8E83AD1E949660BF41C6AD45
                SHA-512:53A514B95AE45B998B334FD7CD4A6E2A31A7630795F852A659083D6C32BFA467BDA04C96B7FF7B130841BE1B96AD5084E939ECFBABE6C2C61E35207239E9C685
                Malicious:false
                Reputation:unknown
                Preview:..n.o.r.d.i.....

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 16:39:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2675
                Entropy (8bit):3.9774163117997983
                Encrypted:false
                SSDEEP:
                MD5:AA9CC3BA3B2D9140F8A976263193777C
                SHA1:1657159570A31143E96457B18B820C9443F0F787
                SHA-256:3896E7A3E3E0B32FAA34468D7E552127FB3ED713FE7D9E4F647588C055221354
                SHA-512:D7A4EABF24B4D760B08E057EC3997511D43D771CA2A91FAF4B1D216D1946FF28548D460D578FE8513E9477395D594BD829D0AA32E8A7DA316B267781EA15F144
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.......o.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 16:39:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.993184632519639
                Encrypted:false
                SSDEEP:
                MD5:55860D349E11AF1F819AD1D5AC18648E
                SHA1:A221EBFD6E3862C9926C058F28B790F3CBBBC5FA
                SHA-256:D5DD75798D4D3FAC35F00759B14707C3204A0A7EDD1FF141B87E7540F7734ED6
                SHA-512:8E2038D8F281712225A811A4A9251BD1463CFC94059135E5A6BAAE58EA5419DF908873D2225B43080ECCF7A5716B403D3275964FADAB020C6D10B8E39EF840D0
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....'..o.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2691
                Entropy (8bit):4.002090200007003
                Encrypted:false
                SSDEEP:
                MD5:FC15E73A3EC73A0DEC22D1A35B82D706
                SHA1:B5BF9385601E63B536F5117E746313B620E36784
                SHA-256:E59860C168B37182BA2C7AD89189F2878BB6477E0D9051B6678918596DBB63C4
                SHA-512:FC46D055CDC1E26759695E9AEFC96E3B508B715F6CF8F8967C1491090DE81A9E877862926871B4724E8A6CD3FCA1F0EBDA8A765C7FF3B65D989C2804B0C0AB50
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 16:39:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):3.988769177946429
                Encrypted:false
                SSDEEP:
                MD5:FF39F8AD6762DE523D1D226649F9FB31
                SHA1:469B1F4ADDF0E94946C4B682B96A1ABE3E11DF34
                SHA-256:10BA7BE0950F7C725CEB3C7ACD55A8025F1500DEDF03676420431D78FACC6FB9
                SHA-512:A08E1874CC0A982782D269233F31BB149058B93CA2B2217B48A442545CAF30DD333D5AED9AB08E692E1FA6CFFB8A80B224CD2C33A952260CAFA2468650BCACA9
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,........o.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 16:39:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):3.979783650988175
                Encrypted:false
                SSDEEP:
                MD5:58F3419FCED9D5A59923AB883EBF5FB2
                SHA1:7DDD148A58EDE963F838D80922902C705D4A5B6F
                SHA-256:29A60B0BBE56EF9A1287A2CCBF7EFFA6284136B704D6EA27627E103BCA66D26B
                SHA-512:2B343686FD5E7AD13C0E2F156AE349E827DA72781EA6A768F74D2B9D36A8C98BAC1ADBCB217E700C9DF10AA31342CB71415FAC371065D5CBDC732ECE803A9DF7
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....&z..o.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 16:39:00 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2681
                Entropy (8bit):3.989152444526809
                Encrypted:false
                SSDEEP:
                MD5:DBE04D862CE0492210D2D64AD6869A10
                SHA1:6F480EC21CA03EB8D54AB7022717E9F32110E0CD
                SHA-256:A161996C49F7FF22CC8DB8EBF4A0EB7168D0F8E66008F2C0CDDE8C6AE8DD9D8E
                SHA-512:8337C9536DB058F645B00178FC1CDBD396E26E3A921F244BC053220D938863A952AF3342A4F92D335F87D3404B26D51D81D87B1AEF2BFB976D9F80E15898A2BD
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....G3..o.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:Microsoft Outlook email folder (>=2003)
                Category:dropped
                Size (bytes):271360
                Entropy (8bit):1.1497424253845694
                Encrypted:false
                SSDEEP:
                MD5:872B3DA9747959F005846EB0292C3AD0
                SHA1:4EAB405E06B7CB7F6AEA93F4E366502ECA5B3020
                SHA-256:7ED334381EECBB2FA21E5ADAE126C8C8F9162504807C419AB24ACC4D02956C56
                SHA-512:288691596356666449849E3CB242D3B9137983A69069EA10695F2CB043841E53FDF5D0F46462EDFE299682D5A204AC1BE852BC97AA4150EFE012E450F2CBF13F
                Malicious:false
                Reputation:unknown
                Preview:!BDN.k9.SM......\...d...................T................@...........@...@...................................@...........................................................................$.......D.......V.....................................................................................................................................................................................................................................................................................................................................l.K,.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):131072
                Entropy (8bit):1.189425037731313
                Encrypted:false
                SSDEEP:
                MD5:A8416BE86442287E041FCCA141915EBA
                SHA1:A302F59D233297FE55AD65A6428FF356F807A12F
                SHA-256:0CB0ACED51A62A8F25CEACD16DC326FC95EEDB0DEB84D6CC68D8CECC3FFD5F33
                SHA-512:8B59C86E81CCD99F9F2074C74B6EBE54EDD82D7FFC1F4DCAFF29A9F8E68C37A64E452E49517B32C58E04BB62CDB77A1D0F42DC5517966E46D9A144E055CD51D5
                Malicious:false
                Reputation:unknown
                Preview:....C...H............Gk.o.....................#.!BDN.k9.SM......\...d...................T................@...........@...@...................................@...........................................................................$.......D.......V.....................................................................................................................................................................................................................................................................................................................................l.K,..Gk.o........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                Chrome Cache Entry: 75

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with CRLF line terminators
                Category:downloaded
                Size (bytes):3932
                Entropy (8bit):5.202197618496175
                Encrypted:false
                SSDEEP:
                MD5:BBAD95C4A0BE4E5775B7D5B409FBF602
                SHA1:FAD598750B15C207DFEF6E1FEA3C072BAEAC2B66
                SHA-256:41F78D15AE18C36B84C819D9AF3511C342C180F0ABA8F91DC1CCF4046B56B308
                SHA-512:4006994F240E4DAB7134F1B716E51E4FFC0DD495EAF3269165FB0C27D89B2F19063AF17086553B39507199D62DBCD8BA6F07F34770BCAF15C40CF5EF06419631
                Malicious:false
                Reputation:unknown
                URL:https://nam10.safelinks.protection.outlook.com/Content/Scripts/safelinksv2.css
                Preview:@charset "UTF-8";../* CSS Document */....body{...margin:0px;...padding:0px;..}....div{.. text-align:left;..}....#recommendation_container{...width:100%;..}....#icon img {...margin-left: 40px;...margin-top: 45px;..}....#url {height: 32px;..background-color: #f4f4f4;..margin-left: 40px;..margin-right: 40px;..margin-bottom: 20px;..margin-top: 0px;..font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..display: inline-block;..}....#url p {...margin:4px 12px;..}......#close {height: 32px;..background-color: #0078d7;..margin-left: 40px;..margin-right:40px;..margin-top:20px;..padding: 4px 12px 8px 12px;..font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..width: auto;..display: inline-block;..color: #fff;..border: 0;...font-size:100%;..}....#text {...margin-left:40px;...margin-right: 40px;...margin-top: 0px;...font-family: Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, "sans-serif";..}....#tips {...margin-left:

                Chrome Cache Entry: 78

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with CRLF line terminators
                Category:downloaded
                Size (bytes):1588
                Entropy (8bit):5.174121809218917
                Encrypted:false
                SSDEEP:
                MD5:3AF1FDB9A3F664A6683D212F4787733A
                SHA1:59063D49B723A1988236C8D39C2804C6EBC5FF95
                SHA-256:A9CE4840FF0D613B456081DEA64E46EB717A1F8BFA5AFB05D3BD058F294E416C
                SHA-512:F8872E0C875BE6037C14480630E461FC1ADFA2049DB03BAE5D8CB6B320A2C084D4B266AEB02E24009B4BA84821E216690CA875B165164447FE8329B48C9E261F
                Malicious:false
                Reputation:unknown
                URL:https://nam10.safelinks.protection.outlook.com/Content/Scripts/site.js
                Preview:window.onload = function OnLoadHandler(){...if (window.history.length <= 1) {....document.getElementById("close").style.display = "none";...}..}....var theme = null;..try {.. (function (URLSearchParams, str) {.. if (!new URLSearchParams(window.location.search).get(str)){....throw URLSearchParams;...}....var urlParams = new URLSearchParams(window.location.search);....if (urlParams.has(str)){.....theme = String(urlParams.get(str));....}.. }(URLSearchParams, "theme"));..} catch(URLSearchParams){...var params = {}...var parts = window.location.search.substring(1).split('&');...for (var i = 0; i < parts.length; i++) {....var val = parts[i].split('=');....if (!val[0]) continue;....params[val[0]] = val[1] || true;...}...theme = params["theme"];...}....// Load theme specific css..if (theme === "dark"){...AddCSS("Safelinksv2-dark.css");..}..else if (theme === "contrast"){...AddCSS("Safelinksv2-highcontrast.css")..}....// Add CSS based on theme..function AddCSS(fileName){... var ss = docume

                Chrome Cache Entry: 79

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with very long lines (2538), with CRLF line terminators
                Category:downloaded
                Size (bytes):4796
                Entropy (8bit):5.825272678509026
                Encrypted:false
                SSDEEP:
                MD5:58A6F6156DD8550FEEC11799385336DA
                SHA1:4978C84F69DC3DCF9D657DF4C8A061902ECE3524
                SHA-256:4FB4DE57A10664B7CFC9A8178715BC7D22EA61AFB8DA700854A84C15AB66FDB0
                SHA-512:E0D59574B15AF3866A3F990A11A5D9330F85197CC5DD2092A58CF5FF6A10876386843E3C96CE7248116FBECC176E2D504741B561CDDE7E777F45E763B4B4CB29
                Malicious:false
                Reputation:unknown
                URL:https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3Dhttps%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3D%2F%2Fbgvhdjcbjfdhjkbgfddgfghgfd.pages.dev%2F%23%3Femail%3DY3BsLmNsYWltc0B0bWhjYy5jb20%3D&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033146227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Gjxi%2BHtTyi3ieM1f%2FcNLr2UeKdM5koKAad3MshWUE4k%3D&reserved=0
                Preview:<!doctype html>..<html>..<head>.. <meta charset="UTF-8">.. <title>Microsoft Defender for Office 365</title>.. <meta name="referrer" content="same-origin" />.. <meta name="robots" content="noindex,nofollow" />.. <link rel="icon" href="data:,">.... <base href="https://nam10.safelinks.protection.outlook.com">.... <link href="/Content/Scripts/safelinksv2.css" rel="stylesheet" />.. <script src="/Content/Scripts/site.js" type="text/javascript"></script>..</head>..<body>.. <div id="header_container_blocked">.. <div id="header">.. <div id="icon"><img src="/Content/images/cross.png" alt="" height="100" width="94"></div>.. <h1>.. This website is classified as malicious... </h1>.. </div>.. </div>.. <div id="recommendation_container">.. <div id="recommendation">.. <h2>Opening this website might not be safe.</h2>.. <div id="url">.. <p>.. <

                Static File Info

                General

                File type:CDFV2 Microsoft Outlook Message
                Entropy (8bit):6.286132407614769
                TrID:
                • Outlook Message (71009/1) 58.92%
                • Outlook Form Template (41509/1) 34.44%
                • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                File name:Untitled.msg
                File size:66'048 bytes
                MD5:47f3efb7d8b0960cf7f68a65d0e39772
                SHA1:9b8208b39537eb6d048a2c0ef1ca3cc7cf64e8ac
                SHA256:86a9dee1d2ca6cca0549324edbfc8a6d3a41bc00e611a09f37b22a8baeb12928
                SHA512:48f3fe5566ad2e675477f632887725c5671d6b5aba86b19c511808fa24b78d860196e2e237c440cc2b0045a8ca7f49b350272f6bec59fce50ab9d8a94dec4971
                SSDEEP:1536:XzhslllXEE090cYNpy58gPQu5TrZPc8Y:DhXYNAOGQudR
                TLSH:DB530A3536FD1116F2B7EEB49EF141968925BC62AC34CE4F2190B34E2471A41EDA1B3B
                File Content Preview:........................>......................................................................................................................................................................................................................................

                Static Mail

                General

                Subject:
                From:
                To:
                Cc:
                BCC:
                Date:
                Communications:
                • Docuslgn Hello 1 DOCUMENT SHARED FROM " Download Document <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3Dhttps%3A%2F%2Fhr.economictimes.indiatimes.com%2Fetl.php%3Furl%3D%2F%2Fbgvhdjcbjfdhjkbgfddgfghgfd.pages.dev%2F%23%3Femail%3DY3BsLmNsYWltc0B0bWhjYy5jb20%3D&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033146227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Gjxi%2BHtTyi3ieM1f%2FcNLr2UeKdM5koKAad3MshWUE4k%3D&reserved=0> Please do not reply to this email. We are unable to respond to inquiries sent to this address. For immediate answers to your questions, visit our Help Center by clicking "Help". 2024 Docusign NOTICE -THIS EMAIL TRANSMISSION AND ANY DOCUMENTS, FILES OR PREVIOUS EMAIL MESSAGES ATTACHED TO IT MAY CONTAIN INFORMATION THAT IS CONFIDENTIAL OR LEGALLY PRIVILEGED. IF YOU ARE NOT THE INTENDED RECIPIENT, OR A PERSON RESPONSIBLE FOR DELIVERING IT TO THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT YOU MUST NOT READ THIS TRANSMISSION AND THAT ANY DISCLOSURE, COPYING, PRINTING, DISTRIBUTION OR USE OF ANY OF THE INFORMATION CONTAINED IN OR ATTACHED TO THIS TRANSMISSION IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS TRANSMISSION IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER BY TELEPHONE OR RETURN EMAIL AND DELETE THE ORIGINAL TRANSMISSION AND ITS ATTACHMENTS WITHOUT READING OR SAVING IN ANY MANNER. Hello Faculty/Staff, The Texans have sent us an offer for you all to buy affordable tickets to a game vs. Jacksonville on November 29th. Each ticket purchase comes with a VIP pregame experience. It's feeling like old times inside NRG so come and join ME ????. The VIP pregame experience - The group (Houston area teachers, staff, and their families ) will get access to the first couple of rows of the stadium at the 50-yard line 2.5 hours before kickoff for 45 minutes, for a behind the scenes look at what all goes into game day. There will be photo opportunities for group members, and in the past, there have been times where either the cheerleaders or players are out on the field warming up! The experience runs from 9:00-9:45AM - This experience will be exactly 45 minutes long and cannot go over due to NFL security gameday protocols. More details and a link to purchase tickets is below. Amy Mattes Director of Athletics St. Agnes Academy 9000 Bellaire Blvd. <x-apple-data-detectors://4> Houston, TX 77036-4683 <x-apple-data-detectors://5> www.st-agnes.org <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.st-agnes.org%2F&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033160184%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=gl3O%2F%2BrCumU7psXOHY3Cj0XLDoDP5nrC2afr3mh4GRU%3D&reserved=0> 713.219.5490 <tel:713.219.5490> direct Legacy . Pride . Tradition <blob:null/7f99e318-93ef-469d-a6ee-089e1997ba0b> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.st-agnes.org%2Fathletics&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033169823%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=o3M2lo4IQD4KfvvjAb8dsWnZNMtpo9P4rJ6MYn%2Bwecw%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fsaatigers%2F&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033176885%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=wpqG79nuZQeeEIQSMYrpKpiX6ySfH5CYrvLjWifNWQE%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com%2Fsaasports&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033183142%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=fpS2%2FC439XyM9iB6CUTvE0rENJWZLlRMGvLrNPzP7ig%3D&reserved=0> From: Stallings, Patrick <mailto:patrick.stallings@houstontexans.com> Sent: Thursday, October 26, 2023 3:46 PM To: Colleen Lewis <mailto:Colleen.Lewis@st-agnes.org> Subject: EXTERNAL]Houston Texans - Teachers and Staff Appreciation | St. Agnes Academy You don't often get email from patrick.stallings@houstontexans.com <mailto:patrick.stallings@houstontexans.com> . Learn why this is important <https://aka.ms/LearnAboutSenderIdentification> Hey Colleen, This is Patrick Stallings with the Houston Texans. I am running point on our 2nd Annual Teachers and Staff Appreciation Day at NRG Stadium this season! We appreciate everything that our Teachers do on a day-to-day basis, and want to show our gratitude by offering a special discounted ticket offer for staff, and their family/friends that includes a pregame viewing experience! Details below: * Texans vs Jaguars on Sunday, November 26th . * Exclusive "Teachers and Staff" Discounted Ticket Rate, paired with a VIP pre-game experience. Purchase Link: https://fevo.me/teacherstexans <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffevo.me%2Fteacherstexans&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033189130%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sybouRHS1ECpIpnADJ%2FQtVqqNo7pF%2BKF9nPwEJ6Bx80%3D&reserved=0> Customized Ticket Link: The ticket link above is tailored specifically to our teachers, staff, and their families. Easy Distribution: There is no cost to the academy. All your team has to do is just to share the provided link with families through email or newsletters in the lead-up to the game. Simplified Ticket Purchase: Families can access the link to purchase discounted tickets effortlessly. All the contact information on the material would be mine, so it reduces any inquires towards the school regarding the process. We look forward to seeing St. Agnes Teachers and Staff at NRG Stadium. All the best, Patrick Patrick Stallings Inside Sales Representative Houston Texans | Recognized as one of Houston's Top Workplaces ?NRG Stadium, Two NRG Park | Houston, TX 77054-1573 Direct Line: 832-667-2389 <tel:832-667-2389> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhoustontexans&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033195077%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kGKUbooT6PZv7MZMY99bPJ87sMU9Thxm%2BrfOEpVzOZQ%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhoustontexans&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033195077%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kGKUbooT6PZv7MZMY99bPJ87sMU9Thxm%2BrfOEpVzOZQ%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhoustontexans&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033195077%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kGKUbooT6PZv7MZMY99bPJ87sMU9Thxm%2BrfOEpVzOZQ%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhoustontexans&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033195077%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kGKUbooT6PZv7MZMY99bPJ87sMU9Thxm%2BrfOEpVzOZQ%3D&reserved=0> DISCLAIMER: All ticket options presented are subject to availability and price changes depending on market demand. All sales are final. No refunds or exchanges.? <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhoustontexans&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033195077%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kGKUbooT6PZv7MZMY99bPJ87sMU9Thxm%2BrfOEpVzOZQ%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhoustontexans&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033195077%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kGKUbooT6PZv7MZMY99bPJ87sMU9Thxm%2BrfOEpVzOZQ%3D&reserved=0> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhoustontexans&data=05%7C02%7Ccpl.claims%40tmhcc.com%7C14e63b31844c4198ee2008dc9b854b20%7C59744b1f09454a40984cc30b382e5dec%7C0%7C0%7C638556244033195077%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kGKUbooT6PZv7MZMY99bPJ87sMU9Thxm%2BrfOEpVzOZQ%3D&reserved=0>
                Attachments:

                  Headers

                  Key Value
                  DateFrom:
                  ToCc:
                  BccMessage-Id:
                  Authentication-Results

                  File Icon

                  Icon Hash:c4e1928eacb280a2