Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
11fa2b48-c25d-d2a8-7e3d-327f8f3a8ace.eml

Overview

General Information

Sample name:11fa2b48-c25d-d2a8-7e3d-327f8f3a8ace.eml
Analysis ID:1492043
MD5:0900127b0eb2191b5ce89a8e32a2509e
SHA1:1eea4d3a5f56730d9c125498e0b1f975b58ee675
SHA256:bed26a670b0b7c921d929b12b752646d6f87a7ff515a2af8cf9fde9c0d0675e7
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Multi AV Scanner detection for domain / URL
AI detected suspicious e-Mail
Form action URLs do not match main URL
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory
Suspicious form URL found

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 5908 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\11fa2b48-c25d-d2a8-7e3d-327f8f3a8ace.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3824 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "10603BE5-1B1B-48BC-B081-BBA57B2F24FE" "424C276C-4D78-4BB6-B0AC-02F5DD55FA8B" "5908" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bfIi0L MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 6752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1780,i,11648324427622676927,11368649980187320286,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 7976 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bfIi0L MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 8164 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1612,i,4499710969388806954,10319854927365193052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5908, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.17, DestinationIsIpv6: false, DestinationPort: 49704, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 5908, Protocol: tcp, SourceIp: 52.123.243.199, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for domain / URL
Source: enqxnvos.elementor.cloudVirustotal: Detection: 7%Perma Link

Phishing

barindex
AI detected phishing page
Source: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmlLLM: Score: 9 Reasons: The domain 'enqxnvos.elementor.cloud' is unusual and does not match DHL's official domain. The design elements and form fields are consistent with DHL's branding, but the domain is not associated with DHL and is likely a phishing site. DOM: 0.1.pages.csv
Source: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmlHTTP Parser: Form action: https://optika.org.ua/zak/esesd/dk0/dk2/php199dk35/logo.php elementor org
Source: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmlHTTP Parser: Number of links: 0
Source: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmlHTTP Parser: Base64 decoded: 1723534850.000000
Source: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmlHTTP Parser: Title: packet express- confirme su pago. does not match URL
Source: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmlHTTP Parser: Form action: https://optika.org.ua/zak/esesd/dk0/dk2/php199dk35/logo.php
Source: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmlHTTP Parser: <input type="password" .../> found
Source: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmlHTTP Parser: No <meta name="author".. found
Source: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmlHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 52.123.243.199:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.17:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.183:443 -> 192.168.2.17:49797 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 31MB
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: global trafficDNS traffic detected: DNS query: qrco.de
Source: global trafficDNS traffic detected: DNS query: enqxnvos.elementor.cloud
Source: global trafficDNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 52.123.243.199:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49757 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.17:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.17:443 -> 192.168.2.17:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.183:443 -> 192.168.2.17:49797 version: TLS 1.2
Source: classification engineClassification label: mal60.phis.winEML@31/18@20/127
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240813T0340370872-5908.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\11fa2b48-c25d-d2a8-7e3d-327f8f3a8ace.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "10603BE5-1B1B-48BC-B081-BBA57B2F24FE" "424C276C-4D78-4BB6-B0AC-02F5DD55FA8B" "5908" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bfIi0L
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1780,i,11648324427622676927,11368649980187320286,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "10603BE5-1B1B-48BC-B081-BBA57B2F24FE" "424C276C-4D78-4BB6-B0AC-02F5DD55FA8B" "5908" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bfIi0L
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1780,i,11648324427622676927,11368649980187320286,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bfIi0L
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1612,i,4499710969388806954,10319854927365193052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://qrco.de/bfIi0L
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1612,i,4499710969388806954,10319854927365193052,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Persistence and Installation Behavior

barindex
AI detected suspicious e-Mail
Source: e-MailLLM: Score: 9 Reasons: The email impersonates DHL, a well-known logistics company. The email creates a sense of urgency by stating that the package will be returned to the sender if not picked up within 48 hours. The hyperlink provided in the email body is suspicious as it does not lead to an official DHL domain but rather to 'ahorramas.com', which is unrelated to DHL. This is a common tactic used in phishing emails to deceive recipients into clicking on malicious links.
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Obfuscated Files or Information		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
svc.ms-acdc-teams.office.com0%VirustotalBrowse
www.google.com0%VirustotalBrowse
enqxnvos.elementor.cloud7%VirustotalBrowse
static.cloudflareinsights.com0%VirustotalBrowse
qrco.de1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
about:blank0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
svc.ms-acdc-teams.office.com
52.123.243.199
truefalseunknown
static.cloudflareinsights.com
104.16.79.73
truefalseunknown
enqxnvos.elementor.cloud
162.159.138.9
truetrueunknown
www.google.com
216.58.212.164
truefalseunknown
qrco.de
13.33.187.51
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
about:blankfalse
  • Avira URL Cloud: safe
unknown
https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.htmltrue
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    142.250.185.99
    		unknownUnited States
    		15169GOOGLEUSfalse
    52.168.117.171
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    216.58.212.164
    		www.google.comUnited States
    		15169GOOGLEUSfalse
    216.58.206.74
    		unknownUnited States
    		15169GOOGLEUSfalse
    52.109.89.18
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    142.250.185.227
    		unknownUnited States
    		15169GOOGLEUSfalse
    104.16.80.73
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse
    172.217.23.99
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.186.132
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.184.227
    		unknownUnited States
    		15169GOOGLEUSfalse
    104.16.79.73
    		static.cloudflareinsights.comUnited States
    		13335CLOUDFLARENETUSfalse
    172.217.18.10
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.184.206
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.184.202
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.110.84
    		unknownUnited States
    		15169GOOGLEUSfalse
    1.1.1.1
    		unknownAustralia
    		13335CLOUDFLARENETUSfalse
    162.159.137.9
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse
    162.159.138.9
    		enqxnvos.elementor.cloudUnited States
    		13335CLOUDFLARENETUStrue
    74.125.71.84
    		unknownUnited States
    		15169GOOGLEUSfalse
    216.58.206.42
    		unknownUnited States
    		15169GOOGLEUSfalse
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    13.33.187.51
    		qrco.deUnited States
    		16509AMAZON-02USfalse
    142.250.186.142
    		unknownUnited States
    		15169GOOGLEUSfalse
    52.123.243.199
    		svc.ms-acdc-teams.office.comUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

    Private

    IP
    192.168.2.17

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1492043
    Start date and time:2024-08-13 09:40:05 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:23
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:11fa2b48-c25d-d2a8-7e3d-327f8f3a8ace.eml
    Detection:MAL
    Classification:mal60.phis.winEML@31/18@20/127
    Cookbook Comments:
    • Found application associated with file extension: .eml

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, TextInputHost.exe
    • Excluded IPs from analysis (whitelisted): 52.109.89.18
    • Excluded domains from analysis (whitelisted): ecs.office.com, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, officeclient.microsoft.com, weu-azsc-config.officeapps.live.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mira.config.skype.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtQueryAttributesFile calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.

    LLM Input / Output

    InputOutput
    URL: e-Mail Model: gpt-4o
    ```json
{
  "riskscore": 9,
  "brand_impersonated": "DHL",
  "reasons": "The email impersonates DHL, a well-known logistics company. The email creates a sense of urgency by stating that the package will be returned to the sender if not picked up within 48 hours. The hyperlink provided in the email body is suspicious as it does not lead to an official DHL domain but rather to 'ahorramas.com', which is unrelated to DHL. This is a common tactic used in phishing emails to deceive recipients into clicking on malicious links."
}
    URL: https://enqxnvos.elementor.cloud//ES/ESDHL/ESATE24V99SES/89HJFSES554//index.html Model: jbxai
    {
"phishing_score":9,
"brand_name":"DHL",
"reasons":"The domain 'enqxnvos.elementor.cloud' is unusual and does not match DHL's official domain. The design elements and form fields are consistent with DHL's branding,
 but the domain is not associated with DHL and is likely a phishing site.",
"interest_score":"0.998"}

    Created / dropped Files

    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):231348
    Entropy (8bit):4.396934919185179
    Encrypted:false
    SSDEEP:
    MD5:4A4D5F7D70FD8409E82A876F5F704F9F
    SHA1:F7F4059B6BBFAE27DEBEA07F5630546E66432196
    SHA-256:4FE920B661172D0C1D65B221F234E9427ECF1D59A82B3A44C42584CA9F140E3A
    SHA-512:BA73D18C3508FD770C19A5AC0799C538B7B95F11675FE3F906CCAA8810317EDE299E047B3DA22BFD6E9B7B6D8D1307D124C335340E5B51E69E3A5156FE5FF93F
    Malicious:false
    Reputation:unknown
    Preview:TH02...... ...v.T.......SM01X...,....Vf.T...........IPM.Activity...........h...............h............H..h........7SJ....h........`...H..h\tor ...AppD...h8...0........h.W.............h........_`.k...h.Q..@...I.+w...h....H...8..k...0....T...............d.........2h...............k:. ....... ...!h.............. h.g...........#h....8.........$h`.......8....."h..............'h..............1h.W..<.........0h....4.....k../h....h......kH..hp...p.........-h .......,.....+h.W................. ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\85755D8D-B0CA-4300-80BC-2E63DCA5782A

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:modified
    Size (bytes):176252
    Entropy (8bit):5.287483090702644
    Encrypted:false
    SSDEEP:
    MD5:4E8B535CD75D419F06E805DC06AD0FF1
    SHA1:C130A4A8E9EE3F21A95B57E6FB13B9279197C8C4
    SHA-256:71A50C716BFDD61DB1F35FB44D482A44092DAEBB7514FAD002C48EBB9F18EB92
    SHA-512:FA0F55C4DFBD0D783D186214F6DBA583E36E699ECFB1344972995C41FECC0E95F951EDCCFA614B5524A66D089DF1767A663B73F2F1C0EF442D6B9014A8544CAA
    Malicious:false
    Reputation:unknown
    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-08-13T07:40:39">.. Build: 16.0.17902.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):0.04496904445049149
    Encrypted:false
    SSDEEP:
    MD5:154EBEBD370CE08652118D2A9D9A4E1A
    SHA1:51CB0631AC4B7BFDBD014C549F97F5AC15AEE7FD
    SHA-256:6085D8D07DAD0AD4EE4C2E3F05D6590B205E911B18CF2AC573F0CBFAAA283A46
    SHA-512:FC0008EAEA63FFEBF0990686C8F97EBFD6E7CC1D79CA92E41519B39F22AE67E6DBED5BA21780CB7CD50AD73D90A0EBFBF6B2C7F823852F629B1E52211D0735C8
    Malicious:false
    Reputation:unknown
    Preview:..-.....................Br.&..2=.....3Q..uT.}...-.....................Br.&..2=.....3Q..uT.}.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:SQLite Write-Ahead Log, version 3007000
    Category:dropped
    Size (bytes):49472
    Entropy (8bit):0.48163729140813455
    Encrypted:false
    SSDEEP:
    MD5:1352A26F15E6D23EDF71826F9E39BEE7
    SHA1:35BE1EB42C8B0C8900AE79368393E3D16E9122AD
    SHA-256:D327211B4ED95E5EC301D6EB24AD10BDFD09CE6F7531D9CDEFACBF0CEBD8E555
    SHA-512:217FB7F7CACF04282A4F6EC69C4E5CD584F0A291BECD651B91B76E0C35FA21680D30D4F40D6F7262562C71A6836AB602CC9A3D3C7D19395EEE5FC3CE45111287
    Malicious:false
    Reputation:unknown
    Preview:7....-..........2=.....3.@E..*n........2=.....3.1C..|.lSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3AE843BA.tmp

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:PNG image data, 134 x 42, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):919
    Entropy (8bit):7.6925235511637275
    Encrypted:false
    SSDEEP:
    MD5:EC39C985E1E8F52F1684A7E59C44CE17
    SHA1:A3AA2295327557004C16D27B779549CEE5A1785D
    SHA-256:98CA209760480BB43D56AFBAC45EE00B377FE0092B2992A858FE4F8359D517EA
    SHA-512:62B530DEF04C5A865D778FAE4EC3ABF15E8F4D878781BC7A336EEE73128553665600AF5DEB1D8D71A0F56D80C74D6EC2F8CC3BE250B6A7F31B0C1E870EE5A2A1
    Malicious:false
    Reputation:unknown
    Preview:.PNG........IHDR.......*.....v.#.....sRGB........QIDATx^.Aj.A..+..B ...WY......z.].{/ ^.}p.....{]....!. .......&..g^.]53.S.|tuW..uuM..:~/..O(P(..`..5....@..`....^...z.V52.XU.....z.V52.XU.....z.V52.XU.....z.V52.XU......."?_.k.yn[d...C...3.x)..~.....y.A..6{..^.\},r..v.}.l`."ZC. ._....@.....G....X.Y .o.......5....^....o.1;...V{V.M.{iU.3.....b.!....i......2GH..o.j.M..#....G.{.y......\{2.*....fwlv.d....1..-.4;..zu./....<....%..:|+r.N.B.xi...........%,.K........cv^~>3kZ....T_.(.LbK......l_a....}.b`0.......zK..B..4,.....9....Y{....9.f..Sq.....)|......>..2.Fj..>..U.v.'+.#.......cK.....h.g...(O,...m.g.3t.>...{.....;.P...<..1..s{..jU8._.g......2.....4.a.I...C..2.e.g.j.. B_k..[... .l.T...f.....s.%5/....A.U7..^..^1R.5uI.u....$.=[m4 .cR...Z-.].......0x....-..bh...\..vW.Y_....M.C.h..W.Y.1........r..Q.."c.......%...E..&.0..KD.....M.`..S........$../......2.7.?h..^........IEND.B`.

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{19FA06C0-0E49-4CB8-92FF-2DD7A37DEAC4}.tmp

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):2136
    Entropy (8bit):2.13974718666782
    Encrypted:false
    SSDEEP:
    MD5:4F17FB924E890EC81833CFEA8C9EBC05
    SHA1:E83AC61DC1637803E8D1C9ECC1B20DD56C3F649A
    SHA-256:77C2B2240E35843F1A2138E3137A66182B52818350BBE9B1409ECD8BCBE94DCB
    SHA-512:1D1D4E435E5D19730AD862AA8825536A75638F7246DC50F1FAD95AAFB09568A807146909669209224383498C0E30848BF5CFA08D0F006FDC5D0C9B23FDB55362
    Malicious:false
    Reputation:unknown
    Preview:............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................L...p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................-D..M.......................-

    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1723534838104838400_016A3875-A9FF-45F6-9DA6-067EB4A5C3DD.log

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with very long lines (28759), with CRLF line terminators
    Category:dropped
    Size (bytes):20971520
    Entropy (8bit):0.15951674689646
    Encrypted:false
    SSDEEP:
    MD5:C2168B452C3352C479A35F1195F76C28
    SHA1:366B3EC8B01A12D9F3BE5A2E60448B45D4961F7A
    SHA-256:07B42D0A5BBB0857B2547A4D8B22DAC219B6D914B4AF24B23806955D07615761
    SHA-512:887191ED4F413A7480D6136639C3B1E9C171E2F8A2357C4BEAD9D18152234FAD4E8DD6BA1A87E2781B496D45E79032ACF163284D68DA808E1C99E233B6931842
    Malicious:false
    Reputation:unknown
    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..08/13/2024 07:40:38.143.OUTLOOK (0x1714).0xBE0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-08-13T07:40:38.143Z","Contract":"Office.System.Activity","Activity.CV":"dThqAf+p9kWdpgZ+tKXD3Q.4.9","Activity.Duration":14,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...08/13/2024 07:40:38.159.OUTLOOK (0x1714).0xBE0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-08-13T07:40:38.159Z","Contract":"Office.System.Activity","Activity.CV":"dThqAf+p9kWdpgZ+tKXD3Q.4.10","Activity.Duration":10821,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVer

    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1723534838105634000_016A3875-A9FF-45F6-9DA6-067EB4A5C3DD.log

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):20971520
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240813T0340370872-5908.etl

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:modified
    Size (bytes):102400
    Entropy (8bit):4.4840659547717365
    Encrypted:false
    SSDEEP:
    MD5:AB51C1538269D76C97685FD2EDA5C55D
    SHA1:2DD5304A80D5765555A45A2512D54CE183D992AA
    SHA-256:E787A8FBDB3CEA4333ACEED3CBB1FCC89BA96147ECA6A1CBEC402D1B7A8BCFDB
    SHA-512:08D3BF48541AD1D5D64FD8A218EB2CEB2B4DC12C7B86816B832A79933E2DF2EC625447598BA0707AF18601DC801291D107FAF6F7612B54E8273C55CAE93E37F4
    Malicious:false
    Reputation:unknown
    Preview:............................................................................d...........F$..T...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@}...Y..........F$..T...........v.2._.O.U.T.L.O.O.K.:.1.7.1.4.:.7.a.0.2.d.2.b.c.4.e.a.d.4.5.6.2.8.e.e.e.c.7.1.6.7.a.4.1.d.1.c.2...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.8.1.3.T.0.3.4.0.3.7.0.8.7.2.-.5.9.0.8...e.t.l...........P.P.........F$..T...................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):30
    Entropy (8bit):1.2389205950315936
    Encrypted:false
    SSDEEP:
    MD5:63181A862603AF8663A32B1D4FEB0CB7
    SHA1:5D8CC34CBEAB0CEC9D98C21CDBCCF8539F31E4AF
    SHA-256:5A530EDB13FFF1AA28EFF7C8496C34AA40C13106CFCFC6ED83CCE7AACE162A3E
    SHA-512:E57858731C70A412D305CE19FC774F4D91FA70D7E5F652EABF1EC140C8E4687505542A0E056ED49CFA1E30E0292F0DB6CD44158E64F44E153A2341B50398B963
    Malicious:false
    Reputation:unknown
    Preview:....`.........................

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 13 06:40:50 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2677
    Entropy (8bit):3.9934277690541387
    Encrypted:false
    SSDEEP:
    MD5:624CC4F114BE5589743DA1EB22001B3D
    SHA1:9AC4D0AFA5E78077962B4333565AD3F9F98BA3C3
    SHA-256:DA5CE4BB23E22E3EE189EDA22B05A354E481FB4B8F76BAEE2B4074AFFB460BF6
    SHA-512:7D860891EFA821C17FF3907B6751DB6495ED2467AC37E174222710047B4A500C9ECB54FA249B0D02E4E5E75DD0B272A6735B0D6E8415E2165FAEF877C2F4C27B
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,......1.T.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.=....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.=...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.=...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............D|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 13 06:40:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2679
    Entropy (8bit):4.01024161707875
    Encrypted:false
    SSDEEP:
    MD5:F25DF57B12134AD0D1C96AD50D50B621
    SHA1:FF47C5E95F9F791B972F9A887053E9DCAAAFD09F
    SHA-256:0F472F0700BDAF98E0ED912E4AC38FE8E1E7B2DD862C1BA056608AFA9518954E
    SHA-512:98A6147232F9E720DECD79971E5B2945775C0FDEB1A94BEA7094BE4952E19D9705C1E8021DD1EDF50B69081D27F37C88A943125B0F5638E6FDB872511249AB40
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,.....h$.T.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.=....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.=...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.=...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............D|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2693
    Entropy (8bit):4.017760961823684
    Encrypted:false
    SSDEEP:
    MD5:C2EFDD9C2714F224E53A398CD7DD8220
    SHA1:21210ED2F94B879C2A7DF32B1C0FA0AB6DA2F9D0
    SHA-256:90E05DDC5DD15BF78AF0EEEAEC8A9B8268E014BA5B7E6D3E8578439844538B2D
    SHA-512:58FD7E4F4D5AF90EB74A8FBE12AD7D01A76272D3B2890612659234A70E78612CA638E0AA824F7B9E6197B08303A7EDE122446EEC94B3C1E6EA3746A45D001352
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.=....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.=...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............D|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 13 06:40:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2681
    Entropy (8bit):4.010969604263222
    Encrypted:false
    SSDEEP:
    MD5:B9E2911A176061DB256FB1FA4F6EDA9A
    SHA1:0500B929CF4B31AAAF6193253D2EDE56D62524BF
    SHA-256:42BF1A885724FE8E56E8FCD5CFBE2947250E9AE57360667E04A79295001BA52C
    SHA-512:DD3C5826E1AE38D15CBAE7B799D2828213CCCEA09F32A3D57BF5591346EEB382F885D7E41023B40D56152A0188114F6116AA4A9B5AC873794B0B87019DF352CF
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,........T.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.=....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.=...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.=...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............D|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 13 06:40:50 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2681
    Entropy (8bit):3.9990547911414676
    Encrypted:false
    SSDEEP:
    MD5:BAD6B851727FAA69D694D06231B604E1
    SHA1:E8AEA424823EDF48BF9F1A347B58AFE24CA7FE90
    SHA-256:DEFBCDCA413393D11DD5B70FD9FC528C4E0BF88B246828EC528BCEEABD8DFFD9
    SHA-512:824A9F9138C1952AEC20671220A354536B121E9F871C7275451CA9110435DE1BAF6AFE480E3CC09096795A8FE33BCDF336FDD3ECB10761C5A4CC068D8ACC7C20
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,....I.*.T.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.=....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.=...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.=...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............D|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 13 06:40:49 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2683
    Entropy (8bit):4.008147229589862
    Encrypted:false
    SSDEEP:
    MD5:9B635BBE481F6C1D38697E8D3AF73B14
    SHA1:449409FF60AAC3B288FB2E3F7C0F88F443764E38
    SHA-256:FA3A62A71780E8E0A85F9205585DEC6E984582DD3619F3F2992E97DB0BA54171
    SHA-512:67B7D4CFAFEEBF0EB282064AE82AFC039E46A87EE233CEEFAFB22723F7B7D333EC4AC446C9E5B116A700C36C28379ECCC1CA50B1415EB031F942A507DD470AC1
    Malicious:false
    Reputation:unknown
    Preview:L..................F.@.. ...$+.,....9...T.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.Y.=....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.=....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.Y.=....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.Y.=...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.Y.=...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............D|.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:Microsoft Outlook email folder (>=2003)
    Category:dropped
    Size (bytes):271360
    Entropy (8bit):2.7470274621955046
    Encrypted:false
    SSDEEP:
    MD5:713215F6F43F3624D3D1A97C6F139F4B
    SHA1:5B129466486CB805F457DD1BC66AFE37B0DD44E2
    SHA-256:C463F24149021CAB8BBC3B73B1F72D6178FB1434381C16EDA24FEE49087A742F
    SHA-512:66AD96560CCA45240A46A41EF5C7575DA3EFFBF611606322B2A6C185906DC4597B8C8130B2808D22FF031FBB11DED9A7C757E2E000A848552B5528529BD356AE
    Malicious:false
    Reputation:unknown
    Preview:!BDNQy/.SM......\...M...................Y................@...........@...@...................................@...........................................................................$.......D......@...........................................................................................................................................................................................................................................................................................................................T.......D.'.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:OpenPGP Public Key
    Category:dropped
    Size (bytes):131072
    Entropy (8bit):3.4913898693886183
    Encrypted:false
    SSDEEP:
    MD5:06BE08C6FD8DB001112C99EFD32C73FC
    SHA1:E22945E774ED6140E39DEFE1D7A1CAC065B76BBF
    SHA-256:35271121A2AEED8C094BC8D29397E0205707D4D6DF7704CE31EDD04FB21498DD
    SHA-512:E4F2A2C3A1998D562956B54FAD4951ED609E6B9516A1043398AC5E594DB2BF15AD283C4A46CC90C6EFF41A82932852D9C0636F5925196AC95E51ADA4F442B04D
    Malicious:false
    Reputation:unknown
    Preview:..C...k...........Z...T.....................#.!BDNQy/.SM......\...M...................Y................@...........@...@...................................@...........................................................................$.......D......@...........................................................................................................................................................................................................................................................................................................................T.......D.'.....Z...T........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

    Static File Info

    General

    File type:RFC 822 mail, ASCII text, with CRLF line terminators
    Entropy (8bit):5.962105541791398
    TrID:
    • E-Mail message (Var. 5) (54515/1) 100.00%
    File name:11fa2b48-c25d-d2a8-7e3d-327f8f3a8ace.eml
    File size:23'153 bytes
    MD5:0900127b0eb2191b5ce89a8e32a2509e
    SHA1:1eea4d3a5f56730d9c125498e0b1f975b58ee675
    SHA256:bed26a670b0b7c921d929b12b752646d6f87a7ff515a2af8cf9fde9c0d0675e7
    SHA512:13654dcc2781bbe8786fc64d633cc08c3b48229ee4685bbde554d0e614697f2e1204f2303da9407e6a5d9f38cd77fc3860bdad2217db94e18b4624f54e8d9537
    SSDEEP:384:SXdoiWghO0EQZVCqmjqjG0+1VOQA9Qz9Qm9Q/9QU9QAWd6XI:YpOuVCqohOQA9Qz9Qm9Q/9QU9QAWd6XI
    TLSH:C2A2B808D2428F52D1119950A52F1E0870306F47EB37DA652BBB779ECB8F5385BD2BB4
    File Content Preview:Received: from AM9P192CA0001.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:21d::6).. by PAVP189MB2388.EURP189.PROD.OUTLOOK.COM (2603:10a6:102:30b::12) with.. Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.15

    Static Mail

    General

    Subject: DHL- Aviso de envo 6508774221
    From:Servicio DHL <noreply@coopama.coop.br>
    To:cal_asantiago@ahorramas.com
    Cc:
    BCC:
    Date:Mon, 12 Aug 2024 07:01:28 -0700
    Communications:
    • 2.65
    Attachments:

      Headers

      Key Value
      Receivedfrom smtp.mandic.com.br (unknown [146.103.38.232]) by smtp-03.smtp.mandic.prv (Postfix) with ESMTPA id C89C5440A8A9 for <cal_asantiago@ahorramas.com>; Mon, 12 Aug 2024 11:01:29 -0300 (-03)
      Authentication-Resultsspf=pass (sender IP is 177.70.124.106) smtp.mailfrom=coopama.coop.br; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=coopama.coop.br;compauth=pass reason=109
      Received-SPFPass (protection.outlook.com: domain of coopama.coop.br designates 177.70.124.106 as permitted sender) receiver=protection.outlook.com; client-ip=177.70.124.106; helo=smtp-03.idc2.mandic.com.br; pr=C
      FromServicio DHL <noreply@coopama.coop.br>
      Tocal_asantiago@ahorramas.com
      Subject DHL- Aviso de envo 6508774221
      DateMon, 12 Aug 2024 07:01:28 -0700
      Message-ID<20240812070128.EB0FFBB06CAA3EFD@coopama.coop.br>
      MIME-Version1.0
      Content-Typemultipart/alternative; boundary="----=_NextPart_000_0012_3FB72B38.2C76347A"
      X-Mandic-AuthhsoVkH+d4bbOzbd0OZvX/X6R983rJloDeJK0maTk0cDX3CdXa23YU48B4h6ZFHP0iKRbYGvvMBw=
      X-Mandic-Sendernoreply@coopama.coop.br
      Return-Pathnoreply@coopama.coop.br
      X-EOPAttributedMessage0
      X-EOPTenantAttributedMessage4eb911de-063e-41cb-bcf9-71aabf223544:0
      X-MS-PublicTrafficTypeEmail
      X-MS-TrafficTypeDiagnosticAM3PEPF0000A791:EE_|PAVP189MB2388:EE_
      X-MS-Office365-Filtering-Correlation-Id644ded41-f17c-460a-d5be-08dcbad746b0
      X-MS-Exchange-AtpMessagePropertiesSA|SL
      X-Forefront-Antispam-Report CIP:177.70.124.106;CTRY:BR;LANG:es;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:smtp-03.idc2.mandic.com.br;PTR:smtp-03e.idc2.mandic.com.br;CAT:HPHISH;SFTY:9.25;SFS:(13230040)(12012899012)(2092899012)(4073199012)(5073199012)(75476002)(80690200005)(43540500003);DIR:INB;
      X-Microsoft-Antispam BCL:0;ARA:13230040|12012899012|2092899012|4073199012|5073199012|75476002|80690200005|43540500003;
      X-Microsoft-Antispam-Message-Info LVIstQfY8tBLjp8lCy5HI6amd/YMu5QiiyKFiCQv7sdXVpC/IXJWquebRb0omGwHdihJhmaP+IbE+3h0hQ9sopudxqJfKRWfGl3vrsmrYK2BUT0w4R515uCijLlqz1FYzg8xY0YdzEGCNhuiGWxqM+9JkJ/e5nmLM56TKxBATAJ8AxWtSrwwX8foy9e1SJ0Oa3fCmWHd5p3FF3hisL+s+V5HTWJT9Y2fHYeiqQ9rJknvLleCWGVDdcErKmX0WQtaGUPAVFeow2RzeMRFFq2hlPKA93tAD1DUSw7y931zNWkuGZMsyOBXn7bS/ifdDjzdn6OUHEzBJR3Jr2a81q8Pqw3XlyefGDG6+rDdRqo+aSBcpGimb0U5um9rH4E9Rnl//L3KHYpq87/9Z5siPdHjXEM17MKUT3pEWV80CY15eyMMzDpDWHiT6wCMutVh/VSaC61COIaTWHeqTEXfAAB5GXzxoz1lUbE5bjeDSwH8MDxvNRMIbM3tSlhLg6G5fKQUZOJO/r8Zbnd41TCk5D3F8j0LWR+7kFo5mBxn2yepqNjMM8v1/SquYKmgWF5BRGyUuU4QQ2/zosY71cqGPjYAs8Vnrpe+7NhQ0/qyB9DH8aqPkgGp1Va2LbspIdK2vAQ+em7Q3wXEf+1YAzN8MS3zxZZsw9xPjDqITQUYAgxeJ7UdaEG9DEiNQr5KtZG7CvoXtE5o6q0BkKoOCcu0uQDKTouV7JaZ7A36q5JGQuMxQ9ds+E2I2yeN2m9fut08NQw80YpPdEf3ldcxysjsx2oAwRbCXVPtIn7VZwIy5I4MSvYiWCflsOi2SMuzHnb0pZkBT8o5dLP5Hf8Riplzrb6XflnpkerF58wGt4UFvFnMJgpVHH9ET6ha5v09mpi2lTdvXPEmlH9LJE9C1bLeGTeuldpGWsNMQVVEk1kYhGemuDTFAB3LWuhY0zWtNCNsQidW/hFxgfZ5/Ost1FwG0LyYWhHUXsauFty+Jti/BwNwr1qhFtC6k8bKxWely6ON5DPCQa33ZxMdhalGCkEiuTuuQli1ITPPxDBtRumKmNURaEkIrMtFmUqXKGS616ygDRH8+bBlMR2pBHUpWq5tgueo3BWhN6Ph9MJ6vDs9K4jP+6XCiOg/UakIHXsVDh6G4sbDWZxndYsl9A35+qcDq5+B5tjFGbuej40VroKSmaOuT6gRtd8idOS9fKTjCxFMRqJBAr3EWfM2iuNm52SjLBXXLqylaCsG0u8ILIyAfsK8t+u70/1/hCNmWuXu7TIs2QjyblfABXo1OU14vCU43GXeIFu83mbii5exeuBwMtzC4SgpaoZ6nENVRMjcn7Ga9YjFF0WWBTSriRbySzN6S1aQj+8DAwpBAB1VjVEQq9mIYNy0feDWhDsZwVUcRgzOR5mLZnkKt5L+CE+0QcTG0CH7HA/toNslzGZ1PFuuCDvlseE1KFN6C36qkcROF+UfIgpWtR7dGm6aD89cdZn+PYEVFBf2Ao7XCbndE48BAuHptHsB5xJVjrrYUukIIZuKRonsHfWjfMUsVePZUV/B9u28fWGtjxWpw2blaeOXP3VS8bKKNFWvuurE/kvQa5jARB0MtTlWx55ZovBh8KmRTpAdR9Atfbd0BbtNnYA5gfV7nLoKbFTv2MyWc+Za5vOdubaw181JOnPafJjaJjeplft62vGSLS1QwXCq0Tl5X2398dPcgpip5z5KAkSJc3LDc0c8zWFz1zdRFh9w0Hnz4rbGs9d6KlPQd8KhwGjvjB938rY8M3nW4trFngJ5Qq8awSvjKWdKh7iGrJ/EspFwdFIbAH+Zj9Y+SbsCsWt/ynwDGjwR2MUSn7PXJtr8/n/am25KZlkf6UVCXJJeJ9pIFViDhdL3Rwup3tTYPlxdtL/XocMBtN6Z7hZPLkUXDuVkkQrsuqvlIK0tjKvI4+MivsqpUEIaBcz5Qz5bR9R4jWu2DfkO1ah8dDepdDmH7sT4+yPP1Nvw7pYSeIMJ2tnmxMqSArLRWlK9p0VMrplSsxBPe163usfWsPJa0crTd2jw0k28E66aAfu6uu6rwlNUBo0QQ39NbJMTYXfVGgvl9mAkzYCtZtECfucp+LH7ay7nxZoV3z3mcINyXcpsyb3zkK+YX/ITXo/tyxkJ6kp9iCknjEd+TiJLoi5JNUv+NFrsItGkTFgkkTne1smGwsZ8S17KqywIHlyF+PkFs1H+12MsBaJ7YoTmzAwetGEF6F39kx1MfmyhGaZnm1qYMnRKNdblLEJ1taWMrdEZR2sYIflW+7fZib1w5M2fO9CFlHBOBy+VEJ/da8+ifBatGDcspPvXnis82Db+G1xplawF7+ucbxTzsUo8OJSPpuk0u1+A4hDCwWs/tWpg5fCq0ZlJFNuDcUnknYaco3+jNX8mkbM8ppiP4cP51+2eyC7ep8ErOyGliYMg/VfbmyELdnxlHu5zwzJTmu9TaoF9l4oVN0c0MgvZbB4U2Dy4UacPZe26nfXi4p19amPK4Dd61AGBNf8CTrcyxc4ZSa9QzqA8OgnJao5qdxNiHhbRsw5dMZsH1h3bFIhSNnTL7E3A014K6jIB31cPj5O0J0IJWvT/2wiq5FzW7sH0aiC09ibXsshqNOo3fydm9Fy8E5c+d6HZdTCwnH8AtoAkdUda1NbiwV5gFQQ2MWbDVV+GoM5IPV57RwD+twHMANXgjvalPbEVNuaaQunSSsJBgC2BC3HOo+fyerjBlDcgQiEzk626xkzKWMZYAhDY1voXY+3D/DBFmvFMWTH2APK8/9AudWdK2p6bTceoh6XLq0zUaPr6KBPNzYFW3YjcuOLgYHLriHD7Xpccxc6JdQDlrbhBvdHsNPIi+228Yub4Cdl4dWodtACatbQcyvVmNMv7ih3HCNbDRgiK+MllCfJusexFZbYWxWdVpfvW/yOo370sGNRPKv+J5xsQaADpk2wtBYEu2jwZdcxkafQo4ssam9+CmWFzJUJ8Cf0=

      File Icon

      Icon Hash:46070c0a8e0c67d6