Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Inspection Notice.msg

Overview

General Information

Sample name:Inspection Notice.msg
Analysis ID:1504734
MD5:5e6c4ca5e31e609252e581aa969f4ac3
SHA1:e0ffc87b71fd38156bf9598fdbc6100d226d389f
SHA256:5afab3c5c9f9cc62b280410fb0d5e7c01d51b675e5a0529d6a6414181ed7102a
Infos:

Detection

HTMLPhisher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
Yara detected HtmlPhish29
AI detected landing page (webpage, office document or email)
HTML page contains suspicious base64 encoded javascript
HTML body contains password input but no form action
HTML title does not match URL
None HTTPS page querying sensitive user data (password, username or email)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Suspicious Office Outbound Connections
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6800 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Inspection Notice.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 2336 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4A0D1A61-F9A0-4FC1-9F42-A2F6B22A278C" "2A45D7D2-0416-497D-A85A-D3F4991330F4" "6800" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 1828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ucarecdn.com/06008b9a-5be2-4167-b89c-7cc3cd3d20cc/adobeCopy.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 3668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1928,i,13193760606468331332,3390998952651173257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Downloads\adobe - Copy.html.crdownloadJoeSecurity_HtmlPhish_29Yara detected HtmlPhish_29Joe Security
    C:\Users\user\Downloads\adobe - Copy.html.crdownloadJoeSecurity_HtmlPhish_29Yara detected HtmlPhish_29Joe Security
      C:\Users\user\Downloads\adobe - Copy.html (1).crdownloadJoeSecurity_HtmlPhish_29Yara detected HtmlPhish_29Joe Security
        C:\Users\user\Downloads\adobe - Copy.html (1).crdownloadJoeSecurity_HtmlPhish_29Yara detected HtmlPhish_29Joe Security
          C:\Users\user\Downloads\adobe - Copy.html.crdownloadJoeSecurity_HtmlPhish_29Yara detected HtmlPhish_29Joe Security

            HTML

            SourceRuleDescriptionAuthorStrings
            0.0.pages.csvJoeSecurity_HtmlPhish_29Yara detected HtmlPhish_29Joe Security
              0.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

                Sigma Signatures

                Sigma detected: Office Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6800, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
                Sigma detected: Suspicious Office Outbound Connections
                Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49698, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, Initiated: true, ProcessId: 6800, Protocol: tcp, SourceIp: 52.123.243.74, SourceIsIpv6: false, SourcePort: 443

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                Phishing

                barindex
                AI detected phishing page
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlLLM: Score: 10 Reasons: HTML file with login form DOM: 0.1.pages.csv
                Yara detected HtmlPhish10
                Source: Yara matchFile source: 0.0.pages.csv, type: HTML
                Yara detected HtmlPhish29
                Source: Yara matchFile source: C:\Users\user\Downloads\adobe - Copy.html.crdownload, type: DROPPED
                Source: Yara matchFile source: 0.0.pages.csv, type: HTML
                Source: Yara matchFile source: C:\Users\user\Downloads\adobe - Copy.html (1).crdownload, type: DROPPED
                HTML page contains suspicious base64 encoded javascript
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: Base64 decoded: <script>
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: Base64 decoded: <script>
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: Title: Share Point Online does not match URL
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: Has password / email / username input fields
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: <input type="password" .../> found
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: No favicon
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: No favicon
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: No <meta name="author".. found
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: No <meta name="author".. found
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: No <meta name="copyright".. found
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlHTTP Parser: No <meta name="copyright".. found
                Source: unknownHTTPS traffic detected: 52.123.243.74:443 -> 192.168.2.16:49698 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49729 version: TLS 1.2
                Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownTCP traffic detected without corresponding DNS query: 13.85.23.86
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficDNS traffic detected: DNS query: ucarecdn.com
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: code.jquery.com
                Source: global trafficDNS traffic detected: DNS query: kit.fontawesome.com
                Source: global trafficDNS traffic detected: DNS query: runn1rnl8xzmqeh0kvov.web.app
                Source: global trafficDNS traffic detected: DNS query: ka-f.fontawesome.com
                Source: global trafficDNS traffic detected: DNS query: 50k347.k347343.96.lt
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownHTTPS traffic detected: 52.123.243.74:443 -> 192.168.2.16:49698 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.16:49729 version: TLS 1.2
                Source: classification engineClassification label: mal72.phis.winMSG@19/26@26/219
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240905T0525330511-6800.etl
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Inspection Notice.msg"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4A0D1A61-F9A0-4FC1-9F42-A2F6B22A278C" "2A45D7D2-0416-497D-A85A-D3F4991330F4" "6800" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4A0D1A61-F9A0-4FC1-9F42-A2F6B22A278C" "2A45D7D2-0416-497D-A85A-D3F4991330F4" "6800" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ucarecdn.com/06008b9a-5be2-4167-b89c-7cc3cd3d20cc/adobeCopy.html
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1928,i,13193760606468331332,3390998952651173257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ucarecdn.com/06008b9a-5be2-4167-b89c-7cc3cd3d20cc/adobeCopy.html
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1928,i,13193760606468331332,3390998952651173257,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

                Persistence and Installation Behavior

                barindex
                AI detected landing page (webpage, office document or email)
                Source: file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmlLLM: Page contains button: 'View PDF' Source: '0.0.pages.csv'
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                Browser Extensions                		1
                Process Injection                		1
                Masquerading                		OS Credential Dumping1
                Process Discovery                		Remote ServicesData from Local System2
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Modify Registry                		LSASS Memory13
                System Information Discovery                		Remote Desktop ProtocolData from Removable Media1
                Non-Application Layer Protocol                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Registry Run Keys / Startup Folder                		1
                Registry Run Keys / Startup Folder                		1
                Process Injection                		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
                Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading                		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                No Antivirus matches

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                file:///C:/Users/user/Downloads/adobe%20-%20Copy.html0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                svc.ms-acdc-teams.office.com
                		52.123.243.74
                		truefalse
                  		unknown
                  code.jquery.com
                  		151.101.2.137
                  		truefalse
                    		unknown
                    50k347.k347343.96.lt
                    		45.84.206.132
                    		truefalse
                      		unknown
                      www.google.com
                      		216.58.206.68
                      		truefalse
                        		unknown
                        runn1rnl8xzmqeh0kvov.web.app
                        		199.36.158.100
                        		truefalse
                          		unknown
                          ucarecdn.com
                          		92.123.101.112
                          		truefalse
                            		unknown
                            ka-f.fontawesome.com
                            		unknown
                            		unknownfalse
                              		unknown
                              kit.fontawesome.com
                              		unknown
                              		unknownfalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                file:///C:/Users/user/Downloads/adobe%20-%20Copy.htmltrue
                                • Avira URL Cloud: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                172.64.147.188
                                		unknownUnited States
                                		13335CLOUDFLARENETUSfalse
                                173.222.108.226
                                		unknownUnited States
                                		20940AKAMAI-ASN1EUfalse
                                52.109.89.18
                                		unknownUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                142.250.185.106
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                52.109.89.19
                                		unknownUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                92.123.101.112
                                		ucarecdn.comEuropean Union
                                		20940AKAMAI-ASN1EUfalse
                                151.101.194.137
                                		unknownUnited States
                                		54113FASTLYUSfalse
                                172.217.18.99
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                142.250.184.206
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                66.102.1.84
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                104.21.26.223
                                		unknownUnited States
                                		13335CLOUDFLARENETUSfalse
                                142.250.184.195
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                52.182.143.208
                                		unknownUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                1.1.1.1
                                		unknownAustralia
                                		13335CLOUDFLARENETUSfalse
                                142.250.185.234
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                172.67.139.119
                                		unknownUnited States
                                		13335CLOUDFLARENETUSfalse
                                45.84.206.132
                                		50k347.k347343.96.ltGermany
                                		47583AS-HOSTINGERLTfalse
                                142.250.185.238
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                216.58.206.68
                                		www.google.comUnited States
                                		15169GOOGLEUSfalse
                                151.101.2.137
                                		code.jquery.comUnited States
                                		54113FASTLYUSfalse
                                199.36.158.100
                                		runn1rnl8xzmqeh0kvov.web.appUnited States
                                		15169GOOGLEUSfalse
                                2.19.126.151
                                		unknownEuropean Union
                                		16625AKAMAI-ASUSfalse
                                239.255.255.250
                                		unknownReserved
                                		unknownunknownfalse
                                142.250.185.195
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                142.250.184.238
                                		unknownUnited States
                                		15169GOOGLEUSfalse
                                52.123.243.74
                                		svc.ms-acdc-teams.office.comUnited States
                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                Private

                                IP
                                192.168.2.16

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1504734
                                Start date and time:2024-09-05 11:25:07 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:18
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • EGA enabled
                                Analysis Mode:stream
                                Analysis stop reason:Timeout
                                Sample name:Inspection Notice.msg
                                Detection:MAL
                                Classification:mal72.phis.winMSG@19/26@26/219
                                Cookbook Comments:
                                • Found application associated with file extension: .msg

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe
                                • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.109.89.19, 2.19.126.151, 2.19.126.160
                                • Excluded domains from analysis (whitelisted): omex.cdn.office.net, ecs.office.com, prod.configsvc1.live.com.akadns.net, weu-azsc-000.roaming.officeapps.live.com, weu-azsc-config.officeapps.live.com, prod.roaming1.live.com.akadns.net, eur.roaming1.live.com.akadns.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, a1864.dscd.akamai.net, mira.config.skype.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • VT rate limit hit for: Inspection Notice.msg

                                LLM Input / Output

                                InputOutput
                                URL: Email Model: jbxai
                                {
"brand":["DEPARTMENT OF EMPLOYMENT AND LABOUR"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                URL: file:///C:/Users/user/Downloads/adobe%20-%20Copy.html Model: jbxai
                                {
"brand":["Adobe"],
"contains_trigger_text":true,
"prominent_button_name":"View PDF",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":true,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                URL: file:///C:/Users/user/Downloads/adobe%20-%20Copy.html Model: jbxai
                                {
"brand":["Adobe Document Cloud"],
"contains_trigger_text":true,
"prominent_button_name":"Sign in",
"text_input_field_labels":["Enter Email",
"Enter Password",
"Enter Phone Number"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                                Created / dropped Files

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:modified
                                Size (bytes):338
                                Entropy (8bit):3.4270533496172915
                                Encrypted:false
                                SSDEEP:
                                MD5:C21E0FAD4C9A0449E13517D8C504A65F
                                SHA1:4470258231961E8C24381C97707C0182ECE3EC24
                                SHA-256:39522CBABDD426361513096A3964F585646694DA9D7993812A77212D0A5E61B0
                                SHA-512:9F7121713906F90573739AD58287DF921D314B84CD39367EF5446E7B3200014D0D29DE740FAA8DF39DC6F72D3A9B8C28D8F1AE0AAE917ADACBC3547275193886
                                Malicious:false
                                Reputation:unknown
                                Preview:p...... ...........u...(..................................................^SZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):231348
                                Entropy (8bit):4.38814930142592
                                Encrypted:false
                                SSDEEP:
                                MD5:0FD3FF5669BD533DC72DD85571B50D88
                                SHA1:3801D8FDCB2952031F8119E2BFB807ABC975CBE7
                                SHA-256:89D33111D4210219E756DA4E966D5310199EC0D21AAA789D89A29915FFF3B90E
                                SHA-512:B5BE3AC6698DDBDCE2FDDDB5C3C436E678C6181DE8088CE13530040452E0306EC3901B1DC970557873C672167768AB6863A5774D3FBE744D6184E3CC28F84C23
                                Malicious:false
                                Reputation:unknown
                                Preview:TH02...... ..z .u.......SM01X...,...0I..u...........IPM.Activity...........h...............h............H..h\..............h............H..h\cal ...pDat...h`...0..........h.............h........_`Rk...h....@...I.lw...h....H...8.Wk...0....T...............d.........2h...............k..............!h.............. h=.d..........#h....8.........$h........8....."h........P.....'h..............1h..<.........0h....4....Wk../h....h.....WkH..h 4..p...\.....-h .............+hq.......P........... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                Category:dropped
                                Size (bytes):322260
                                Entropy (8bit):4.000299760592446
                                Encrypted:false
                                SSDEEP:
                                MD5:CC90D669144261B198DEAD45AA266572
                                SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                Malicious:false
                                Reputation:unknown
                                Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):10
                                Entropy (8bit):2.721928094887362
                                Encrypted:false
                                SSDEEP:
                                MD5:43D152AEF25DD3216DB69BE19A447B56
                                SHA1:F49E905E201C0D588276AF40BEFE48D4879069DC
                                SHA-256:7790115AF56291D8E6511F9C28E149C4810C9B251A1D87029AB80790AB5F9BB3
                                SHA-512:A3B0C42364854D2821C8E4C212E56CBD94095B20CD165023DC8474EB4DBFF238DBE8B0CDE5DCBB77257051F78B350797403E68935D825714C3D825CA8AB3BFCE
                                Malicious:false
                                Reputation:unknown
                                Preview:1725528336

                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6CF14FC1-E1F6-4392-B166-A115CEB56060

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):176428
                                Entropy (8bit):5.287421845257231
                                Encrypted:false
                                SSDEEP:
                                MD5:FE98238D4A942D2639ED2A471115DAC8
                                SHA1:D2362A643CA0476DDC139838B2FEA45602EC00A0
                                SHA-256:3677F4F589B55994ABE54BB0734A14956E94BD3A3A1312A6F054559164FFED93
                                SHA-512:A17F957E95B9017F1949641CAE7FCD8F95B7609F2D2AADCF0CD5134219CFC72A67697FC3D623915F6C86ABAF5F2DB39D90A10EC8F571FB87F66ABD753E424590
                                Malicious:false
                                Reputation:unknown
                                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-09-05T09:25:35">.. Build: 16.0.18014.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):4616
                                Entropy (8bit):0.13700485453793962
                                Encrypted:false
                                SSDEEP:
                                MD5:F9FBAEFC26E8E1C853C3E73022EFE104
                                SHA1:60047DC8D791B298B6BAE5CBAC7BBDCE1B87D0AE
                                SHA-256:E78A19E4500AEE63530C37077C0C55533CF87EA3BEF3993A3B5D8FB164E0BC98
                                SHA-512:10A8BBB5076387DAE8AC09A15F17074371B1887D68E499D287EC2F8A4A65FF86DA693B6FA605CDA7B6B22626A2FF8B60BDE229672391D6109F1510571B9B72D4
                                Malicious:false
                                Reputation:unknown
                                Preview:.... .c......@.:....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                Download File
                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                File Type:data
                                Category:dropped
                                Size (bytes):30
                                Entropy (8bit):1.2389205950315936
                                Encrypted:false
                                SSDEEP:
                                MD5:598E77A0820F15F74C236181F0F4FF43
                                SHA1:17EDED81D5514640C014402427E07B9833A1B01B
                                SHA-256:6369EFC8A9FA8AF35566A2DE073848CDE465817E568B89C2554D06F14F6C9D29
                                SHA-512:7B0D800366B17BF8E52B36205149E153A523897424C9CE8BCA05456E0885DBE12EBF78017D421C07931F3F7A8FE68B6E6CD11E09DEA5773DFF1A4D50FB337ECB
                                Malicious:false
                                Reputation:unknown
                                Preview:....M.........................

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 08:26:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2673
                                Entropy (8bit):3.983827801673484
                                Encrypted:false
                                SSDEEP:
                                MD5:F8CE74EE43EAFC4EC5494A5DA6551091
                                SHA1:CE68E5F0ECF3C78645D8D37805D5F3812BE3F9C7
                                SHA-256:969EFF239406B2E1C78C6622B26E46DB1CB86B402D101F13F4328584515863AD
                                SHA-512:ECC9114844130610CE9FFB5109947E0C03781DDF6F0912930D7D76FA6FE474EAD15D8DAF5D49DE7B65CAF230EA6E9FA9E088B962E8F084EC87F866F129B6F520
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,....%...u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y(K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%YGK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%YGK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%YGK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%YHK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........U..X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 08:26:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2675
                                Entropy (8bit):3.9999145852646936
                                Encrypted:false
                                SSDEEP:
                                MD5:892751F01E734802BCDB4FE7B14DCA1A
                                SHA1:F2154A76315C6A21D9F7AB4B0DDD58B98D4620B3
                                SHA-256:0F401DE93FADD8C3FE4E61577058F6DB4AE1C2044C21D4F839FBD3FA0B3D79E0
                                SHA-512:2DB0C8FEAC732D4BB617598B0ABD9DEBA34B65FEEF3C197D71CF3E31CA7585A2682DA50B4A166F411B86B7E5589DE382AAB6D7E3AE603AC16A1140BD0D2F9D53
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.......u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y(K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%YGK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%YGK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%YGK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%YHK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........U..X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2689
                                Entropy (8bit):4.007439917935584
                                Encrypted:false
                                SSDEEP:
                                MD5:A366320F13BE8A352ED8DDC8021D53CD
                                SHA1:8766101F78D2FB1E39A253323BE8E8D3F2BC10F7
                                SHA-256:6A21E368EC9DB6F7676E656F673A46F51E59054D25B3FAFFCF969B0EE166DB03
                                SHA-512:3E9D486F8BB1EF206DE75E4DC9F87C570DFC3E9912B1C9F2EFAE0CE496BC4353459843A1CB637F34DAD13DD4E35E5E987B032974DD4DBF2D5497B83A1FA90CB6
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y(K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%YGK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%YGK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%YGK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........U..X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 08:26:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):4.000858301049639
                                Encrypted:false
                                SSDEEP:
                                MD5:322A1E6C0045EB05647A6CE24ADFC82B
                                SHA1:C1A5123528D3DDFE594DB60ED709264B579D5A9F
                                SHA-256:5D3425FD66D18D15926090C775D7C87D9B87A0377DCB7B0C7363D2460CA0B458
                                SHA-512:E90603BE2C324448B9C167418A6F8A338C33346178FB3B5E62DC555E2BAAF2359E91C7569017DAE16E066EB26B2D4E8A690D15B6049F90634EB81D9389371F49
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,.......u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y(K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%YGK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%YGK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%YGK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%YHK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........U..X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 08:26:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):3.988713345399687
                                Encrypted:false
                                SSDEEP:
                                MD5:DB85474436EE1D2F7D71EEE016F0D761
                                SHA1:6AF9DEF9671403AE5D42CF861806163991DC8DF8
                                SHA-256:706C504834FFA96AEA50252D8862547A3C1F1E2E3F9F174F8BDAC5914DFC7115
                                SHA-512:688E2A35D71972A8320FD3992895CCFA1A373BE46BC39B3D2200EB7512D87675FB07F53E608A6FB37506AA678A9DF8980653E69272637B93F47D901ABCAB241D
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,........u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y(K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%YGK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%YGK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%YGK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%YHK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........U..X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 5 08:26:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2679
                                Entropy (8bit):3.99865077274766
                                Encrypted:false
                                SSDEEP:
                                MD5:9EE2580FE3D35EA150C007EFA8448AAB
                                SHA1:014F0905E2B5778469E6B99E7CB390A9B01E90B8
                                SHA-256:A504EAE1B56156D0196197A3565DEBA00E1EEF09E722F1BF2A47945F301E9F3D
                                SHA-512:8AC757689EFB6F563FED7F8B4618CD9F791D8029EB2CC01D16C3158366FA2F7ADB1EDB03C3FC3B45E44D26C46AB1307E66D315C6C7CCE1FDD9F1E45D7AD5001E
                                Malicious:false
                                Reputation:unknown
                                Preview:L..................F.@.. ...$+.,......u...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I%Y(K....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V%YGK....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V%YGK....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V%YGK..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V%YHK...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........U..X.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\Downloads\745fe6f0-8f9c-4781-856e-654785493bea.tmp

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text, with very long lines (15056), with CRLF line terminators
                                Category:dropped
                                Size (bytes):15823
                                Entropy (8bit):5.223161986244759
                                Encrypted:false
                                SSDEEP:
                                MD5:DF7CDA5D9226652FDDD69BF3A152A752
                                SHA1:5EF0181BE4A6A3C155F76EB2B36D02896D971600
                                SHA-256:A5B06AD20BCF289F610B89B377A0D002FE870AE029A2D24F5BA154E1B26AC07E
                                SHA-512:BAE312FEC9EAF8336F559095ACE4DE8B8E098360F5725FC4EA5817937DFAC3C0DD97DBA5D5A7ECB634017C5FD6A94A02B6082B0492E1447CDAC15014B19CB55A
                                Malicious:false
                                Reputation:unknown
                                Preview:..<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js">.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.... Bootstrap CSS -->.. <style>../*!.. * Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;

                                C:\Users\user\Downloads\adobe - Copy.html (copy)

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text, with very long lines (64769), with CRLF line terminators
                                Category:dropped
                                Size (bytes):0
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:
                                MD5:A31456767302F509E07DBD2C6BAD7B2E
                                SHA1:48A0C2FB7C929EDCF9EB2381EDB425643B35266D
                                SHA-256:3010B58FE1C0DBE5DEE102C2A68E1C2C0C327856974FFF19AA5E3A3E16C587B1
                                SHA-512:2FFFAFFA48CFE5ABCD0FE2B11A963F074BD64F20CE22787CFFB09646BB480D0199D4C6E18C0B5D074D5F2D3AEF12D1747594AE5B9A3F997923E1CAF0EDBE4451
                                Malicious:false
                                Reputation:unknown
                                Preview:..<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js">.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.... Bootstrap CSS -->.. <style>../*!.. * Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;

                                C:\Users\user\Downloads\adobe - Copy.html (1).crdownload

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text, with very long lines (64769), with CRLF line terminators
                                Category:dropped
                                Size (bytes):286652
                                Entropy (8bit):5.868880581941545
                                Encrypted:false
                                SSDEEP:
                                MD5:A31456767302F509E07DBD2C6BAD7B2E
                                SHA1:48A0C2FB7C929EDCF9EB2381EDB425643B35266D
                                SHA-256:3010B58FE1C0DBE5DEE102C2A68E1C2C0C327856974FFF19AA5E3A3E16C587B1
                                SHA-512:2FFFAFFA48CFE5ABCD0FE2B11A963F074BD64F20CE22787CFFB09646BB480D0199D4C6E18C0B5D074D5F2D3AEF12D1747594AE5B9A3F997923E1CAF0EDBE4451
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_HtmlPhish_29, Description: Yara detected HtmlPhish_29, Source: C:\Users\user\Downloads\adobe - Copy.html (1).crdownload, Author: Joe Security
                                • Rule: JoeSecurity_HtmlPhish_29, Description: Yara detected HtmlPhish_29, Source: C:\Users\user\Downloads\adobe - Copy.html (1).crdownload, Author: Joe Security
                                Reputation:unknown
                                Preview:..<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js">.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.... Bootstrap CSS -->.. <style>../*!.. * Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;

                                C:\Users\user\Downloads\adobe - Copy.html.crdownload

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text, with very long lines (64769), with CRLF line terminators
                                Category:dropped
                                Size (bytes):275674
                                Entropy (8bit):5.86625163791911
                                Encrypted:false
                                SSDEEP:
                                MD5:7C949C0B37E8749A9C4DC506DCE82CC3
                                SHA1:01EBE5223A043A04ACD3D4D2103B7E28F0778DFF
                                SHA-256:F6FE18C8E548265AFA04220E2FD3D823D69A849A637E8FF49601D3520FDCCADB
                                SHA-512:62FA95A30DDBF7100B44E6E68B1BEF781D6F1FF6C6ACFF43148F4D774A9C153329E408730DC56F2DCC72481D97D2779D9E441CEED55CDD89D7979E3A01E29CA8
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_HtmlPhish_29, Description: Yara detected HtmlPhish_29, Source: C:\Users\user\Downloads\adobe - Copy.html.crdownload, Author: Joe Security
                                • Rule: JoeSecurity_HtmlPhish_29, Description: Yara detected HtmlPhish_29, Source: C:\Users\user\Downloads\adobe - Copy.html.crdownload, Author: Joe Security
                                • Rule: JoeSecurity_HtmlPhish_29, Description: Yara detected HtmlPhish_29, Source: C:\Users\user\Downloads\adobe - Copy.html.crdownload, Author: Joe Security
                                Reputation:unknown
                                Preview:..<!doctype html>..<html lang="en">..<head>.. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script src="https://code.jquery.com/jquery-3.1.1.min.js">.. <script src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.... Bootstrap CSS -->.. <style>../*!.. * Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;

                                Chrome Cache Entry: 82

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text
                                Category:downloaded
                                Size (bytes):422
                                Entropy (8bit):5.288029260973069
                                Encrypted:false
                                SSDEEP:
                                MD5:7BE6170E0A828586DA13D24BD8B5DF5B
                                SHA1:0B0A3446427EE7B5D707435A5910949A0CF4D33D
                                SHA-256:2BC55CCCEF92CA55D0D6FA4FC66BF1064EC6B35D8BCD2B75EB561DEA0F4BBE72
                                SHA-512:0AEC0CE2D1F55ECEAEDD85E70B5A4B9DF10623167B7E06C161772BC6E4088C036335FD24312E45744C9BE8A2E6EC6659301FA1B25EB2175CE83FCDBA2F945C47
                                Malicious:false
                                Reputation:unknown
                                URL:https://fonts.googleapis.com/css?family=Yellowtail&display=swap
                                Preview:/* latin */.@font-face {. font-family: 'Yellowtail';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/yellowtail/v22/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}.

                                Chrome Cache Entry: 84

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, components 3
                                Category:dropped
                                Size (bytes):30925
                                Entropy (8bit):7.75667128400845
                                Encrypted:false
                                SSDEEP:
                                MD5:BE5274AF7D8BD25B8148A190FF515399
                                SHA1:B8D0850FD92EE935287E17988B89E53607808C8C
                                SHA-256:26C62DBDF527B8DCBF378EA62F129CBBBA3B244730687909BA21ECD729C9D2E6
                                SHA-512:64893C625BE72783088575E36EF26FF4573243F32601BDA754EDA72B7515063B5E4E4831697D16AC663529C910AE12CCD145BEC530F2A9BAE4D9324301C65667
                                Malicious:false
                                Reputation:unknown
                                Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..g........|?....".+......_.......4...R...'..q..~...n.7...........QXJ<...=...^.V'@U..E..5....Uz........IE.PTe.}/p.y.......T.<...-T..|...b.=.#IU..~....{O/...b..E..............X...G...?........|......._....M..g.................T~g.......<.....T~g......3$.=._..IU.K..^.E...=.#U.._[X.R..=W...1..........QTr.\....*.7..?..6.9K..^.E.Ps.\...........%W..y...g)s[KX)<......

                                Chrome Cache Entry: 86

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (32065)
                                Category:dropped
                                Size (bytes):85578
                                Entropy (8bit):5.366055229017455
                                Encrypted:false
                                SSDEEP:
                                MD5:2F6B11A7E914718E0290410E85366FE9
                                SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
                                SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
                                SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
                                Malicious:false
                                Reputation:unknown
                                Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

                                Chrome Cache Entry: 87

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (60130)
                                Category:downloaded
                                Size (bytes):60312
                                Entropy (8bit):4.72859504417617
                                Encrypted:false
                                SSDEEP:
                                MD5:A12EC7EBE75A4D59A5DD6B79E2BA2E16
                                SHA1:28F5DCC595EE6D4163481EF64170180502C8629B
                                SHA-256:FC5128DFDCDFA0C3A9967A6D2F19399D7BF1AAAE6AD7571B96B03915A1F30DDA
                                SHA-512:28B9EA5F3F95807259C2745162424ACEECAC2556BC1AB9A3B33E4E15B54C6970A4DF4A5892FE83C1155C82CA8D93AEBB173BE32F1A7F8B9D3CE038B2DD1E6FFE
                                Malicious:false
                                Reputation:unknown
                                URL:https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
                                Preview:/*!. * Font Awesome Free 5.15.4 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul

                                Chrome Cache Entry: 91

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 1280 x 648, 8-bit/color RGB, non-interlaced
                                Category:downloaded
                                Size (bytes):414566
                                Entropy (8bit):7.991168308566867
                                Encrypted:true
                                SSDEEP:
                                MD5:BF5CA4D538EF63600F4BF8DA7337D13D
                                SHA1:BF481BC5D9FA20D825743F1DA224271920FE0D67
                                SHA-256:9A75D5FDC0EA750FB1D50EF4616B5E8F6650D72D9C65FFB939625B64EF802A11
                                SHA-512:5A1D246D8656D65576464FDF8A99D09160D100EFAE5F66BD7BB7418A21478A9067BA47930DFA7577BA1A02605D255FC7F4FA1B5A3578F406CB957416EDB0B9A5
                                Malicious:false
                                Reputation:unknown
                                URL:https://50k347.k347343.96.lt/acb0140/background_secureaccess.png
                                Preview:.PNG........IHDR.....................pHYs..........+.... .IDATx..i.]Wu&....S..,..I.e.d[.gl...........C ...i:..~..M./y..3th....4.L......e.O.l.Q.d[s..{.9{.....-U..JCLCH.....s...^.z.Z[.l.R..,.rl"......j......3....`.....B...(.....&.H(..@....I@..?..e.(..QT.T0>C.X......AS1...4..D.. .....I.8.&TR....(...0..@@...$.b0).Ec.bE..D.&.E.bJ.@..@P.t.@.... ..:..U.4@@..Q......D..Q.........!(.......TA.X_.@TA...(aFU...tB..$N.FB...-.Y)>....B. J.:.....D....".A@...q.c.B..O...."&"...r...1.u..F.P..;]...itT$.a.Q.9.....'..V.._c.T...........B%I..#.PM.5..C.H.........+$@.B......I !$ ...U.X.BLL.J...T. &P..`j..r...`ADaBx...".&..c.0....%...q..HqB.I..MT.@Q.C`PqD.7.&I.`......jB./H.. Pj.Q.."....Q)'...@..RD..x@...z3"(S.A.w(..Q4......m#D5.J...........IM.:j.!.|a..(...#...E..i.@.Sx...N.T.H.....M..D.03'.8.J(....0.B.q..9.4..P..h.....S.7S......0.C..$.(..`...3%....B...h....9D....2q*0O...D..!..@.......<EIQ....A.1.@p..i0.7=..V.j.^..3K.BL..W...M.,u..3.b.(..sIb...`.". jE...`H..:S.0.q....)$.....@D.BS.@.....

                                Chrome Cache Entry: 92

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (26500)
                                Category:downloaded
                                Size (bytes):26682
                                Entropy (8bit):4.82962335901065
                                Encrypted:false
                                SSDEEP:
                                MD5:76F34B71FC9FB641507FF6A822CC07F5
                                SHA1:73ED2F8F21CD40FB496E61306ACBB5849D4DBFF4
                                SHA-256:6DEA47458A4CD7CD7312CC780A53C62E0C8B3CCC8D0B13C1AC0EA6E3DFCECEA8
                                SHA-512:6C4002CE78247B50BFA835A098980AF340E4E9F05F7097C1E83301289051CE1282E647ABAB87DB28A32FBFE0263C7318D2444B7D57875873908D6D5ED2AF882F
                                Malicious:false
                                Reputation:unknown
                                URL:https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
                                Preview:/*!. * Font Awesome Free 5.15.4 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro

                                Chrome Cache Entry: 93

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (32030)
                                Category:dropped
                                Size (bytes):86709
                                Entropy (8bit):5.367391365596119
                                Encrypted:false
                                SSDEEP:
                                MD5:E071ABDA8FE61194711CFC2AB99FE104
                                SHA1:F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
                                SHA-256:85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
                                SHA-512:53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
                                Malicious:false
                                Reputation:unknown
                                Preview:/*! jQuery v3.1.1 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

                                Chrome Cache Entry: 94

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 290x174, components 3
                                Category:dropped
                                Size (bytes):8061
                                Entropy (8bit):7.924500474522582
                                Encrypted:false
                                SSDEEP:
                                MD5:897C3DA8D396F0434173680DFD2B5FB7
                                SHA1:B5207CF453113E6248B8406F65AC57FA11554EC5
                                SHA-256:A29BA00B157F0EB5D4B63D4912DD0285D22941C181AFD842BD176ADF327B2938
                                SHA-512:3895C86D922753AEE2DB6648AE670E0B6892EBD305871662E65AE074CA47ADBD9DCF1D44CE551DCBB445A47CAA5F32162C17D9EED905DD73B89C9E1D522B9174
                                Malicious:false
                                Reputation:unknown
                                Preview:......JFIF...................................................( ..%..."1!%*+.....383,7(-.+...........-...---+-..-+-+-/---/-/-------------+-----++----------........"...........................................I.........................!..1.."AQaq2B....RTdr........#3b....4Ss...$c.................................7........................!1AQa..q.."R.....2BSc..3b.#C.............?....{..@HR`....L. ....N.(...........`...X...`...u0.......L.p`....`..)..... .`.....Ab.!b......`.R`.!I...d(AI....HmA...Q.... ..8.......~.L.2..k|..._d...N...|.0,[.............Q.....c.C..V_.......80A..80........B.0A..X......PX..>..S)...A..(H.....H.$2H..N..BB.......GS....-.....F....6.V.=.....*FJ....2..+Jb.j.1e..B...z.LY.......g.?......BU..z....!`0...b. .e...,S.....`...u2.....M...0P...$...&C"`..P.L..<.vDqk.....u.9.....Z.....;\.x...{.oc........;....zC..C. ?......;....!.^.3..'6`.M.../.&.........<.D..Ms..\N.>*.hI...s..|..z..jr;cJ..%@'.v.:.....r...)P..Um..Wc..F......p.....kx.F...X....Z.S...f.M......

                                Chrome Cache Entry: 96

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (12736)
                                Category:downloaded
                                Size (bytes):13168
                                Entropy (8bit):5.2297734144757815
                                Encrypted:false
                                SSDEEP:
                                MD5:728F0893244E83BB14E60947E7102AFE
                                SHA1:0CAF34B59D050ED61A91CC0C4023048630A524D5
                                SHA-256:124EBC96F0792CE63C61C7C72539CFD040761FF3A846B3022D63AA85349A0114
                                SHA-512:7F063375AD9EC1D1C8A107262E54D302133C95A3A60E3873C4A9E28196EB288F0C61CA83F6E8E1CD52EC7C65D43C3DABFFC234A6B921ACEB821E2E7E4BEC1941
                                Malicious:false
                                Reputation:unknown
                                URL:https://kit.fontawesome.com/585b051251.js
                                Preview:window.FontAwesomeKitConfig = {"id":132286382,"version":"5.15.4","token":"585b051251","method":"css","baseUrl":"https://ka-f.fontawesome.com","license":"free","asyncLoading":{"enabled":true},"autoA11y":{"enabled":true},"baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"minify":{"enabled":true},"v4FontFaceShim":{"enabled":false},"v4shim":{"enabled":true},"v5FontFaceShim":{"enabled":false}};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function e(e){for(var n=1;n<arguments.length;n++){var o=null!=arguments[n]?arguments[n]:{};n%2?t(Object(o),!0).forEach((function(t){r(e,t,o[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(o)):

                                Chrome Cache Entry: 97

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (12736)
                                Category:dropped
                                Size (bytes):13168
                                Entropy (8bit):5.2297734144757815
                                Encrypted:false
                                SSDEEP:
                                MD5:944E70D7A6E3FB14E2EC62982BE07D6F
                                SHA1:C059CFF5508D6A3E435658C3720E4EFF1C18E589
                                SHA-256:4AF9396941A1B0BEFF198E0476F96364688A97B639E19F7ED7AF883C54A4B22C
                                SHA-512:C6925D35340695A8A8424872207479CD4626384E3FFF38131C64667B3295A7BB5858961C16D611EA144F9FA88D1FC86F16080E7BEE0739F9CA1E7E95C2B2C6F7
                                Malicious:false
                                Reputation:unknown
                                Preview:window.FontAwesomeKitConfig = {"id":132286382,"version":"5.15.4","token":"585b051251","method":"css","license":"free","baseUrl":"https://ka-f.fontawesome.com","asyncLoading":{"enabled":true},"autoA11y":{"enabled":true},"baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"minify":{"enabled":true},"v4FontFaceShim":{"enabled":false},"v4shim":{"enabled":true},"v5FontFaceShim":{"enabled":false}};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function e(e){for(var n=1;n<arguments.length;n++){var o=null!=arguments[n]?arguments[n]:{};n%2?t(Object(o),!0).forEach((function(t){r(e,t,o[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(o)):

                                Static File Info

                                General

                                File type:CDFV2 Microsoft Outlook Message
                                Entropy (8bit):3.758359652932734
                                TrID:
                                • Outlook Message (71009/1) 58.92%
                                • Outlook Form Template (41509/1) 34.44%
                                • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                File name:Inspection Notice.msg
                                File size:36'864 bytes
                                MD5:5e6c4ca5e31e609252e581aa969f4ac3
                                SHA1:e0ffc87b71fd38156bf9598fdbc6100d226d389f
                                SHA256:5afab3c5c9f9cc62b280410fb0d5e7c01d51b675e5a0529d6a6414181ed7102a
                                SHA512:e2196577e77cb7ef5c96ae919dd426c5537c34098ded78ebfb64828c20339aa8503bab0d20105f01a14b928ae294b20dc541ec507c7d980dd8999c186da579c6
                                SSDEEP:768:gHMG40KsK5sK0Gtzc+iR9K4jdjfP4mZsKwNSw8v0k7:uixMGtzTCFP4yY
                                TLSH:03F2AD1136F98709F277AF324AE690A79536BC91ED24878F3191730E06B1981E971F3B
                                File Content Preview:........................>......................................................................................................................................................................................................................................

                                Static Mail

                                General

                                Subject:Inspection Notice
                                From:Frank Griffiths <fgriffiths@nwpg.gov.za>
                                To:Undisclosed recipients:;
                                Cc:
                                BCC:
                                Date:Wed, 04 Sep 2024 13:07:32 +0200
                                Communications:
                                • Good Day DEPARTMENT OF EMPLOYMENT AND LABOUR. There is an inspection case filed against you. The department has decided to take the required action. The below link outlines the details for this investigation. <https://ucarecdn.com/06008b9a-5be2-4167-b89c-7cc3cd3d20cc/adobeCopy.html> CASE ID: F-20230809 You can view the above link and submit the necessary documents. Regards THE SOUTH AFRICAN EMPLOYMENT AND LABOUR DEPARTMENT
                                Attachments:

                                  Headers

                                  Key Value
                                  Receivedfrom NWPGDOb-MTA by nwpg.gov.za
                                  15.1.2507.39 via Mailbox Transport; Wed, 4 Sep 2024 1329:18 +0200
                                  15.1.2507.39; Wed, 4 Sep 2024 1329:18 +0200
                                  15.1.2507.39 via Frontend Transport; Wed, 4 Sep 2024 1329:18 +0200
                                  by mx314.antispamcloud.com with esmtps (TLSv1.3TLS_AES_256_GCM_SHA384:256)
                                  for Elsabe@nelsonborman.co.za; Wed, 04 Sep 2024 1329:15 +0200
                                  X-SYNAQ-Pinpoint-Branding-Pass-ThroughDid not brand : No branding for fgriffiths@nwpg.gov.za as fgriffiths@nwpg.gov.za
                                  Authentication-Resultsantispamcloud.com; spf=pass smtp.mailfrom=fgriffiths@nwpg.gov.za
                                  Wed, 04 Sep 2024 1307:40 +0200
                                  with Novell_GroupWise; Wed, 04 Sep 2024 1307:38 +0200
                                  Message-ID<66D83F74020000DC0013994C@nwpg.gov.za>
                                  X-MailerNovell GroupWise Internet Agent 24.2.0
                                  DateWed, 4 Sep 2024 13:07:32 +0200
                                  FromFrank Griffiths <fgriffiths@nwpg.gov.za>
                                  SubjectInspection Notice
                                  MIME-Version1.0
                                  Content-Typemultipart/mixed; boundary="=__Part8D8A3E64.50__="
                                  X-Red-Routeryes
                                  X-SYNAQ-Pinpoint-InformationPlease contact SYNAQ for more information
                                  X-SYNAQ-Pinpoint-ID1slo85-000ZbR-S9
                                  X-SYNAQ-PinpointNo virus infections found
                                  X-SYNAQ-Pinpoint-SpamScores
                                  X-Pinpoint-Fromfgriffiths@nwpg.gov.za
                                  X-Linkshield2024-09-04T11:29:00Z;h="omx8";v="0.9.41";i="1slo85-000ZbR-S9";
                                  Received-SPFpass (mx314.antispamcloud.com: domain of nwpg.gov.za designates 196.35.198.42 as permitted sender) client-ip=196.35.198.42; envelope-from=fgriffiths@nwpg.gov.za; helo=securemail-r4.synaq.com;
                                  X-SPF-Resultmx314.antispamcloud.com: domain of nwpg.gov.za designates 196.35.198.42 as permitted sender
                                  X-Spampanel-Classham
                                  X-Spampanel-EvidenceSB/antispamcloud_com (0.0464797129362)
                                  X-Recommended-Actionaccept
                                  X-Filter-IDMvzo4OR0dZXEDF/gcnlw0eyVqHO7m7TF32qCT6CUiJ6pSDasLI4SayDByyq9LIhV84o4e2wTCWUz
                                  X-Report-Abuse-Tospam@quarantine14.antispamcloud.com
                                  ToUndisclosed recipients:;
                                  Return-Pathfgriffiths@nwpg.gov.za
                                  X-MS-Exchange-Organization-Network-Message-Idacd4a01e-cd3b-4b33-2432-08dcccd4d0b1
                                  X-MS-Exchange-Organization-AVStamp-Enterprise1.0
                                  X-C2ProcessedOrgb871e11f-2424-4379-a75e-a1a8bfbe8592
                                  X-MS-Exchange-Organization-AuthSourceDCEXCCAS02.cloudcontrl.com
                                  X-MS-Exchange-Organization-AuthAsAnonymous
                                  X-MS-Exchange-Transport-EndToEndLatency00:00:00.2684283
                                  X-MS-Exchange-Processed-By-BccFoldering15.01.2507.039
                                  dateWed, 04 Sep 2024 13:07:32 +0200

                                  File Icon

                                  Icon Hash:c4e1928eacb280a2