Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Robert_Chraska%40liparifoods.com&senderemailaddress=WCCAReports%40genexservices.com&senderorganization=AwF8AAAAAngAAAADAQAAAKgdg9XBCchFg9cX1joL1OlPVT1nZW5leC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdh

Overview

General Information

Sample URL:https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Robert_Chraska%40liparifoods.com&senderemailaddress=WCCAReports%40genexservices.com&senderorganization=AwF8AAAAAngAAAADAQAA
Analysis ID:1511999

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
HTML body contains low number of good links
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6400 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Robert_Chraska%40liparifoods.com&senderemailaddress=WCCAReports%40genexservices.com&senderorganization=AwF8AAAAAngAAAADAQAAAKgdg9XBCchFg9cX1joL1OlPVT1nZW5leC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdhbml6YXRpb25zLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT03Mq%2fW%2baLNKQozTXlNaDsITQ049Q29uZmlndXJhdGlvbixDTj1nZW5leC5vbm1pY3Jvc29mdC5jb20sQ049Q29uZmlndXJhdGlvblVuaXRzLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT00B&messageid=%3c10e85f0e-2c1f-4d89-821a-36ff77c65f42%40PHLPRDEXCH01.genexservices.com%3e&cfmRecipient=SystemMailbox%7b2C41C89D-35A4-465B-B69B-6F1FC54D8B03%7d%40genex.onmicrosoft.com&consumerEncryption=false&senderorgid=f2e3e4c3-e58f-4b8a-bde8-550f8708312a&urldecoded=1&e4e_sdata=LHZ2ExWge3HKVQffgBL92a2t3%2bbH8jmI3v4cx47HhC5c5Gc3bbsh9YvYuoAta6BGeLLqwkiLjvDHU%2fCcxwihZlj7rjrmD0MSjkn3mCuYcoWkDA3Pw1KNKgWC2I3hjc2uuxJmWR8LtH%2bRgFiOjGxcIs9%2f6pbxsY40Sfa0K9hiSQlQajrdjpctCHkLbF3qklyQ4XNIH4717%2fObvQiYYzVZ2Bb5LLk0yu5HPH9GCcokfDKTltgvGrrePYPMSovKCZ9JPtT3TNB5ieZOQ9kVvRi9GMKVj%2fPJP9byBJDODlTaHOq2Z5xeP94G5I6IWKNoHTo%2blrNNow%2f%2fMG2KvmiR89pGtA%3d%3d MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1896,i,6432628014685550292,5651721126001515058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&OTPMessageId=612d7284-5d62-4a40-986f-2560f0072ba3%40BYAPR06MB4053.namprd06.prod.outlook.com&OTPReferenceId=6021LLM: Score: 10 Reasons: The domain name 'liparifoods.com' does not match the legitimate domain name associated with the identified brand 'outlook.office365.com'. The brand name 'Lipari Foods' is not associated with the given domain 'outlook.office365.com', which is a Microsoft service. The URL is a phishing attempt as it is trying to impersonate a legitimate Microsoft service to trick users into entering their credentials. DOM: 2.1.pages.csv
Source: https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&OTPMessageId=612d7284-5d62-4a40-986f-2560f0072ba3%40BYAPR06MB4053.namprd06.prod.outlook.com&OTPReferenceId=6021HTTP Parser: Number of links: 0
Source: https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&OTPMessageId=612d7284-5d62-4a40-986f-2560f0072ba3%40BYAPR06MB4053.namprd06.prod.outlook.com&OTPReferenceId=6021HTTP Parser: Title: Encrypted Message OTP Sign in does not match URL
Source: https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&OTPMessageId=612d7284-5d62-4a40-986f-2560f0072ba3%40BYAPR06MB4053.namprd06.prod.outlook.com&OTPReferenceId=6021HTTP Parser: No <meta name="author".. found
Source: https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&OTPMessageId=612d7284-5d62-4a40-986f-2560f0072ba3%40BYAPR06MB4053.namprd06.prod.outlook.com&OTPReferenceId=6021HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.168:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficDNS traffic detected: DNS query: outlook.office365.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global trafficDNS traffic detected: DNS query: r1.res.office365.com
Source: global trafficDNS traffic detected: DNS query: static2.sharepointonline.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.68:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.168:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: classification engineClassification label: mal48.phis.win@14/21@18/149
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Robert_Chraska%40liparifoods.com&senderemailaddress=WCCAReports%40genexservices.com&senderorganization=AwF8AAAAAngAAAADAQAAAKgdg9XBCchFg9cX1joL1OlPVT1nZW5leC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdhbml6YXRpb25zLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT03Mq%2fW%2baLNKQozTXlNaDsITQ049Q29uZmlndXJhdGlvbixDTj1nZW5leC5vbm1pY3Jvc29mdC5jb20sQ049Q29uZmlndXJhdGlvblVuaXRzLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT00B&messageid=%3c10e85f0e-2c1f-4d89-821a-36ff77c65f42%40PHLPRDEXCH01.genexservices.com%3e&cfmRecipient=SystemMailbox%7b2C41C89D-35A4-465B-B69B-6F1FC54D8B03%7d%40genex.onmicrosoft.com&consumerEncryption=false&senderorgid=f2e3e4c3-e58f-4b8a-bde8-550f8708312a&urldecoded=1&e4e_sdata=LHZ2ExWge3HKVQffgBL92a2t3%2bbH8jmI3v4cx47HhC5c5Gc3bbsh9YvYuoAta6BGeLLqwkiLjvDHU%2fCcxwihZlj7rjrmD0MSjkn3mCuYcoWkDA3Pw1KNKgWC2I3hjc2uuxJmWR8LtH%2bRgFiOjGxcIs9%2f6pbxsY40Sfa0K9hiSQlQajrdjpctCHkLbF3qklyQ4XNIH4717%2fObvQiYYzVZ2Bb5LLk0yu5HPH9GCcokfDKTltgvGrrePYPMSovKCZ9JPtT3TNB5ieZOQ9kVvRi9GMKVj%2fPJP9byBJDODlTaHOq2Z5xeP94G5I6IWKNoHTo%2blrNNow%2f%2fMG2KvmiR89pGtA%3d%3d
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1896,i,6432628014685550292,5651721126001515058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1896,i,6432628014685550292,5651721126001515058,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Robert_Chraska%40liparifoods.com&senderemailaddress=WCCAReports%40genexservices.com&senderorganization=AwF8AAAAAngAAAADAQAAAKgdg9XBCchFg9cX1joL1OlPVT1nZW5leC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdhbml6YXRpb25zLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT03Mq%2fW%2baLNKQozTXlNaDsITQ049Q29uZmlndXJhdGlvbixDTj1nZW5leC5vbm1pY3Jvc29mdC5jb20sQ049Q29uZmlndXJhdGlvblVuaXRzLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT00B&messageid=%3c10e85f0e-2c1f-4d89-821a-36ff77c65f42%40PHLPRDEXCH01.genexservices.com%3e&cfmRecipient=SystemMailbox%7b2C41C89D-35A4-465B-B69B-6F1FC54D8B03%7d%40genex.onmicrosoft.com&consumerEncryption=false&senderorgid=f2e3e4c3-e58f-4b8a-bde8-550f8708312a&urldecoded=1&e4e_sdata=LHZ2ExWge3HKVQffgBL92a2t3%2bbH8jmI3v4cx47HhC5c5Gc3bbsh9YvYuoAta6BGeLLqwkiLjvDHU%2fCcxwihZlj7rjrmD0MSjkn3mCuYcoWkDA3Pw1KNKgWC2I3hjc2uuxJmWR8LtH%2bRgFiOjGxcIs9%2f6pbxsY40Sfa0K9hiSQlQajrdjpctCHkLbF3qklyQ4XNIH4717%2fObvQiYYzVZ2Bb5LLk0yu5HPH9GCcokfDKTltgvGrrePYPMSovKCZ9JPtT3TNB5ieZOQ9kVvRi9GMKVj%2fPJP9byBJDODlTaHOq2Z5xeP94G5I6IWKNoHTo%2blrNNow%2f%2fMG2KvmiR89pGtA%3d%3d0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.186.164
truefalse
    		unknown
    HHN-efz.ms-acdc.office.com
    		52.98.171.242
    		truefalse
      		unknown
      FRA-efz.ms-acdc.office.com
      		52.98.179.114
      		truefalse
        		unknown
        static2.sharepointonline.com
        		unknown
        		unknownfalse
          		unknown
          r1.res.office365.com
          		unknown
          		unknownfalse
            		unknown
            ajax.aspnetcdn.com
            		unknown
            		unknownfalse
              		unknown
              outlook.office365.com
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&e4e_sdata=YFdeBNSkjJohXjQGQFPejqWzHKDDx%2fwezrtHCRZize9coijeaZTg1FgNsW04V2xm2Z8z9odxdYvmECFzsYOkykHjLGhlKOD2Ool5AGI%2bwXs5N4lvuJeoMg%2b4jlhFXj8LQ8RKKAWhX0kK7nFbA9duHhZyyTTqWe02Alga0airSogbw1RMKVPID7wBKgIZy7NMzTP4G%2f%2fQW3%2f%2fsKIVX%2fy5ayo2W7AnJQUHuxX0UnMENnSHCSncjw%2fF0EkMoNz1z0aL4Ce0bK8cgn63qU4FAdSWLoj%2fwgDzihtar7ww8hKcT2bZTh6gmLEVASeTNVSP3JbmadHWvBioA%2fuZA%2bALGcvU7g%3d%3dfalse
                  		unknown
                  https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&OTPMessageId=612d7284-5d62-4a40-986f-2560f0072ba3%40BYAPR06MB4053.namprd06.prod.outlook.com&OTPReferenceId=6021true
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    142.250.186.46
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    142.250.185.78
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    1.1.1.1
                    		unknownAustralia
                    		13335CLOUDFLARENETUSfalse
                    52.98.179.114
                    		FRA-efz.ms-acdc.office.comUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    152.199.19.160
                    		unknownUnited States
                    		15133EDGECASTUSfalse
                    216.58.206.74
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    23.38.98.102
                    		unknownUnited States
                    		16625AKAMAI-ASUSfalse
                    23.50.104.217
                    		unknownUnited States
                    		16625AKAMAI-ASUSfalse
                    52.98.171.242
                    		HHN-efz.ms-acdc.office.comUnited States
                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    142.250.186.164
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    64.233.184.84
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    23.192.252.67
                    		unknownUnited States
                    		16625AKAMAI-ASUSfalse
                    142.250.74.195
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    142.250.186.99
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    23.38.98.87
                    		unknownUnited States
                    		16625AKAMAI-ASUSfalse

                    Private

                    IP
                    192.168.2.16

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1511999
                    Start date and time:2024-09-16 16:58:23 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                    Sample URL:https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Robert_Chraska%40liparifoods.com&senderemailaddress=WCCAReports%40genexservices.com&senderorganization=AwF8AAAAAngAAAADAQAAAKgdg9XBCchFg9cX1joL1OlPVT1nZW5leC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdhbml6YXRpb25zLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT03Mq%2fW%2baLNKQozTXlNaDsITQ049Q29uZmlndXJhdGlvbixDTj1nZW5leC5vbm1pY3Jvc29mdC5jb20sQ049Q29uZmlndXJhdGlvblVuaXRzLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT00B&messageid=%3c10e85f0e-2c1f-4d89-821a-36ff77c65f42%40PHLPRDEXCH01.genexservices.com%3e&cfmRecipient=SystemMailbox%7b2C41C89D-35A4-465B-B69B-6F1FC54D8B03%7d%40genex.onmicrosoft.com&consumerEncryption=false&senderorgid=f2e3e4c3-e58f-4b8a-bde8-550f8708312a&urldecoded=1&e4e_sdata=LHZ2ExWge3HKVQffgBL92a2t3%2bbH8jmI3v4cx47HhC5c5Gc3bbsh9YvYuoAta6BGeLLqwkiLjvDHU%2fCcxwihZlj7rjrmD0MSjkn3mCuYcoWkDA3Pw1KNKgWC2I3hjc2uuxJmWR8LtH%2bRgFiOjGxcIs9%2f6pbxsY40Sfa0K9hiSQlQajrdjpctCHkLbF3qklyQ4XNIH4717%2fObvQiYYzVZ2Bb5LLk0yu5HPH9GCcokfDKTltgvGrrePYPMSovKCZ9JPtT3TNB5ieZOQ9kVvRi9GMKVj%2fPJP9byBJDODlTaHOq2Z5xeP94G5I6IWKNoHTo%2blrNNow%2f%2fMG2KvmiR89pGtA%3d%3d
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:14
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • EGA enabled
                    Analysis Mode:stream
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal48.phis.win@14/21@18/149

                    Warnings

                    • Exclude process from analysis (whitelisted): svchost.exe
                    • Excluded IPs from analysis (whitelisted): 142.250.74.195, 142.250.185.78, 64.233.184.84, 34.104.35.123
                    • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                    • Not all processes where analyzed, report is missing behavior information
                    • VT rate limit hit for: https://outlook.office365.com/Encryption/retrieve.ashx?recipientemailaddress=Robert_Chraska%40liparifoods.com&senderemailaddress=WCCAReports%40genexservices.com&senderorganization=AwF8AAAAAngAAAADAQAAAKgdg9XBCchFg9cX1joL1OlPVT1nZW5leC5vbm1pY3Jvc29mdC5jb20sT1U9TWljcm9zb2Z0IEV4Y2hhbmdlIEhvc3RlZCBPcmdhbml6YXRpb25zLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT03Mq%2fW%2baLNKQozTXlNaDsITQ049Q29uZmlndXJhdGlvbixDTj1nZW5leC5vbm1pY3Jvc29mdC5jb20sQ049Q29uZmlndXJhdGlvblVuaXRzLERDPU5BTVBSMDZBMDE2LERDPVBST0QsREM9T1VUTE9PSyxEQz1DT00B&messageid=%3c10e85f0e-2c1f-4d89-821a-36ff77c65f42%40PHLPRDEXCH01.genexservices.com%3e&cfmRecipient=SystemMailbox%7b2C41C89D-35A4-465B-B69B-6F1FC54D8B03%7d%40genex.onmicrosoft.com&consumerEncryption=false&senderorgid=f2e3e4c3-e58f-4b8a-bde8-550f8708312a&urldecoded=1&e4e_sdata=LHZ2ExWge3HKVQffgBL92a2t3%2bbH8jmI3v4cx47HhC5c5Gc3bbsh9YvYuoAta6BGeLLqwkiLjvDHU%2fCcxwihZlj7rjrmD0MSjkn3mCuYcoWkDA3Pw1KNKgWC2I3hjc2uuxJmWR8LtH%2bRgFiOjGxcIs9%2f6pbxsY40Sfa0K9hiSQlQajrdjpctCHk

                    LLM Input / Output

                    InputOutput
                    URL: https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&e4e_sdata=YFdeBNSkjJohXjQGQFPejqWzHKDDx%2fwezrtHCRZize9c Model: jbxai
                    URL: https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&e4e_sdata=YFdeBNSkjJohXjQGQFPejqWzHKDDx%2fwezrtHCRZize9c Model: jbxai
                    URL: https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&OTPMessageId=612d7284-5d62-4a40-986f-2560f0072ba3%40BYAPR06MB4053.namprd06.prod.outlook.com&OTPReferenceId=6021 Model: jbxai
                    {
"brand":[],
"contains_trigger_text":false,
"prominent_button_name":"continue",
"text_input_field_labels":["one-time passcode"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"has_visible_qrcode":false}
                    URL: https://outlook.office365.com/Encryption/OTPSigninPage.aspx?itemID=E4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&OTPMessageId=612d7284-5d62-4a40-986f-2560f0072ba3%40BYAPR06MB4053.namprd06.prod.outlook.com&OTPReferenceId=6021 Model: jbxai
                    {
"phishing_score":10,
"brands":["Lipari Foods"],
"legit_domain":"outlook.office365.com",
"partial_domain_match":true,
"brand_matches_associated_domain":false,
"reasons":"The domain name 'liparifoods.com' does not match the legitimate domain name associated with the identified brand 'outlook.office365.com'. The brand name 'Lipari Foods' is not associated with the given domain 'outlook.office365.com',
 which is a Microsoft service. The URL is a phishing attempt as it is trying to impersonate a legitimate Microsoft service to trick users into entering their credentials.",
"brand_matches":[false],
"url_match":false}
                    Created / dropped Files
                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct  3 09:48:42 2023, mtime=Mon Sep 16 13:58:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2673
                    Entropy (8bit):3.9807041831562096
                    Encrypted:false
                    SSDEEP:
                    MD5:97C05214248D8F6A73AF5FF0E3514BFE
                    SHA1:3857DC62142598B991AE86CD7EB4162117808F31
                    SHA-256:F574258F17593C497E7C1243CD432CEA22BA2DC10BD527485AA7959489E73B49
                    SHA-512:A39991C4FD173F41380AD0A84E96E73A28E2A0760D3C5CE0FB30F0406FA3CE43482B3E15CB14D8476312BAB29FB12BAFB54D500A971083C0BD2ECFE48576C272
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,........H...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I0YRw....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0YYw....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0YYw....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0YYw..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Y[w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........l.X......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct  3 09:48:42 2023, mtime=Mon Sep 16 13:58:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2675
                    Entropy (8bit):3.9986412916017025
                    Encrypted:false
                    SSDEEP:
                    MD5:57CC2228927E63D209BE333866466CCC
                    SHA1:2604BAB974F91853AD53124A5559C849947483F6
                    SHA-256:DFD77CBA09344D55D957500AF313A4F8F78AD2604BB4950A1B1942D390FF17CC
                    SHA-512:D9ACFE81D80F37C71D5BBDCFD1AF3E317746532376BA8C253207BD3645D4C71676AB738339F1650C4DC82AA3111FB4FB679C731DF3C65E8F9378B65D9ADA9E0F
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,....J...H...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I0YRw....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0YYw....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0YYw....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0YYw..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Y[w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........l.X......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct  3 09:48:42 2023, mtime=Fri Oct  6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2689
                    Entropy (8bit):4.005377803381504
                    Encrypted:false
                    SSDEEP:
                    MD5:A33D56006C96D25BDE0FB3609C9A41C2
                    SHA1:C4383EA26C33904C12E7E5552DC7F4CEB44207D3
                    SHA-256:325134548D3546EBEFAC56054220379C5A2FD36429638A764BFC2CAB9ECE0A4A
                    SHA-512:6EC46CEED9CAD7551CCEB1EE695E5A37B90630DAE7215F8466CA87C5967B92514C6AABB65C46A8483A7E4258BC7348A27121E7C791A2CE77879662C9DFBA8118
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I0YRw....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0YYw....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0YYw....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0YYw..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........l.X......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct  3 09:48:42 2023, mtime=Mon Sep 16 13:58:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.9978765172952593
                    Encrypted:false
                    SSDEEP:
                    MD5:FA0C50807026BFEBE093643915A29F23
                    SHA1:FC0EDB1D8B21CE519EE2B6DA1252B8B9FF0A371B
                    SHA-256:2F112716E9E6718796540AB41149BB2C8B10D1ACD27A27EB31078C7D0FB5D713
                    SHA-512:A181E3D394646D85966B57BA8450727DF9FDB263C248C2CE1545CE3755096EE63A19C39CA2A6E2A276A266C2743D045BBEB33EC2BD3438DEC3B47D09139994D3
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,........H...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I0YRw....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0YYw....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0YYw....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0YYw..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Y[w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........l.X......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct  3 09:48:42 2023, mtime=Mon Sep 16 13:58:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2677
                    Entropy (8bit):3.9858176924300155
                    Encrypted:false
                    SSDEEP:
                    MD5:D911B9E56428A51B40BD9865134671EF
                    SHA1:975CB7A982466D2368C3BBA3196BED3BF303125E
                    SHA-256:EE35276433A4D09A6128462DB375FDD6BF03194A298F47E42912BAAC80F91930
                    SHA-512:21420E800396A95A47530AD013D144845CB5007306B1391DB9E22269155B635122DDFECFC393C37F78B93844DFE31605339774EA650EDA1A9E1F683E23593BBB
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,........H...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I0YRw....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0YYw....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0YYw....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0YYw..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Y[w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........l.X......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct  3 09:48:42 2023, mtime=Mon Sep 16 13:58:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                    Category:dropped
                    Size (bytes):2679
                    Entropy (8bit):3.9940756964751105
                    Encrypted:false
                    SSDEEP:
                    MD5:292A295B77D23D53D8FAAF6D4094DB81
                    SHA1:DAA3FD03B0FEADEA8A78D118857BC95503A0DE5D
                    SHA-256:F79310E80CFD7632CF896AC23FA8F8AECE901E7E4DE12770348EC811C00E1A3B
                    SHA-512:D5261E8005583322D39CC5DB76CAD48281530C742C720E8DA61174C110C5DF5A1C712968952832D0D9806A292879A3767C7E41CB1D79DEF39CBB3E78BDA8A45B
                    Malicious:false
                    Reputation:unknown
                    Preview:L..................F.@.. ...$+.,........H...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I0YRw....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V0YYw....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V0YYw....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V0YYw..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V0Y[w...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........l.X......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                    Chrome Cache Entry: 68
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65277), with CRLF, LF line terminators
                    Category:downloaded
                    Size (bytes):104475
                    Entropy (8bit):5.079418602673286
                    Encrypted:false
                    SSDEEP:
                    MD5:96490FCFBB701FF728C155A776A0A513
                    SHA1:E17FE68AA8B8FF6A4A0D9900688A0F1C76E62047
                    SHA-256:6B701DBE9B7AEBA38782E2F6726E2A928EC2ABEF62F43866C88F44FD1A282B2A
                    SHA-512:647DF948E0405FCF42BD50573AF2E18FCC48966F4C6CD707A469670AFC74708B4E8A7E6889B3429F1DC42784277EDBBE2C7A6B3E22FE452940CDCA159FBB7BEC
                    Malicious:false
                    Reputation:unknown
                    URL:https://static2.sharepointonline.com/files/fabric/office-ui-fabric-js/1.2.0/css/fabric.components.min.css
                    Preview:/* Copyright (c) Microsoft. All rights reserved. Licensed under the MIT license. See LICENSE in the project root for license information. */../**. * Office UI Fabric JS 1.2.0. * The JavaScript front-end framework for building experiences for Office 365.. **/..ms-Breadcrumb{font-family:Segoe UI WestEuropean,Segoe UI,-apple-system,BlinkMacSystemFont,Roboto,Helvetica Neue,sans-serif;-webkit-font-smoothing:antialiased;margin:23px 0 1px}.ms-Breadcrumb.is-overflow .ms-Breadcrumb-overflow{display:inline}.ms-Breadcrumb-chevron{font-size:12px;color:#666;vertical-align:top;margin:11px 7px}.ms-Breadcrumb-list{display:inline;white-space:nowrap;padding:0;margin:0}.ms-Breadcrumb-list .ms-Breadcrumb-listItem{list-style-type:none;vertical-align:top;margin:0;padding:0;display:inline-block}.ms-Breadcrumb-list .ms-Breadcrumb-listItem:last-of-type .ms-Breadcrumb-chevron{display:none}.ms-Breadcrumb-overflow{display:none;position:relative}.ms-Breadcrumb-overflow .ms-Breadcrumb-overflowButton{font-size:16px;
                    Chrome Cache Entry: 71
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                    Category:downloaded
                    Size (bytes):1100
                    Entropy (8bit):6.346231859040133
                    Encrypted:false
                    SSDEEP:
                    MD5:A1714B03531B66BD4E47409A42E40586
                    SHA1:4B883D903A613D230259DD981065636BCC8DB6F7
                    SHA-256:55400220F8792E5146328487B0DBBB259A3F558E8FD51F2B445A5DDB6BC1608E
                    SHA-512:411FD6DB3CFE4912392DC4CBBEDB41AF9423048099FE63B4B53A9E7168111586282CF94773CC84E9078F0E38DAB207419019F3E20F0211585DB45ED91462B53B
                    Malicious:false
                    Reputation:unknown
                    URL:https://outlook.office365.com/Encryption/lock.png
                    Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:E6B6ED2E994911E190AEAF7FBE865C77" xmpMM:DocumentID="xmp.did:E6B6ED2F994911E190AEAF7FBE865C77"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:E6B6ED2C994911E190AEAF7FBE865C77" stRef:documentID="xmp.did:E6B6ED2D994911E190AEAF7FBE865C77"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.b...?.%..].....H..q,.K..S ...}............W..q ..............Hm..\.mS..s..d ..._F6...@K(..M|+.6Cw....P.>.
                    Chrome Cache Entry: 72
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 11 x 14, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):1119
                    Entropy (8bit):6.373970549376551
                    Encrypted:false
                    SSDEEP:
                    MD5:7F776C49514D7C99EA38863445ABF426
                    SHA1:BC0FD16E880AB33F3E9DB42BA46209B66BF88644
                    SHA-256:9A76FD8ECF68FCDADD8F96FC97FB2EC1F234BAD80B23B0AEDDD99D2BD0819A23
                    SHA-512:49908DC8F7A6C4142726BDADAC6BC0156387900E5F62CBD7319F0063EA04594D3891E2BF7CC2115F25678849F02EC1E1D8A49ABA1A4CD4EEBE39A2946C1D457A
                    Malicious:false
                    Reputation:unknown
                    Preview:.PNG........IHDR..............a.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:5ED2985C491111E1B646B2E2D8E41427" xmpMM:DocumentID="xmp.did:5ED2985D491111E1B646B2E2D8E41427"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5ED2985A491111E1B646B2E2D8E41427" stRef:documentID="xmp.did:5ED2985B491111E1B646B2E2D8E41427"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx.b...?.......)q .d...@.n...|.F.b.Bo {...0`.X ...t.............b ..1..8.Ib!..u...........).F.\..~..... ..
                    Chrome Cache Entry: 73
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (32042), with CRLF, LF line terminators
                    Category:downloaded
                    Size (bytes):71409
                    Entropy (8bit):5.147942230203707
                    Encrypted:false
                    SSDEEP:
                    MD5:FEEE42503B4F434E577AD8FE100CE6F2
                    SHA1:4DC83CDA17E8774F333343FA3D2A34E57AA76AF9
                    SHA-256:36B147DA61D542A557A9B3D490E9EA174874C8D0D8FCDF35A841734BB5604ED5
                    SHA-512:D768B59DE6444E1687DEF8A57A9E84D3D988089DFBC36552DB3A1F0F18BE8F04B4565EC5E01EB600A5AA3881C124B9F312AD72FDCF081B16B2361A4CCF381BB4
                    Malicious:false
                    Reputation:unknown
                    URL:https://static2.sharepointonline.com/files/fabric/office-ui-fabric-js/1.2.0/js/fabric.min.js
                    Preview://Copyright (c) Microsoft. All rights reserved. Licensed under the MIT license. See LICENSE in the project root for license information.../**. * Office UI Fabric JS 1.2.0. * The JavaScript front-end framework for building experiences for Office 365.. **/.var fabric;!function(e){var t=33,i=function(){function e(){}return e.transition=function(t,i){var n={element:t,props:i,transformations:{}};e._animationObjects.push(n),e._parseProperties(n),e._createTransition(n),setTimeout(e._setProperties,0,n),e._setCallback(n)},e.animation=function(t,i,n){var s={element:t,keyframes:i,props:n};e._animationObjects.push(s),e._parseProperties(s),e._createAnimation(s),e._setCallback(s)},e.scrollTo=function(t,i){var n={element:t,props:i,step:0};e._setScrollProperties(n),n.props.delay?setTimeout(e._animationObjects,1e3*n.props.delay,n):e._animateScroll(n),e._animationObjects.push(n)},e._setScrollProperties=function(e){e.beginTop=e.element.scrollTop,e.change=e.props.top-e.beginTop,e.props.duration=1e3*e.prop
                    Chrome Cache Entry: 74
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Web Open Font Format, TrueType, length 29464, version 1.0
                    Category:downloaded
                    Size (bytes):29464
                    Entropy (8bit):7.9806313354933565
                    Encrypted:false
                    SSDEEP:
                    MD5:6A419545705DEE19082E8E62105488DF
                    SHA1:72A5D33A47932ED6CF2D196C8D8222204E4A71FD
                    SHA-256:C63A3930EC9DD26C24B4C62B83D8CF778416A0DED1D9AA83E0840A675155B71B
                    SHA-512:E3F5DEA379C35EAF243919AC8AB3D3D55AE365D0F089E20B4598ACB04638E510036BCFB1F706C013956B87592414AA792F8A308430D0A91FD318E6E657DB01C2
                    Malicious:false
                    Reputation:unknown
                    URL:https://r1.res.office365.com/owa/prem/fonts/segoeui-semilight.woff
                    Preview:wOFF......s........p........................GDEF.......*...*....GPOS............p..GSUB...X........m~x.OS/2.......V...`j.u5cmap...L.......@.y..cvt ...........,*.$.fpgm............s.ugasp...P...........#glyf...`..C...e..)#.head..Z....6...6....hhea..Z8... ...$...*hmtx..ZX.........c.kern..\....G..#..l.loca..m4........b.|.maxp..o(... ... ....name..oH...h...,.|.npost..q........ .Q.wprep..q....Q.....`............."................................x...{p........r.........iZ...8.!n..F..)nB..&...B.._...C.q..$l.&f...,C.;S$.N.YM..$:...Y..v:...8~..._..N..|.........s.....R..c..O5....5..n..E,K2..!Y...d..'.;.D..]..O...=;.4...[E;.-g..s~...d.........g......u..{A.$;....w.8....<.@.....3=..eF.......f_.w|......{o....E./z%g..3..$.<wM..gs..[.W..l^8............u.8...p.9.9..;?...s.Saa..%...W.....p[.....-)z...Ef._.....e\C..5.H.H..W...Ws&..(.rF......;.6[.c...reJ>W.8..e.,.y.{.R&k.@..uR,.Zn....D..G..Y...........Wvr.K....C..J...,..U..+..tRN...)n..i.;#...rV.....c.~A.H..V..C.*q."?.O%)
                    Chrome Cache Entry: 75
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:downloaded
                    Size (bytes):4449
                    Entropy (8bit):4.959152531462339
                    Encrypted:false
                    SSDEEP:
                    MD5:59D7E00D1CDBA87D824C22F43744ABB7
                    SHA1:0BF43CA8CF9FE088F23C69188902250E52E15A25
                    SHA-256:F0A913AF5D92533B11D86B937B425D1D0F8EB8112895910ED9F3C08AB796E6A8
                    SHA-512:ED14FD12B03D2CF672B29AA9F63E535F8E893E693DB0568AEF5A25C80E78DAAE325BED9F168C3C460A8D9148F16C1075A5965D48A4380FEF468849873AD5035B
                    Malicious:false
                    Reputation:unknown
                    URL:https://outlook.office365.com/Encryption/base.css
                    Preview:/*..    The base styles shared by the default.aspx, errorpage.aspx and signuppage.aspx..    The only thing required on the aspx is the definition of the font families..    */....* {..    padding:0px;..    margin:0px;..    border:0px;..}....html {..    height:100%;..}....body {..    height:100%;..}.....rootTable {..    width:100%;..    height:100%;..}.....header {..    overflow:hidden;..    vertical-align:top;..    height:40px;..}.....headerTable {..    width:100%;..}.....infoColumn {..    background-color:rgb(0, 114, 198);..}.....infoTable {..    width:100%;..}.....defaultColumn {..    white-space:nowrap;..    overflow:hidden;..    text-overflow:ellipsis;..}.....defaultColumnWithWrap {..    white-space: normal;..    overflow: hidden;..    text-overflow: ellipsis;..}.....stretchColumn {..    width:100%;..    white-space:nowrap;..    overflow:hidden;..    text-overflow:ellipsis;..}.....brandingColumn {..}.....brandingText {..    font-family:'Segoe UI Regular';..    font-size:13px;..    c
                    Chrome Cache Entry: 76
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:HTML document, ASCII text, with very long lines (15998), with CRLF line terminators
                    Category:downloaded
                    Size (bytes):24179
                    Entropy (8bit):6.114437352574106
                    Encrypted:false
                    SSDEEP:
                    MD5:C4E82615530B3897F7316C5F7C48B11C
                    SHA1:E66CC70D824638720829DB591CAEA74156AE6768
                    SHA-256:4DD405FAB2456C857F3E1AD496ED34E70F4DF0E40AE459CADDD5C2D809DBEEC5
                    SHA-512:ABBC1EB1A998A45B9BA00C8E4DDD7A0472423E20B755F505053E98FF8BB3E7945B14FCDC4D7BDF5CDF7B9B62B20C83B06580F1F2D8FF307396C105E5931ECE66
                    Malicious:false
                    Reputation:unknown
                    URL:https://outlook.office365.com/Encryption/authenticationpage.aspx?st=Microsoft&ru=https%3a%2f%2foutlook.office365.com%2fEncryption%2fdefault.aspx%3fitemID%3dE4E_M_742f8858-af52-4fdd-afa2-3243b04d0c1e&e4e_sdata=YFdeBNSkjJohXjQGQFPejqWzHKDDx%2fwezrtHCRZize9coijeaZTg1FgNsW04V2xm2Z8z9odxdYvmECFzsYOkykHjLGhlKOD2Ool5AGI%2bwXs5N4lvuJeoMg%2b4jlhFXj8LQ8RKKAWhX0kK7nFbA9duHhZyyTTqWe02Alga0airSogbw1RMKVPID7wBKgIZy7NMzTP4G%2f%2fQW3%2f%2fsKIVX%2fy5ayo2W7AnJQUHuxX0UnMENnSHCSncjw%2fF0EkMoNz1z0aL4Ce0bK8cgn63qU4FAdSWLoj%2fwgDzihtar7ww8hKcT2bZTh6gmLEVASeTNVSP3JbmadHWvBioA%2fuZA%2bALGcvU7g%3d%3d
                    Preview:....<!DOCTYPE html>....<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US">..<head>..    <meta charset="utf-8">..    <meta http-equiv="X-UA-Compatible" content="IE=edge">..    <meta name="viewport" content="width=device-width, initial-scale=1">..    <meta name="e4ePage" content="authenticationpage.aspx"/>..    <script src="https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.12.4.min.js"></script>..    <title>Encrypted Message Authentication</title>..    <link rel="shortcut icon" href="https://r1.res.office365.com/owa/prem/15.20.7962.24/resources/images/0/favicon.ico" type="image/x-icon" />..    <link rel="stylesheet" type="text/css" href="authentication.css">....    <script>..        $(document).ready(function() {..                $("#signinButton").click(function() {..                    LogOAuthSignIn('Microsoft', 'signinbutton', 'user clicked sign in button');....                    var url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=1736cb2d-2432-436
                    Chrome Cache Entry: 78
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
                    Category:downloaded
                    Size (bytes):2955
                    Entropy (8bit):7.853182148758864
                    Encrypted:false
                    SSDEEP:
                    MD5:2F6B2AC283DCE9A4930FF7AAD20556B0
                    SHA1:D552F0DD2FA493111D303CF014F350FF3C5D789D
                    SHA-256:DA7B1E7C0E95A9CABA46BE191F562268CEE236556F67E4B10F2B3A05785B9CAD
                    SHA-512:9326C5F1FE1B8EF2FD095DBC40FB94F72D6BCBD38BC63598467C3F9AFD9A5E6E182CF88B67F3797F78D31535B4465ECA62118395C96598CA34ABD98DF89F24AD
                    Malicious:false
                    Reputation:unknown
                    URL:https://outlook.office365.com/Encryption/liveid.png
                    Preview:.PNG........IHDR...P...P............pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
                    Chrome Cache Entry: 79
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                    Category:downloaded
                    Size (bytes):5430
                    Entropy (8bit):3.3527805169937888
                    Encrypted:false
                    SSDEEP:
                    MD5:F82312F1281E8D6C87F7FFCA0A7D147C
                    SHA1:103D0C7B915B40584E0543856E87B360568FE8C8
                    SHA-256:DEC51A1A5C6F5DADDEBE7C7D1048319969446F03DE89A953C3C3514F8DB08E8A
                    SHA-512:C9EA288CC6D9D4B9872FCC49FD2AD461C9600B807311CD82C07C68465224D3A6004FA89F60088A34BBCF4CA96404F5A1B01E6009CA4FD964D63A53CF856F7C0C
                    Malicious:false
                    Reputation:unknown
                    URL:https://r1.res.office365.com/owa/prem/15.20.7962.24/resources/images/0/favicon.ico
                    Preview:............ .h...&...  .... .........(....... ..... .....@....................................................................................................x...x.!.x.I.x.].................................x.C.x.m.x...x...x...x...x...x...................................x...x...x...x...x...x...x...x...................................x...x...x...t...w...x...x...v...(o.u...x...x...x...x...........x...x...x...s..8..t...x...u....w.u...x...x...x...x...........x...o.............(..x...u.../w.l...v...x...x...x...........x...{.......d...z..v..t...u....Bw.....N..q...x...x...........x...u.......b......i..u...q....w.{!......n...x...........x...r...t..........w...x...v..."w.u...q....T.....u...........x...x...r...|...t...w...x...u...2{.t...x...u...~%.............x...x...x...x...x...x...x...w....G.v...x...x...w...u...........x...x...x...x...x...x...x...x...................................x...x...x.E.x.o.x...x...x...x.......................................................x...x
                    Chrome Cache Entry: 80
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:Web Open Font Format, TrueType, length 34924, version 1.0
                    Category:downloaded
                    Size (bytes):34924
                    Entropy (8bit):7.987740829472462
                    Encrypted:false
                    SSDEEP:
                    MD5:46749BBAEBFE8F28B80DF5381DD55AA4
                    SHA1:EC0C969053EC70DB78B2067955330B6D50DF6300
                    SHA-256:07EC698B1036CDFBB8892F02D9510F5F671284FCA9FA003B883996DA040A444B
                    SHA-512:F6760BC6DB9418B109F191705D0539F4E85B9EEFC097A63FCB471A83D398D0A7AD7E8AAD90A417B42B9A9F2D5A645300476B49E0C129AB9D6AEB5C21382586B6
                    Malicious:false
                    Reputation:unknown
                    URL:https://r1.res.office365.com/owa/prem/fonts/segoeui-regular.woff
                    Preview:wOFF.......l.......p........................GDEF.......*...*....GPOS............p..GSUB...X........m~x.OS/2.......Y...`k.v.cmap...P.......@.y..cvt ............|.].fpgm.......D.....<*.gasp...............#glyf... ..S3.....3jhead..kT...6...6.czNhhea..k.... ...$...Vhmtx..k....}......b\kern..n,...G..#..l.loca..~t.........Y..maxp...h... ... .i.)name.......a........post........... .Q.wprep.......l...@..............."................................x...{p........r.........iZ...8.!n..F..)nB..&...B.._...C.q..$l.&f...,C.;S$.N.YM..$:...Y..v:...8~..._..N..|.........s.....R..c..O5....5..n..E,K2..!Y...d..'.;.D..]..O...=;.4...[E;.-g..s~...d.........g......u..{A.$;....w.8....<.@.....3=..eF.......f_.w|......{o....E./z%g..3..$.<wM..gs..[.W..l^8............u.8...p.9.9..;?...s.Saa..%...W.....p[.....-)z...Ef._.....e\C..5.H.H..W...Ws&..(.rF......;.6[.c...reJ>W.8..e.,.y.{.R&k.@..uR,.Zn....D..G..Y...........Wvr.K....C..J...,..U..+..tRN...)n..i.;#...rV.....c.~A.H..V..C.*q."?.O%)
                    Chrome Cache Entry: 81
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (65291), with CRLF, LF line terminators
                    Category:downloaded
                    Size (bytes):68062
                    Entropy (8bit):5.268457023539725
                    Encrypted:false
                    SSDEEP:
                    MD5:5D48F159BC5F915DCB15225B450087D8
                    SHA1:B326B865D25F5479F3A53982A86CC7AD617C1F70
                    SHA-256:6D578EB55E7FB3FC677C63E6AB840053A5773CA0B667D6FE6DC27EDBD1A59E73
                    SHA-512:FF64C81B93C12ECEE4AC931BB105BA6472B008934106B896DCC1CC7A125067E2BA06FC310CAB001F9F03F6234426AB2FD2F6DB34D6CC754654B145A3D86F53E8
                    Malicious:false
                    Reputation:unknown
                    URL:https://static2.sharepointonline.com/files/fabric/office-ui-fabric-js/1.2.0/css/fabric.min.css
                    Preview:/* Copyright (c) Microsoft. All rights reserved. Licensed under the MIT license. See LICENSE in the project root for license information. */../**. * Office UI Fabric 4.0.0. * The front-end framework for building experiences for Office 365.. **/..ms-u-borderBox,.ms-u-borderBox:after,.ms-u-borderBox:before{box-sizing:border-box}.ms-u-borderBase{border:1px solid}.ms-u-clearfix{*zoom:1}.ms-u-clearfix:after,.ms-u-clearfix:before{display:table;content:'';line-height:0}.ms-u-clearfix:after{clear:both}.ms-u-normalize{box-sizing:border-box;margin:0;padding:0;box-shadow:none}.ms-u-textAlignLeft{text-align:left}.ms-u-textAlignCenter{text-align:center}.ms-u-textAlignRight{text-align:right}.ms-u-screenReaderOnly{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.ms-u-textTruncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap;word-wrap:normal}.ms-u-noWrap{white-space:nowrap}.ms-bgColor-themeDark,.ms-bgColor-themeDark--hover:hover{bac
                    Chrome Cache Entry: 82
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with very long lines (32077)
                    Category:dropped
                    Size (bytes):97163
                    Entropy (8bit):5.373204330051448
                    Encrypted:false
                    SSDEEP:
                    MD5:4F252523D4AF0B478C810C2547A63E19
                    SHA1:5A9DCFBEF655A2668E78BAEBEAA8DC6F41D8DABB
                    SHA-256:668B046D12DB350CCBA6728890476B3EFEE53B2F42DBB84743E5E9F1AE0CC404
                    SHA-512:8C6B0C1FCDE829EF5AB02A643959019D4AC30D3A7CC25F9A7640760FEFFF26D9713B84AB2E825D85B3B2B08150265A10143F82E05975ACCB10645EFA26357479
                    Malicious:false
                    Reputation:unknown
                    Preview:/*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.ca
                    Chrome Cache Entry: 84
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:ASCII text, with no line terminators
                    Category:downloaded
                    Size (bytes):16
                    Entropy (8bit):3.625
                    Encrypted:false
                    SSDEEP:
                    MD5:05DA8015B8DCA87F7D4E80372F381C2E
                    SHA1:1E37124AB8958B7361F22CD0D4CBFDD9A1D463BE
                    SHA-256:AE034EB99602D00F80C511546FD1D809C4CFD0494FA47B55A6566607D34FBFDB
                    SHA-512:BE8C2780E9EFEE56FCA511E6E817D313215439C2E8BB9F4EE74ACE5A956D3D9D6D0DB37478CAAA34B89339FA384D238A970E17FE924F8CA0A157B5F31F8E9ECE
                    Malicious:false
                    Reputation:unknown
                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmkKmy0jz5l8hIFDXrXs00=?alt=proto
                    Preview:CgkKBw1617NNGgA=
                    Chrome Cache Entry: 85
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:assembler source, ASCII text, with CRLF line terminators
                    Category:downloaded
                    Size (bytes):3304
                    Entropy (8bit):5.034048268230628
                    Encrypted:false
                    SSDEEP:
                    MD5:3F551716BD63A0A2CFB3384B3A56611C
                    SHA1:80FEFB90F288D7C1F28FFA9616239776F86DE12A
                    SHA-256:08A857EEEC64D9C6B3ECE76762EED837929E0E6F8A29D1315A04D38C3053B4B6
                    SHA-512:D34C1466AA8059401D6A2BB12E96552D6C7D722F74AD97D1B8A8AEC67116B35D903671155BBF5CBD96129A646A2BEABEF39B6BB68F7A50DAAC9EEDB8C876E3D7
                    Malicious:false
                    Reputation:unknown
                    URL:https://outlook.office365.com/Encryption/authentication.css
                    Preview:/*..    The base styles is used only by authentication page...    The css styles are from <linkrel="stylesheet"href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">..    tha tauthentication page used to reference. However, it's causing narrator issue where it's announcing "table" for every "<div>"..    Bug: https://o365exchange.visualstudio.com/IP%20Engineering/_queries/edit/1648312..    */....* {..    -webkit-box-sizing:border-box;-..    moz-box-sizing:border-box;..    box-sizing:border-box;..}....body {..    font-family:"HelveticaNeue",Helvetica,Arial,sans-serif;..    font-size:14px;..    line-height:1.42857143;..    color:#333;..    background-color:#fff;..    margin:0..}....button,.input,.select,.textarea {..    font-family:inherit;..    font-size:inherit;..    line-height:inherit..}....p {..    margin:0010px..}....a {..    color:#337ab7;..    text-decoration:none..}..a:focus,.a:hover {..    color:#23527c;..    text-decoration:underline..}..a:focus {..    ou
                    Chrome Cache Entry: 87
                    Download File
      
                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                    File Type:PNG image data, 26 x 26, 8-bit colormap, non-interlaced
                    Category:dropped
                    Size (bytes):2212
                    Entropy (8bit):7.097964058978433
                    Encrypted:false
                    SSDEEP:
                    MD5:6F31D22D9FFA4E6089617DB8AF93532C
                    SHA1:29913AD3687BF5C8468D147EDDB23EEE78C8B6C0
                    SHA-256:0B8A4613072E0DF8AB004A6D3AEDDADDDC732FFCBB5C1F2EB806761CA3EB0491
                    SHA-512:18CCB83D91AB9EB639AB093E832840465B34D6B5D0B855AE4DABCC0A58E7BC087F6665845ECAF2152CA19997903410526A8FEFBE0FE1E56281E672720678AACA
                    Malicious:false
                    Reputation:unknown
                    Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:6A84CD5D067A11E191CECD000FC74EE5" xmpMM:DocumentID="xmp.did:6A84CD5E067A11E191CECD000FC74EE5"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6A84CD5B067A11E191CECD000FC74EE5" stRef:documentID="xmp.did:6A84CD5C067A11E191CECD000FC74EE5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>U......mPLTE...j..Q.....[...........X........n...............L.....H......V..g..O..^........J.....P...........g.......
                    Static File Info
                    No static file info