Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FYI - Important.eml

Overview

General Information

Sample name:FYI - Important.eml
Analysis ID:1548353
MD5:1d808b896c084387d7c3499e52ab3c3e
SHA1:e425661c11311dd281d65476c459d8dc0612a0ef
SHA256:f18d137f53c4dc3a6fab99cef9b67ee0390bb130aa13c78b9ac8b541fb84f278
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected potential phishing Email
Phishing site detected (based on image similarity)
Phishing site or detected (based on various text indicators)
HTML page contains hidden javascript code
Javascript checks online IP of machine
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 4048 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FYI - Important.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7016 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "22EB0C63-9B42-4784-B71C-C70308A83814" "F512E8D3-4DD5-4B58-BB01-CFD3898B71C7" "4048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • OUTLOOK.EXE (PID: 6520 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TDRX3DDW\James Garland shared _Road To Success Project_ with you_.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • chrome.exe (PID: 5952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://survey.responsly.com/f/6nKA5Dyz MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 3424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1972,i,5898534851097829859,17897100260419351848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4048, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TDRX3DDW\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4048, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Phishing site detected (based on image similarity)
Source: https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3Matcher: Found strong image similarity, brand: MICROSOFT
Phishing site or detected (based on various text indicators)
Source: Chrome DOM: 1.0OCR Text: James Garland has shared a office 365 file with you as of 30- 10-2024 REVIEW DOCUMENT HERE 0 2024 Microsoft Corperation. All rights. Acceptable Use Policy Privacy Notice. Send O Responsly
Source: https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3HTTP Parser: Base64 decoded: <svg width='16' height='16' viewBox='0 0 16 16' fill='none' xmlns='http://www.w3.org/2000/svg'><path d='M10.1328 0.296875C10.9974 0.53125 11.7891 0.898438 12.5078 1.39844C13.2266 1.89323 13.8438 2.48177 14.3594 3.16406C14.8802 3.84115 15.2839 4.59375 15.5...
Source: https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3HTTP Parser: function _0x512b(){const _0x45b679=['^64.18.*.*','^64.124.14.*','^193.253.199.*','36550063xwoyka','twitterbot','^67.209.128.*','775804wtpusm','body','830837cmgwbt','^12.148.196.*','^62.116.207.*','^85.250.*.*','^89.248.172.*','^202.108.252.*','2ujnqld','^212.50.193.*','^66.207.120.*','^12.148.209.*','^64.27.2.*','^89.138.*.*','^64.62.175.*','^216.58.*.*','^131.212.*.*','googlebot','^64.37.103.*','^158.108.*.*','^69.65.*.*','^198.54.*.*','922735zspywa','yoozbot','^192.118.48.*','useragent','crawler','^198.46.144.*','^66.205.64.*','^85.64.*.*','^173.194.*.*','25446rvpybb','^54.176.*.*','<h1>404\x20not\x20found</h1><p>the\x20page\x20that\x20you\x20have\x20requested\x20could\x20not\x20be\x20found.</p>','^198.25.*.*','^64.106.213.*','^64.62.136.*','bot','^72.14.192.*','ezooms','7207640qyapez','duckduckbot','^206.28.72.*','adsbot-google','^194.52.68.*','baidu','^212.29.224.*','facebot','test','^209.85.128.*','^217.132.*.*','exabot','velenpublicwebcrawler','^66.221.*.*','70xjvabr','dataprovider','spbot','grap...
Source: https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3HTTP Parser: No favicon
Source: https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3HTTP Parser: No favicon
Source: https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknownTCP traffic detected without corresponding DNS query: 2.16.100.168
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: survey.responsly.com
Source: global trafficDNS traffic detected: DNS query: use.typekit.net
Source: global trafficDNS traffic detected: DNS query: static.cloudflareinsights.com
Source: global trafficDNS traffic detected: DNS query: p.typekit.net
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: assets-eur.mkt.dynamics.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: play.vidyard.com
Source: global trafficDNS traffic detected: DNS query: public-eur.mkt.dynamics.com
Source: global trafficDNS traffic detected: DNS query: static.wikia.nocookie.net
Source: global trafficDNS traffic detected: DNS query: app.responsly.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: classification engineClassification label: mal52.phis.winEML@19/59@44/271
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241104T0515380104-4048.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FYI - Important.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "22EB0C63-9B42-4784-B71C-C70308A83814" "F512E8D3-4DD5-4B58-BB01-CFD3898B71C7" "4048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "22EB0C63-9B42-4784-B71C-C70308A83814" "F512E8D3-4DD5-4B58-BB01-CFD3898B71C7" "4048" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TDRX3DDW\James Garland shared _Road To Success Project_ with you_.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://survey.responsly.com/f/6nKA5Dyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1972,i,5898534851097829859,17897100260419351848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TDRX3DDW\James Garland shared _Road To Success Project_ with you_.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://survey.responsly.com/f/6nKA5Dyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Persistence and Installation Behavior

barindex
AI detected potential phishing Email
Source: EmailLLM: Detected potential phishing email: Email sent to 'Undisclosed recipients' which is a red flag for mass phishing
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
survey.responsly.com
188.114.96.3
truefalse
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		unknown
      prdia888neu0aks.mkt.dynamics.com
      		52.146.128.240
      		truefalse
        		unknown
        static.cloudflareinsights.com
        		104.16.79.73
        		truefalse
          		unknown
          cdnjs.cloudflare.com
          		104.17.24.14
          		truefalse
            		unknown
            s-part-0017.t-0009.fb-t-msedge.net
            		13.107.253.45
            		truefalse
              		unknown
              s-part-0017.t-0009.t-msedge.net
              		13.107.246.45
              		truefalse
                		unknown
                www.google.com
                		142.250.184.228
                		truefalse
                  		unknown
                  wikia.nocookie.net
                  		74.120.188.194
                  		truefalse
                    		unknown
                    app.responsly.com
                    		188.114.96.3
                    		truefalse
                      		unknown
                      prdia888weu0aks.mkt.dynamics.com
                      		40.113.183.0
                      		truefalse
                        		unknown
                        play.vidyard.com
                        		unknown
                        		unknownfalse
                          		unknown
                          use.typekit.net
                          		unknown
                          		unknownfalse
                            		unknown
                            static.wikia.nocookie.net
                            		unknown
                            		unknownfalse
                              		unknown
                              p.typekit.net
                              		unknown
                              		unknownfalse
                                		unknown
                                public-eur.mkt.dynamics.com
                                		unknown
                                		unknownfalse
                                  		unknown
                                  assets-eur.mkt.dynamics.com
                                  		unknown
                                  		unknownfalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://survey.responsly.com/f/6nKA5Dyzfalse
                                      		unknown
                                      https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3true
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        142.250.186.46
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        216.58.206.72
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        13.107.246.45
                                        		s-part-0017.t-0009.t-msedge.netUnited States
                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        173.194.76.84
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        20.42.65.85
                                        		unknownUnited States
                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        74.120.188.204
                                        		unknownUnited States
                                        		22300WIKIAUSfalse
                                        151.101.65.181
                                        		unknownUnited States
                                        		54113FASTLYUSfalse
                                        142.250.186.131
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        35.190.80.1
                                        		a.nel.cloudflare.comUnited States
                                        		15169GOOGLEUSfalse
                                        104.16.79.73
                                        		static.cloudflareinsights.comUnited States
                                        		13335CLOUDFLARENETUSfalse
                                        142.250.184.228
                                        		www.google.comUnited States
                                        		15169GOOGLEUSfalse
                                        74.120.188.194
                                        		wikia.nocookie.netUnited States
                                        		22300WIKIAUSfalse
                                        88.221.110.179
                                        		unknownEuropean Union
                                        		20940AKAMAI-ASN1EUfalse
                                        52.113.194.132
                                        		unknownUnited States
                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        142.250.184.195
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        104.17.24.14
                                        		cdnjs.cloudflare.comUnited States
                                        		13335CLOUDFLARENETUSfalse
                                        142.250.186.78
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        23.32.185.131
                                        		unknownUnited States
                                        		16625AKAMAI-ASUSfalse
                                        40.113.183.0
                                        		prdia888weu0aks.mkt.dynamics.comUnited States
                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        52.109.68.130
                                        		unknownUnited States
                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        216.58.206.67
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        13.107.253.45
                                        		s-part-0017.t-0009.fb-t-msedge.netUnited States
                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        2.19.126.219
                                        		unknownEuropean Union
                                        		16625AKAMAI-ASUSfalse
                                        216.58.206.42
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        216.58.206.46
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        142.250.186.106
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        2.19.126.198
                                        		unknownEuropean Union
                                        		16625AKAMAI-ASUSfalse
                                        239.255.255.250
                                        		unknownReserved
                                        		unknownunknownfalse
                                        172.217.18.106
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        151.101.129.181
                                        		unknownUnited States
                                        		54113FASTLYUSfalse
                                        188.114.96.3
                                        		survey.responsly.comEuropean Union
                                        		13335CLOUDFLARENETUSfalse
                                        52.146.128.240
                                        		prdia888neu0aks.mkt.dynamics.comUnited States
                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                        142.250.186.168
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse

                                        Private

                                        IP
                                        192.168.2.16
                                        192.168.2.23
                                        192.168.2.13

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1548353
                                        Start date and time:2024-11-04 11:15:10 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:17
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • EGA enabled
                                        Analysis Mode:stream
                                        Analysis stop reason:Timeout
                                        Sample name:FYI - Important.eml
                                        Detection:MAL
                                        Classification:mal52.phis.winEML@19/59@44/271
                                        Cookbook Comments:
                                        • Found application associated with file extension: .eml

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe
                                        • Excluded IPs from analysis (whitelisted): 52.113.194.132
                                        • Excluded domains from analysis (whitelisted): ecs.office.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, ecs-office.s-0005.s-msedge.net
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                        • Report size getting too big, too many NtSetValueKey calls found.
                                        • VT rate limit hit for: FYI - Important.eml

                                        LLM Input / Output

                                        InputOutput
                                        URL: Model: claude-3-5-sonnet-latest
                                        {
    "explanation": [
        "Email sent to 'Undisclosed recipients' which is a red flag for mass phishing",
        "Vague subject line 'FYI - Important' with minimal content is typical of phishing",
        "Attachment name suggests file sharing bait, likely containing malware"
    ],
    "phishing": true,
    "confidence": 9
}
                                        {
    "date": "Wed, 30 Oct 2024 10:04:37 +0000", 
    "subject": "FYI - Important", 
    "communications": [
        "CAUTION: This email originated from outside of the organisation. If in doubt please use the report message button to Security.\n\nPlease find the file.\n\n\n\nKind regards,\n\nJames.\n\n\n\n\n"
    ], 
    "from": "James Garland <james.garland@r2s.org.uk>", 
    "to": "Undisclosed recipients:;", 
    "attachements": [
        "James Garland shared _Road To Success Project_ with you..eml"
    ]
}
                                        URL: Email Model: claude-3-haiku-20240307
                                        ```json
{
  "contains_trigger_text": true,
  "trigger_text": "CAUTION: This email is private from outside of the organization. It is not please, as the report message author is Security.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                        URL: Email Model: claude-3-haiku-20240307
                                        ```json
{
  "brands": [
    "CAUTION",
    "Please find the file"
  ]
}
                                        URL: Model: claude-3-5-sonnet-latest
                                        {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                        URL: URL: https://survey.responsly.com
                                        URL: https://survey.responsly.com/f/6nKA5Dyz Model: claude-3-haiku-20240307
                                        ```json
{
  "contains_trigger_text": true,
  "trigger_text": "REVIEW DOCUMENT HERE",
  "prominent_button_name": "Send",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                        URL: https://survey.responsly.com/f/6nKA5Dyz Model: claude-3-haiku-20240307
                                        ```json
{
  "brands": [
    "Microsoft Corporation",
    "Responsly"
  ]
}
                                        URL: https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3 Model: claude-3-haiku-20240307
                                        ```json
{
  "contains_trigger_text": true,
  "trigger_text": "MFA Verification",
  "prominent_button_name": "Continue Sign in",
  "text_input_field_labels": [
    "Enter the characters you see *"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                        URL: Model: claude-3-5-sonnet-latest
                                        {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                        URL: URL: https://assets-eur.mkt.dynamics.com
                                        URL: https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3 Model: claude-3-haiku-20240307
                                        ```json
{
  "brands": [
    "Microsoft"
  ]
}
                                        URL: https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3 Model: gpt-4o
                                        ```json{  "legit_domain": "dynamics.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and commonly associated with the domain 'dynamics.com'.",    "The URL 'assets-eur.mkt.dynamics.com' is a subdomain of 'dynamics.com', which is a legitimate domain owned by Microsoft.",    "The presence of 'dynamics.com' in the URL suggests it is related to Microsoft's Dynamics services.",    "The URL structure does not contain suspicious elements such as misspellings or unusual domain extensions."  ],  "riskscore": 2}
                                        URL: assets-eur.mkt.dynamics.com
            Brands: Microsoft
            Input Fields: Enter the characters you see *
                                        URL: Model: claude-3-5-sonnet-latest
                                        {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                        URL: URL: https://responsly.com

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):231348
                                        Entropy (8bit):4.387875266789989
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FFF2468DF757F643808D76BDB78D6A95
                                        SHA1:712BA674853F1A2122B0756251386EB02B0981A3
                                        SHA-256:D997B6B97B85433E8BAA20B5A61CE924338050C045D2751FB0CD60782C42C71C
                                        SHA-512:AB4C4201D626C9A4CCABC8CD72370157883A05425DF7CBB812C0970DCC7FF3F73B178BFBC49CF6D6C5520BF53B213A097BE1F84653AF790CB599A7E4C65D8F95
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:TH02...... ....t........SM01X...,....fzt............IPM.Activity...........h...............h............H..h4........;jD...h.........}..H..h\cal ...pDat...hx[..0..........h."./...........h........_`Uk...h>=./@...I.lw...h....H...8.Zk...0....T...............d.........2h...............k..............!h.............. hH.............#h....8.........$h.}......8....."h.y.......{....'h..............1h."./<.........0h....4....Zk../h....h.....ZkH..h....p...4.....-h ............+hz#./....(................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
                                        Category:modified
                                        Size (bytes):1869
                                        Entropy (8bit):5.085992323264559
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:ACAF51D11A3B43BABB87F7E230DF5E0D
                                        SHA1:31453AA5C99CFFA7D9300D8410B82446046FF3A7
                                        SHA-256:1E41F0E6075AC71B28FA0064AC1092F7BAC191595C0EB51B615977F7EA6983D5
                                        SHA-512:2D18DF4E0BE4C8B86E363DFA7F61CD5888F514AAFBB26997C56375AF4BD05E21AB99EF95C3FD0B1396F4F434803488AD0FE588E189877A33B21AB03D5516DB8A
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-11-04T10:15:39Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-06T09:25:29Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:25:29Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:25:29Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):32768
                                        Entropy (8bit):0.04575125179552959
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:81321044D7EB31E75C3A108CB2B65A36
                                        SHA1:724308AA2C052A4E4583697210E6FE61A3F150B1
                                        SHA-256:AFF8A82870E5FE159F4F19E9AFBFDBB27F0C8C928D30379E5FE582683A807AD4
                                        SHA-512:F8CAFBCA4083304541B0B43EF4793F13B70648B366C212E6515BBE433D40BCC6297EE1C2454078F3BAEBBC279DDAF0808AFCA25A9DC24682A9660E82C826D638
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:..-.........................,......=bV3..^.....-.........................,......=bV3..^...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:SQLite Write-Ahead Log, version 3007000
                                        Category:dropped
                                        Size (bytes):49472
                                        Entropy (8bit):0.48537903814731376
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D0F2BB5617777C920617799FA91549BA
                                        SHA1:F8B9DBAF6C8DC849CD5B2B21FB01376E0A9B34FF
                                        SHA-256:4B551F47F35310D78C39F4B44982052BEB81194EC2F3C6E72EB47BFDF8825754
                                        SHA-512:5895CD36394A19CB6E765CDF1B42C2A529D234BBC31DEA6F959EC16F0D0157B13F301C0C7C25E30E2A0EF9B1B4E05AACF36DB890410194E6E742E3AEC096D975
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:7....-..............=bV3.....I.............=bV3.......|SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3E107321.dat

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:PNG image data, 646 x 508, 8-bit/color RGBA, non-interlaced
                                        Category:modified
                                        Size (bytes):16320
                                        Entropy (8bit):7.757707103931911
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9FA5125290B9651F0C0A06E46C010A37
                                        SHA1:8FEA2FCCD52D11DE03680FC0200C4E2F4ABEC1F0
                                        SHA-256:E248402AE5155BE4132C57172385AB577785B9C2B67CDC4C3695400A4D611AEE
                                        SHA-512:8EA3948EB0146769ED845CFB94C9E8C639449BF3B89536444064B69557FBF98DD2015C726968464313D6DD8885CD45FCE5A30E95722D4EE74780EBAAAF83D8AD
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:.PNG........IHDR.............L.nC....sRGB.........gAMA......a.....pHYs..........o.d..?UIDATx^...eUy.+.FL....:.t....IG]&m.6.L".D.!..E.......@dF...Af....A........*..*..j.j._............^...=..~k.......g.....s.oB......~..................!....d.......!.....@.`.......!....d.......!.....@.`.......!....d.......!.....@.`.......!....d.......!.....@.`.......!....d.......!.....@.`.......!....d.......!.....@.`.......!....d.......!.....@.`.......!....d.......!.....@.`.......!....d.......!........m;.....M....-0w.@..5....!..]....-....G.J._.,m.kx)...`.......?r~.0yq.....Fn+....`.......p..i.D..E.#W.K..q......C.........CY....z.W..`LA0..h..._;eA.0...g.\.+..C.......Z`w0..(}.......$?.p.t@-.n..).0. ....v.2.....m.7.3.[..>..t...5...S....[.~....7.........C..:.C..a...L.>.6.....|.....N..|6_.T .0Q.K.<....l........=..C..8.C..<.....;G..Vm...kU..j.oR.)...`-.....kj~......0.R-0^;w.pM...+.S...?q.r.s....`....N^.~...w..^.:....<u8....Z.{....._..zd]z..-i..i....r.`zq...B=..mM....m..+..C..

                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TDRX3DDW\James Garland shared _Road To Success Project_ with you_ (002).eml:Zone.Identifier

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                        SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                        SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                        SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:[ZoneTransfer]..ZoneId=3..

                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\TDRX3DDW\James Garland shared _Road To Success Project_ with you_.eml

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:news or mail, ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):26211
                                        Entropy (8bit):6.113467777125025
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4A2E8CAE22FF11E0833D03BE17526CB1
                                        SHA1:FE3A0C4535BBF46FBC26333C36A1213647D16C79
                                        SHA-256:8396D5D5E6A6AFF41D37077700970F0D999EB93D39663B6D2A5516F815B561F7
                                        SHA-512:70BD1A3E273D16DF5511F32CBC1E6EF047D279A7DF968057BEAC5FA9462B288DD8BF3C27955B895EC61AB4EA8803F0AB76788F1827FF73C2337D1B2FF73B14A6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:From: James Garland <james.garland@r2s.org.uk>..Subject: James Garland shared "Road To Success Project" with you...Thread-Topic: James Garland shared "Road To Success Project" with you...Thread-Index: AdsqcfDwDjNhpim6SE6GQFDJiB+YCQ==..Date: Wed, 30 Oct 2024 02:18:05 +0000..Message-ID:.. <DBAPR08MB5719B456C7EE504B28F331F980542@DBAPR08MB5719.eurprd08.prod.outlook.com>..Content-Language: en-US..X-MS-Has-Attach: yes..X-MS-Exchange-Organization-SCL: -1..X-MS-TNEF-Correlator:..X-MS-Exchange-Organization-RecordReviewCfmType: 0..x-ms-exchange-organization-originalclientipaddress: 51.141.89.108..x-ms-exchange-organization-originalserveripaddress: 2603:10a6:10:1a6::23..Content-Type: multipart/related;...boundary="_004_DBAPR08MB5719B456C7EE504B28F331F980542DBAPR08MB5719eurp_";...type="multipart/alternative"..MIME-Version: 1.0....--_004_DBAPR08MB5719B456C7EE504B28F331F980542DBAPR08MB5719eurp_..Content-Type: multipart/alternative;...boundary="_000_DBAPR08MB5719B456C7EE504B28F331F980542DBAPR08MB5719

                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A098BD05-AB43-49C8-8E84-10BE86655A92}.tmp

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1604
                                        Entropy (8bit):0.6354480769286553
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B4214FF8B225C1B57920A0CC6BEF988C
                                        SHA1:4ACD3FC5406959648CA5D0FCADDE73A1719D4AFA
                                        SHA-256:425E9493E83D132661EA73A73B06B1C7F8FF9C6A537B8CF0725E6648C1CB6FD0
                                        SHA-512:CB73CCB4057AEF14AE9E93BBE3E4A61A0D2A6BB8D4D86A8803611094F6C340CAC77E7E6C1B0165835FB38EF3E4C5C55238DCD65887DA9F3CCC94920E759D9F73
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:....H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.s.u.r.v.e.y...r.e.s.p.o.n.s.l.y...c.o.m./.f./.6.n.K.A.5.D.y.z."...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730715338305172700_951086B9-F119-4ED9-B56F-3B1BF49D5945.log

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:ASCII text, with very long lines (28766), with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):20971520
                                        Entropy (8bit):0.17734548511123469
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:132FC187A0E09F2276DDC75F75E918D0
                                        SHA1:D7088774B23173D3FA6D575137B5DF4AB6500E5F
                                        SHA-256:7D0D21A94F6C990286C517866EBEE22222B0A82B5F1C5D10D2A64D3B256F2ACD
                                        SHA-512:96EA1B00DBDA0AA1DE8541F280BF1C363BB4E1ADB76D18CCE5B845F348D764F51F7FBF4B181100C5E73C14906FCC9F10EABE09F306CA11F4803223CF51411D6A
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/04/2024 10:15:38.344.OUTLOOK (0xFD0).0x614.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2024-11-04T10:15:38.344Z","Contract":"Office.System.Activity","Activity.CV":"uYYQlRnx2U61bzsb9J1ZRQ.4.11","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...11/04/2024 10:15:38.360.OUTLOOK (0xFD0).0x614.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2024-11-04T10:15:38.360Z","Contract":"Office.System.Activity","Activity.CV":"uYYQlRnx2U61bzsb9J1ZRQ.4.12","Activity.Duration":10832,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVers

                                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730715338305995500_951086B9-F119-4ED9-B56F-3B1BF49D5945.log

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):20971520
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                        SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                        SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                        SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241104T0515380104-4048.etl

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:modified
                                        Size (bytes):122880
                                        Entropy (8bit):4.503109862637518
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0474751233338CA164ED2848D9BD899B
                                        SHA1:6EAFEE41616A4720606D8D1CE0E46380E1D7EBE9
                                        SHA-256:64CAAD4D09C68A9230EC527D7D70691A35A494176CCF1F5C9480D4D82ED1BA18
                                        SHA-512:93435C9C62685D23639BBCF9237466AAA0477253344C24FB8F2A23D8A94AC4309EBA3F4EFDDC5EB76FB4EBB5E5D3CD8183D2372859A687A9974ACA86573A08D1
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:............................................................................^............).~....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................Y...........).~............v.2._.O.U.T.L.O.O.K.:.f.d.0.:.9.0.3.8.9.3.7.d.f.d.7.7.4.8.d.4.9.8.7.5.b.5.0.6.a.3.c.b.b.a.3.1...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.0.4.T.0.5.1.5.3.8.0.1.0.4.-.4.0.4.8...e.t.l.........P.P..........).~............................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241104T0515580422-6520.etl

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):16384
                                        Entropy (8bit):3.5737272658199872
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0B55C6197589A105CE7A3AD8951D8BA3
                                        SHA1:9848417478478EBC84AA79E0187446D1CD76E810
                                        SHA-256:75BD9FEAF3B1302AF82B43D331B262E01E5BA279CD5929A9AC925F6FA8F58D68
                                        SHA-512:BEB747FE868B5B07A0F31209FF095CB2270652FB2301C206595AE455EDCA0AD4F518C9E62E87FB1D4940D8D38EBAEA4DA8BFD90AEF9CAE9750327D1C66455527
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:............................................................................`...p...x....p......................eJ......n4......Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................Y...........p..............v.2._.O.U.T.L.O.O.K.:.1.9.7.8.:.b.2.9.7.6.e.e.6.8.4.4.d.4.b.d.2.b.1.e.a.6.0.2.b.7.e.6.1.0.e.f.8...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.0.4.T.0.5.1.5.5.8.0.4.2.2.-.6.5.2.0...e.t.l.......P.P.p...x....p..............................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):30
                                        Entropy (8bit):1.2389205950315936
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DE376AFDE391564F058F22B33B92D8D1
                                        SHA1:2CAC3B795109391CB2538210C2698372CD709089
                                        SHA-256:6A3ED9AC0D88B4767198A50780F7C8A61E6E652EC298E6AB0D370FC02BD719AA
                                        SHA-512:FDB0355051D1D9A944231DF38675D1D45BD02B719DCF6C7DF80B07E212C41B02510D58A188E8E3EADB0B741A86AE137229B293D115C322263DFC92C5729DE3DE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:..............................

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 09:16:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2673
                                        Entropy (8bit):3.982721881067214
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F8AFBD54DD40BC6904AF9AB6446F9A96
                                        SHA1:B81CA0E5CFCAB8D14DF6BDD92CDB062C369F032D
                                        SHA-256:D34DBF785AA61D010FFAA7A982E3CE3A8930C775D44F30E20A00BDF93F6BE76E
                                        SHA-512:6F1E2BCA54D3E85D930162EC441874D8CFA50CBE02A99F83A95C8ABED083D0C482C03DBE6C4E862F2DB2D64463D50DF4C9E3D39D37BDF9A98095AB3C31319432
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....w.=.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IdY.Q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY.R....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY.R....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY.R..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.R...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 09:16:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2675
                                        Entropy (8bit):3.9975328191557233
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:43A626F6539E88D2487A05C1A974C3E1
                                        SHA1:2EC93AC98E3456E3ED1E2507DCCA0C858EB29A39
                                        SHA-256:F5CA2FC138E772D22F74A5AC16B5BE932016D1E3010EF852C0F6D67CEF107C9D
                                        SHA-512:E22509A79613D2E878D3272635B1CC4B8B75868A31C3DCE1F4381BDB5B2A40A0FDB1695723CBC8261371EC467A649F3FA73BB73FFF67418986A2991725837637
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....%w).....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IdY.Q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY.R....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY.R....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY.R..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.R...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2689
                                        Entropy (8bit):4.008349834938445
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4A8D5EAD9B9FC010DE01484988ABB644
                                        SHA1:7439B32B1CA2DA5E3EBB86000E254D2CD3341349
                                        SHA-256:3D9174BC6A75B963F418A244EFFBB7D26797DA130D95BE69ABB911A101D01502
                                        SHA-512:0ED4FBA443345661768E50D62A74FF9E06B68637F2235461DC2D4E31E4A121BC5F1067A7156F7AD4E136663C7C29C46FDB606F03D0E49AF339D6BEA2F7F32634
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IdY.Q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY.R....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY.R....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY.R..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 09:16:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2677
                                        Entropy (8bit):3.9978498296403786
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7A7BB83D52899934DF3148ABE4622D23
                                        SHA1:C6E2DE3E0A28418B64F401DC31B198D93C84F184
                                        SHA-256:03712735710BC979F60EBEF60CB037CF7286826074B1F3A4BA5AB795C2D2F525
                                        SHA-512:D7D3B09831CD681B4FC22D85E8942F039F5C87545F7356D6552CA33082F96C0DA05EA749E516A36F55C8CBCA2C20A5D022D49DCB119218BE59DC8CA49A6D1C82
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,.....9!.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IdY.Q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY.R....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY.R....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY.R..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.R...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 09:16:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2677
                                        Entropy (8bit):3.9850490564298564
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0EECD9D4F38763379C379848DFF769CB
                                        SHA1:733F5E0FFFAEB62C46064EF0263856BEF3B9CE3A
                                        SHA-256:26EBDB11124E8ED0A761C6BC79997AC43B0579D1254CAA85DBBF11131C2DF6C6
                                        SHA-512:90E9E0E81BEC8D7FD11A49A165093A72596F54954F10D502765F4CD84F2DEA8FD73B6CB6D6544107F5BC6FDC52520F16D1BC1DA6001D955EBFDF06E3F8126533
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....+.5.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IdY.Q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY.R....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY.R....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY.R..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.R...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 4 09:16:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2679
                                        Entropy (8bit):3.993559884882427
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C9C8738EB655C0A22C2D8678BAC20B9A
                                        SHA1:987447BF8450D57BA1FC8F3EF89E1755C1A74935
                                        SHA-256:6F3289CB915EE9F0ADBFE4600C41B58BA09B5782D567FCC137113D454FC0BE98
                                        SHA-512:21D355F76A3DAD02995640FF427A44CE948B3E251BF9EE5DE30854CD23340141907A323219C417D23D4846CB1821D0A3B7D3A89F3E5A8431CF8FE8146449CC01
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....B.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IdY.Q....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VdY.R....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VdY.R....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VdY.R..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VdY.R...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:Microsoft Outlook email folder (>=2003)
                                        Category:dropped
                                        Size (bytes):271360
                                        Entropy (8bit):4.534665142436502
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9C7325E1F374B7F119F94B545885E2B4
                                        SHA1:D58923F246EE110F6FB7C5B7E391039B7B7E90E1
                                        SHA-256:1EEE549979561DE8239BBC8B675A82AADDF28B23C91C8143E6274C04995A9D65
                                        SHA-512:9022335035436FC1AD825CEFFB7F1AF35D51F96A0337BCBC9FFE4C8210F657833A844B76D2EDE7DBBA1769B1F30DBB81C31C2472F5824B0F384C8888761E671C
                                        Malicious:true
                                        Reputation:unknown
                                        Preview:!BDNg...SM......\........S..............^................@...........@...@...................................@...........................................................................$.......D...............................`..................................................................................................................................................................................................................................................................................................P.......o_..&.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                        Download File
                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):131072
                                        Entropy (8bit):5.501695408425233
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E8E43A952E27A60072CA8F3A9BEB1796
                                        SHA1:344F75114BD3FC47FE24BD3EF7C3B30029D45F45
                                        SHA-256:56434AB56FEB53AAA1C4A026C6401FEEE9911D6EE5F2E095C16C3663DEE9DBC3
                                        SHA-512:9D4EB1E4C5DFEAC55DAADE8B6AA1E78B8B4B22A9C3888C80FFBFE0B83343C3549D408730499359F8A19FAB4C1DBE8F633934DF5D7D43F5B046F18BB2D7F95010
                                        Malicious:true
                                        Reputation:unknown
                                        Preview:...-0................lt~.........D............#...........................................................~.....................................................................................................................................................................................................................?...................................................................................................................................................................................................................................../.D.......=Th0................lt~.........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                        Chrome Cache Entry: 100

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 768 x 768, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):103217
                                        Entropy (8bit):7.974705071500389
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5BFF99A0992BD4F73B2B62570E73DA4F
                                        SHA1:17B7B80D0FEFD1B94CEC4A6E7D1B690FBD26F069
                                        SHA-256:FB8F9B86F95F80D6E521F64E4841591D2273EA29DDEECAA3F32B6C8FE78E3C10
                                        SHA-512:CA8AB41982343D24A4F60CEBE19E9C3995DF7D09FABBC5DC3CE9283D3CA76BEA1A768A64B8624E9B01A8111FBFA715555C616EE3F7F06D74465D25626F5C85CA
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<..[.IDATx....fYU.;.w.....n^.]U44...H.."4.............#*...1..h.#..../x..W0..y)"jh...*....Q].~..y.....s.....sN}....W....^k..kN.........l.......................................................................................................................................................................................................e+.....'...mCo.[=.,...u..?n{......XW...`y4J...c_...z.N.~...q.R./[...y.z...G..okt.e0......`.....g.R...+....].....08Z...z.\.}.n9.........?_)...?.o.k.l.`."MW.>...[..at...........s]...V./C.....>.`.|..+..@@H.........").7@._5..$MW..Q.1.J........5....g....};.eU.^....S.si. ..|.6..J...0...`U..oB...W.....6.~..6...0...`F.f.T...<..Kkc.1...AZ.x?MC.............1!..#....I'kc...p!........J.R._X+...o\......t..}............M.......i6..D.P.w....l6......NJ..;4.N..4.....$....T.....i.....64X...lT....C..chV..)L.7...,....V............Gi....?X.1.N.......$......0?$o..............

                                        Chrome Cache Entry: 101

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
                                        Category:downloaded
                                        Size (bytes):77160
                                        Entropy (8bit):7.996509451516447
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:AF7AE505A9EED503F8B8E6982036873E
                                        SHA1:D6F48CBA7D076FB6F2FD6BA993A75B9DC1ECBF0C
                                        SHA-256:2ADEFCBC041E7D18FCF2D417879DC5A09997AA64D675B7A3C4B6CE33DA13F3FE
                                        SHA-512:838FEFDBC14901F41EDF995A78FDAC55764CD4912CCB734B8BEA4909194582904D8F2AFDF2B6C428667912CE4D65681A1044D045D1BC6DE2B14113F0315FC892
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
                                        Preview:wOF2......-h..........-.........................?FFTM.. .`..r.....(..X.6.$..p..... .....u[R.rGa...*...'.=.:..&..=r.*.......].t..E.n.......1F...@....|....f.m.`.$..@d[BQ.$([U<+(..@P.5..`....>.P..;.(..1..l..h...)..Yy..Ji......|%..^..G..3..n........D..p\Yr .L.P.....t.)......6R.^"S.L~.YR.CXR...4...F.y\[..7n..|.s.q..M..%K......,.....L.t.'....M.,..c..+b....O.s.^.$...z...m...h&gb...v.....'..6.:....s.m.b.1.m0"....*V.....c.$,0ATPT.1.....<..;...`..'.H.?.s.:..ND.....I..$..T..[..b4........,....bl6...IL.i}.&.4.m,'....#....Rw..bu..,K......v....m_-...\H....HH.......?...m..9P...)9.J..$.....8......~.;.r..n.=$.....Nddn.!'....;...8..'.N...!.-..J.........X.=.,......"`:....... {......K!'...-FH....#$~.Z_.......N5VU8F....%.P..........Cp..$.Q.......r.....k.k...3...:R.%....2{.....h%.)8..........ILK.6v.#......,;.6..N.2.hv...........OO..t#....xT..Bf....q^.#....?{.5b.I..%-WZ..b.A...^.1..n5.....NQ.Y'.........S.....!t" .`b3..%....35....fv;....l..9.:jgf?gr..p.x. ..|.. $. e.

                                        Chrome Cache Entry: 102

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with very long lines (498)
                                        Category:downloaded
                                        Size (bytes):5053
                                        Entropy (8bit):5.166146721931131
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:956C98FEF547F4A0A03220AA2C84149A
                                        SHA1:E1F1F62BB58F34B52259F7FA9C78BF08CDC8EDEC
                                        SHA-256:6CD2C195F9FEFA164DE077D97E4627E0469B1880CC060DF6127C289F8E4AA189
                                        SHA-512:2EA716B9FA65EE6111962D1938B1B4F245F813B19CC3048AF58B0872D3171A137A7AFD4321CA49A721A7EBCFA318ED134CE4F9D61EB08C254903606F1E05C6B3
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://survey.responsly.com/
                                        Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="csrf-token" content=""> . <link rel="apple-touch-icon" sizes="180x180" href="/images/icons/apple-touch-icon.png">.<link rel="icon" type="image/png" sizes="32x32" href="/images/icons/favicon-32x32.png">.<link rel="icon" type="image/png" sizes="16x16" href="/images/icons/favicon-16x16.png">.<link rel="manifest" href="/images/icons/site.webmanifest">.<meta name="msapplication-TileColor" content="#da532c">.<meta name="msapplication-config" content="/images/icons/browserconfig.xml">.<meta name="theme-color" content="#ffffff"> <link rel="stylesheet" href="https://use.typekit.net/rix3wkt.css">. . <link rel="preload" as="style" href="https://survey.responsly.com/build/assets/app-C-8L0J3U.css" /><link rel="stylesheet" href="https://survey.responsly.com/build/assets/app-C-8L0J3U.css" data-navigate-track="reload" /> <

                                        Chrome Cache Entry: 104

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:GIF image data, version 89a, 20 x 20
                                        Category:downloaded
                                        Size (bytes):7615
                                        Entropy (8bit):7.096403551516808
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:563A41948AA94C4FF6D5E918D846C488
                                        SHA1:803C01DE983417650B6780269699191D5AC73357
                                        SHA-256:20765C1AA45654ABA95D64A80B64434ED8F8FFBD77371E660291A7FB6AAEFB7A
                                        SHA-512:BFFB85AE116C0D7028968E1A692B7D500C5CC335FAAAA3A2DE8FE5D4A84C3936EC71A0D15CEF7404F77F9E3F9B989A89AD7497733AD8F6198A8B597C04921944
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/eur/Captcha/Images/hig_progcircle_animated.gif?vv=100
                                        Preview:GIF89a.......F...........G................................Z0......................b:..........J...........L......................H.....K...........M...............I..O"...................rN.\2...........U).J.............N!.G..........~]...R&.......^5.......}\..........`8.yW.....pL.........w...._..........{Y....{..._7.iC....zY......zX.Q%.......c.M ........lF.`...........a9..q.r.m..........t.U*.....h.........j.xV.n...[1.uR......wT...qM.]4...m...._6..v......lG.....^........oJ...e...W,..y.kE.\3.f?..g.mH.nI.wU.T(.d=.....k.c.f.a.x.~...|.z.jD.X..V+.tP.tQ.gA.s.hB.i.w...b.d.....u.g@....sO.Y/..o.W-..}....oK.P$.|Z.d<....O#....vS.|[.jD.e>.c;.S'........................................!..NETSCAPE2.0.....!.......,.........."....H......*\....#J.H....3j.h1 .!.......,.............1P@...]... P..."....!.......,..........0....H......*\....#J..P..w. ....O..(.P.I...#...!.......,..........?....H......*\.

                                        Chrome Cache Entry: 105

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (23130), with no line terminators
                                        Category:dropped
                                        Size (bytes):23130
                                        Entropy (8bit):5.458199984436493
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C094F5EA6C0D18A65B4C84E800BB0FFB
                                        SHA1:2F0D2E94D61FC4A894DB19A11E14DEBEF02BF223
                                        SHA-256:179D1F6500825CAA4B515E751D8D560434322B74D57DEA6772FEA51F959E44AC
                                        SHA-512:20F226D3D225C5D2642856361681FCC2A54330B8A19985D1118C3B45D12F6F604248EF1957F27D9499FF27F5F52F412535B379501AF5030EDDF6D89CAFF2EA4F
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:var GetWLSPHIP0=function(c){var o = c;var r = o.Renderer(arguments);return r;};var WLSPHIP0=GetWLSPHIP0((function(){var p="Renderer",i={},a={},c={},e={},f={},q={},b={},h={},g={},n={},d={};function l(){if(b(a)){alert("missing client HIP object");return false}if(b(a.holder)||b(a.scriptHolder)){alert("missing holder or scriptHolder in client HIP object");return false}if(b(a.postLoad)){alert("missing postLoad in client HIP object");return false}if(b(a.left)||a.left<0||a.left>1e3)a.left=0;if(b(a.done))a.done=0;if(b(a.count))a.count=0;if(b(a.type))a.type="visual";if(b(a.style))a.style="0";if(b(a.showInstruction))a.showInstruction=true;if(b(a.instructionsInside))a.instructionsInside=false;if(b(a.inputWidth)||a.inputWidth<240)a.inputWidth=240;if(b(a.showMenu))a.showMenu=true;if(b(a.showHelp))a.showHelp=true;if(b(a.showError))a.showError=true;if(b(a.showAddAccountOption))a.showAddAccountOption=true;if(b(a.errorMessage))a.errorMessage="";if(b(a.menuOutsideCallback))a.menuOutsideCallback=function

                                        Chrome Cache Entry: 106

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (30837)
                                        Category:downloaded
                                        Size (bytes):31000
                                        Entropy (8bit):4.746143404849733
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:269550530CC127B6AA5A35925A7DE6CE
                                        SHA1:512C7D79033E3028A9BE61B540CF1A6870C896F8
                                        SHA-256:799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
                                        SHA-512:49F4E24E55FA924FAA8AD7DEBE5FFB2E26D439E25696DF6B6F20E7F766B50EA58EC3DBD61B6305A1ACACD2C80E6E659ACCEE4140F885B9C9E71008E9001FBF4B
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
                                        Preview:/*!. * Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.

                                        Chrome Cache Entry: 107

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:RIFF (little-endian) data, Web/P image
                                        Category:downloaded
                                        Size (bytes):16638
                                        Entropy (8bit):7.981322833236873
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:EE1D07D10B6E784C828D2E2BCB9DBAA3
                                        SHA1:5DAEEDB841F38A3CD18B71CF73FFE577ED32147E
                                        SHA-256:B9A010653DCD1C628149EBBAD1E3F4C6A79BA7841BF80FA610523AC533D524D7
                                        SHA-512:49158752E488039B3D6F9B39F353A4B61E3AD0263DD5BE7F945C34C4CCBC7D5D04CCD20C7B9AAE972C02AB19DB9C96A2816D20DC63E7B8819D84DB5822D35AE0
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://static.wikia.nocookie.net/windows/images/c/c6/Microsoft_Authenticator_iOS_icon.png?/revision/latest?cb=20221227091618
                                        Preview:RIFF.@..WEBPVP8X..............ALPH......Fn.F.....3..]#b......E..c4.q..q>BR...(>.....#.\.....d.>.........V|1...yv...W.[?v..k... ...S[..zuK..8.....`.7..@U<\....'....s....\ ./..n..<..{..{...o%.....@..?.q.;C........y..H.O.`w`.13..b.kZ.03.'.R.YO-....l....E..P..=n.0.0.(..$..D.K.*v'0.;.....vu.......=gN.....z6...o.!"B.m[....&....4.`O#.?ai.6.`%..-c.....:...... ...4...j.v.fS...p..7.O.2B..@..@%......t.......$7.../"&.....?.........G<.n<.)].J...~..y.q..g.w..E...i.........c/i...6.c*....t8."*?....!n.....{*C....C.#.s.[.1p..V.....15.<...0.&./....&^L..-nM|.z...y.(..&^..+....>L..ak...s..89...C.G.....U.=y.....(.M.>y..M<?y|.U.?ytb.......{f.I..G...`9yXb.<#).$........G....{@.M.M...oD......, ...C..'.D8..........c....!$.<..p..#.S...O.*..N....A|....>6...(.0{.W..<IG,..!K_.r.7F..J..Rs..9.=T.Syh.+...._.N.I.\..C...8u.&.sq..M....*=tq.r.>:..Uz.$*W.Q..).Q.$}u.s..z..*.tZ...f.$..S.....Y.OI..*.......qK.. ]7;...........*.7hw..\.r\{PM.e..n.....c.CN)m..O.s.:&;.Bu..!-....ks

                                        Chrome Cache Entry: 108

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (48484)
                                        Category:downloaded
                                        Size (bytes):721323
                                        Entropy (8bit):5.5601925711109965
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AC826B3063F6CFC9E8AED8F417D46379
                                        SHA1:F893A40D7792F9D7FB6D7FC193FE9540ED85BF4E
                                        SHA-256:A1AEC55A5FCFCF17DFD88FEF6BAAD75BC441DDAF0FE9FAF320CB62346DD314D5
                                        SHA-512:89DD044E8FFD225A1F0F5457510B95B8871BD2C4170F3E52197630F1E06D5F8286A90D8CA72225F390B503CC20F35539ED2FCCCB7810B90B9D2842F94AE8ED2E
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://survey.responsly.com/assets/js/form.7c894a93.js
                                        Preview:(function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"===typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t["default"]}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="https://app.responsly.com/assets/",n(n.s=5)})({"00ee":function(t,e,n){"use strict";var r=n("b622

                                        Chrome Cache Entry: 109

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (19948), with no line terminators
                                        Category:dropped
                                        Size (bytes):19948
                                        Entropy (8bit):5.261902742187293
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:EC18AF6D41F6F278B6AED3BDABFFA7BC
                                        SHA1:62C9E2CAB76B888829F3C5335E91C320B22329AE
                                        SHA-256:8A18D13015336BC184819A5A768447462202EF3105EC511BF42ED8304A7ED94F
                                        SHA-512:669B0E9A545057ACBDD3B4C8D1D2811EAF4C776F679DA1083E591FF38AE7684467ABACEF5AF3D4AABD9FB7C335692DBCA0DEF63DDAC2CD28D8E14E95680C3511
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(

                                        Chrome Cache Entry: 110

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 32 x 32, 8-bit colormap, non-interlaced
                                        Category:downloaded
                                        Size (bytes):1406
                                        Entropy (8bit):6.9625715064169444
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:EDC04C500AABFD192F40829677C98F92
                                        SHA1:512666C28EC5192D3AB146BE7F37CE0ED980C554
                                        SHA-256:389CBCE1A5663E245A5D086E7FF31883F10E0DAAC5D1FCC86BD8E51107624493
                                        SHA-512:7A248ABB2686539C35F9B19276286FCA147631647F9471A9BE9426C5BBC8A6B3108DF5ACFB3BC69DA0ACD20D25CE461D944B8F62D68659A2407701961D5E78D6
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://survey.responsly.com/images/icons/favicon-32x32.png
                                        Preview:.PNG........IHDR... ... .....D.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..g..g..f..`.Y.Y._.f..S./uL.6#.......1 *jEO.f..e..>.e.........6.Xc..=.e......4.Ue..S.......K.{/uM$Z;d...7$.#.Z....Q.......Q..2 ...f..+jF P5c..O.......F.rf.....,nHd........`.e..K.{$Y;.". O4F.rd..d..Q......n....YtRNS...L......P.. w....~%.h...p......(../..&...u!..*.....Z........._..}........-.8.....)...)];s....bKGD.).6....tIME.....3.........IDAT8.c`..FF&f.V6vv.N.n.^F.T..../ ...B.".(J....%$#......##B^VN>..((..T02*)Gb.*...@.j.X...X...\$.....2@......(.O[.h....\ &6.>!1)...o.T....&....gdfe.M1dd0R.qrr.............~Q.%.PPZV..45c`.._Q...U.0w.3X....G..uPa..6.|\=....h..%.;..._.....j..\AB....6..k......:..V.0pB]......

                                        Chrome Cache Entry: 111

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Unicode text, UTF-8 text, with very long lines (64241)
                                        Category:downloaded
                                        Size (bytes):171486
                                        Entropy (8bit):5.043877429718187
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B7AF9FB8EB3F12D3BAA37641537BEDC2
                                        SHA1:A3FBB622FD4D19CDB371F0B71146DD9F2605D8A4
                                        SHA-256:928ACFBA36CCD911340D2753DB52423F0C7F6FEAA72824E2A1EF6F5667ED4A71
                                        SHA-512:1023C4D81F68C73E247850F17BF048615DDABB69ACF2429644BDAF8DC2A95930F7A29CEAE6FBD985E1162897483A860C8248557CDA2F1F3D3FF0589158625A49
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.microsoft.com/onerfstatics/marketingsites-eas-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/1b-9d8ed9/c9-be0100/a6-e969ef/43-9f2e7c/82-8b5456/a0-5d3913/43-5a5ab8/ca-ae3ce4?ver=2.0&_cf=02242021_3231
                                        Preview:@charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh

                                        Chrome Cache Entry: 113

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                        Category:downloaded
                                        Size (bytes):548
                                        Entropy (8bit):4.688532577858027
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:370E16C3B7DBA286CFF055F93B9A94D8
                                        SHA1:65F3537C3C798F7DA146C55AEF536F7B5D0CB943
                                        SHA-256:D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
                                        SHA-512:75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://assets-eur.mkt.dynamics.com/dist/vendor.css?v=7LdzUNeemfUwSUDAcdGthlh5VuAXcOGXTq6H8wbI1Ac
                                        Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

                                        Chrome Cache Entry: 115

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (1572)
                                        Category:downloaded
                                        Size (bytes):18042
                                        Entropy (8bit):5.340916093635662
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:134299E45BA1EC6A7F27751C9FA29386
                                        SHA1:4C39675655CACE35F83D46C13BC0D593AC064CAC
                                        SHA-256:C08E11CA159584D59D45E9F4FFDD2BBE130F670FC8E7223601787DADAD8351D5
                                        SHA-512:8B46C54D5A3A2FDD6FFB1DCB19E5540570B3896B33C36B3B13A1D8DB1918FF2DD25583EF747458DB5963EF1BF18939E3135FA00C936644B8F15B181073A0D676
                                        Malicious:false
                                        Reputation:unknown
                                        URL:"https://fonts.googleapis.com/css?family=Open+Sans:regular,bold,extrabold&subset=latin-ext&display=swap"
                                        Preview:/* cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. font-display: swap;. src: url(https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek

                                        Chrome Cache Entry: 116

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (23130), with no line terminators
                                        Category:dropped
                                        Size (bytes):23130
                                        Entropy (8bit):5.457017572168636
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:95DDD1F3E43323A925DD9D112A87C3B3
                                        SHA1:EC5658FABF22EF58BA37C8026C5EC89EC5520287
                                        SHA-256:6AD34A63645EF3CE4A452812119D161F0FED086F99755B822E5F7A0CABD128FC
                                        SHA-512:6E442330C596BDDFD97BBE0CFD88595DE4C5C63EE121189E1C46F7EDB3A4C444A85ECCAE6DA85A65286FF4E8C3CAB170AEC633F1223B2BCB9867AF4A1CBD8403
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:var GetWLSPHIP0=function(c){var o = c;var r = o.Renderer(arguments);return r;};var WLSPHIP0=GetWLSPHIP0((function(){var p="Renderer",i={},a={},c={},e={},f={},q={},b={},h={},g={},n={},d={};function l(){if(b(a)){alert("missing client HIP object");return false}if(b(a.holder)||b(a.scriptHolder)){alert("missing holder or scriptHolder in client HIP object");return false}if(b(a.postLoad)){alert("missing postLoad in client HIP object");return false}if(b(a.left)||a.left<0||a.left>1e3)a.left=0;if(b(a.done))a.done=0;if(b(a.count))a.count=0;if(b(a.type))a.type="visual";if(b(a.style))a.style="0";if(b(a.showInstruction))a.showInstruction=true;if(b(a.instructionsInside))a.instructionsInside=false;if(b(a.inputWidth)||a.inputWidth<240)a.inputWidth=240;if(b(a.showMenu))a.showMenu=true;if(b(a.showHelp))a.showHelp=true;if(b(a.showError))a.showError=true;if(b(a.showAddAccountOption))a.showAddAccountOption=true;if(b(a.errorMessage))a.errorMessage="";if(b(a.menuOutsideCallback))a.menuOutsideCallback=function

                                        Chrome Cache Entry: 117

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (3835)
                                        Category:dropped
                                        Size (bytes):304478
                                        Entropy (8bit):5.578396321475368
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BA22850F4F779C595781C905DF1C7C6C
                                        SHA1:FB9CEAA0CAFF1B1696A11CB94C8D9C45D21A3C6F
                                        SHA-256:4ACFF6274C9CEF897A49AEDC46C61F6A75C9596F2B165F70984BD7A4F96B5B78
                                        SHA-512:57BE49B7738219B47F62CF0020FD52477903C0DD8D06C4192C56B68AF0E0E6050443EA2B9B0F8CB16B99B16573DEA690023536DF1F343D03BA7CEC2F1E615E14
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":11,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

                                        Chrome Cache Entry: 119

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 216x96, components 3
                                        Category:dropped
                                        Size (bytes):8293
                                        Entropy (8bit):7.903272950728756
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:96B5A116DF039196E7A649739102962E
                                        SHA1:29301F45ADFCCF1F2A28E8B9B66CB0A203AF90B0
                                        SHA-256:E992BC36C11861C24EF2C79A412D02437DB69473BF186ABF076A6F73F73028D4
                                        SHA-512:93D18F2460DC1EE79CCD267AA07275AD8A5D0E14D52F68641BEE149FB96E42A5611A04C0A4D751568EFC6C2D669093AAD1F96745A4A1579AAF106510FED0364E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:......JFIF.....`.`.....C....................................................................C.......................................................................`...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...+3.(...(...(...(.......q.o..>..........D..n.]"...wv..F....O..J4eV\.....Wf../.g..........5..:n..@no.....wv.Z..H...:.v..l<....[..-.k..P:..4.p.X..Z....,TrMW.W..\...?.h>..n.............:X<".._.8.k.O....;...v^....:u...;.n.J..wc.bz....|,.\T...K..O$...lc.M.GP.j......E..?...#o./G...f.'.|Aq....Z......k....gg8.R:.^M.S.5.-Y....+~....2.4...[L_.|E..;..B.-.PK\...W.

                                        Chrome Cache Entry: 120

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with very long lines (9463)
                                        Category:downloaded
                                        Size (bytes):16071
                                        Entropy (8bit):5.390774139543091
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CBA5286D55138D746F7074FCA84C4C8E
                                        SHA1:F6A52FC84AAC4ED64946F67821E31060B2AE7980
                                        SHA-256:86897D4BDB5CED68C265F806A165DF5F890FD81078BFF398DB0652E1D951CDDA
                                        SHA-512:8BFA1D98F0BD0EA29936F5EF0EA817730C09E3A773A1661F0C252366672DADAC28DF4206ADCD9CE5E1376B391CC8ADB6B40DA69E35F3AE97475FFB5961D9FBC8
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://survey.responsly.com/f/6nKA5Dyz
                                        Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="csrf-token" content="j1h7eKXBwaOZ3jI4KkuvgEMDLG03UCi32uZS0UjU">.. <link rel="canonical" href="https://survey.responsly.com/f/6nKA5Dyz">. . <link rel="apple-touch-icon" sizes="180x180" href="/images/icons/apple-touch-icon.png">.<link rel="icon" type="image/png" sizes="32x32" href="/images/icons/favicon-32x32.png">.<link rel="icon" type="image/png" sizes="16x16" href="/images/icons/favicon-16x16.png">.<link rel="manifest" href="/images/icons/site.webmanifest">.<meta name="msapplication-TileColor" content="#da532c">.<meta name="msapplication-config" content="/images/icons/browserconfig.xml">.<meta name="theme-color" content="#ffffff">. <link rel="stylesheet" href="https://use.typekit.net/rix3wkt.css"> . <title>Road To Success Project - Responsly</title>.

                                        Chrome Cache Entry: 121

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (3835)
                                        Category:downloaded
                                        Size (bytes):304478
                                        Entropy (8bit):5.5783800116889415
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8897A6F24D85C6EFDCC8803284B5C850
                                        SHA1:32070A18DC5361B6C29055C15109AFE1905BC0D0
                                        SHA-256:5BADC31FEC90A385B7F5F37B73DCFD956C110FB6DAFEB91C800B5FDBDBEF84A2
                                        SHA-512:FF2AD53BB1931DBBC3A424EEEA2F6664A5D4C0E61DC946A949188797C63CA6AA3874EFF4004A69369A91840AC11563A4F7ACAB906FB003FDD16490081069DBA8
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://www.googletagmanager.com/gtag/js?id=G-412PZZWYCX
                                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":11,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

                                        Chrome Cache Entry: 122

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (65461)
                                        Category:dropped
                                        Size (bytes):751705
                                        Entropy (8bit):5.442952156335887
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E45E9257A51A995E0F3116815FA42313
                                        SHA1:14AACD347147AC83FEDFA0005161C786A7E56045
                                        SHA-256:746B51E5AE659B23B4980BB109BDED2D8000938930AD847F9079D5E3739BC142
                                        SHA-512:34CBFEF794150440D398D374743C8BE87F80A019E35282D661935ED4B82F155FE5BCFE6B01EB562FFF88E64F40E766F676BA0629C7B10FEF61C0CCFFCE2566DC
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:/*! For license information please see FormLoader.bundle.js.LICENSE.txt */.var d365mktforms;(()=>{var e,t,n={317:function(e,t){var n="undefined"!=typeof self?self:this,r=function(){function e(){this.fetch=!1,this.DOMException=n.DOMException}return e.prototype=n,new e}();!function(e){!function(t){var n="URLSearchParams"in e,r="Symbol"in e&&"iterator"in Symbol,i="FileReader"in e&&"Blob"in e&&function(){try{return new Blob,!0}catch(e){return!1}}(),a="FormData"in e,o="ArrayBuffer"in e;if(o)var s=["[object Int8Array]","[object Uint8Array]","[object Uint8ClampedArray]","[object Int16Array]","[object Uint16Array]","[object Int32Array]","[object Uint32Array]","[object Float32Array]","[object Float64Array]"],u=ArrayBuffer.isView||function(e){return e&&s.indexOf(Object.prototype.toString.call(e))>-1};function c(e){if("string"!=typeof e&&(e=String(e)),/[^a-z0-9\-#$%&'*+.^_`|~]/i.test(e))throw new TypeError("Invalid character in header field name");return e.toLowerCase()}function l(e){return"strin

                                        Chrome Cache Entry: 123

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text
                                        Category:downloaded
                                        Size (bytes):5
                                        Entropy (8bit):1.5219280948873621
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:83D24D4B43CC7EEF2B61E66C95F3D158
                                        SHA1:F0CAFC285EE23BB6C28C5166F305493C4331C84D
                                        SHA-256:1C0FF118A4290C99F39C90ABB38703A866E47251B23CCA20266C69C812CCAFEB
                                        SHA-512:E6E84563D3A55767F8E5F36C4E217A0768120D6E15CE4D01AA63D36AF7EC8D20B600CE96DCC56DE91EC7E55E83A8267BADDD68B61447069B82ABDB2E92C6ACB6
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://p.typekit.net/p.css?s=1&k=rix3wkt&ht=tk&f=139.140.175.176&a=620586&app=typekit&e=css
                                        Preview:/**/.

                                        Chrome Cache Entry: 124

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Web Open Font Format (Version 2), TrueType, length 6076, version 1.0
                                        Category:downloaded
                                        Size (bytes):6076
                                        Entropy (8bit):7.96415812460558
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9586DECC7194B970D37B2CAA47EA05AE
                                        SHA1:96DA32E49FC8C3817B2767BF01D011DE992BFEB0
                                        SHA-256:839A0BF526F6C9A2A11182B5DEA4291506FD0B2A37DEE83A38FBE12721041EDC
                                        SHA-512:6A327FF63C80BB343C5CFA95CD64E2D56483367D31E7D6E223429E7E9196ED24CE2FB60A55D3B17222498EE497923194B7007FD43732E671D6A5AAC149D408D7
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://survey.responsly.com/assets/fonts/responslycon.9586decc.woff2
                                        Preview:wOF2...............@...b.........................T.V..,. ..p....0.k.B..6.$.... ..}..\....1)E....@l.".&w....n....7.0..S..e.`.....O|4..;.p..&9T....8..@.V"Tb_c/.lX.`.!.lK..e.........".....y.VU...(..A.6.d..6j........j- .q.9.h./<./H/..m.....|#..i....#.a...u....e.d..j.......d.;......~.$K.d...\....I.\...GPO..(.'.?.}......[...-`>.!)f>...:N.L.b]..6.$O...?.e.g..w..u...............I.~O.....>........:O..@..5rKPui..U....m..R...T.w.xV.p.:\:1....R.F...Y.^..h...X......u....Fy$4.M....|T3..y]...q....R.`.Ug.....z...{Z'./a~r.a].....R..(......^U.e....G._......I...l..!.A.x.........$.B..K+k.[;{.G'g.W7w...`....;Qe..4...0....0=...0..3.0#.3.0..3.03.3.0....0+...0....0;...0..s.0'.s.0...=..G.[._p..l...=..[)}...Sq..........)2.e4.S.."J........y..`.=...@.......'Ot..zom4.....yW..........1.bx........O|:U.|{.O.....EX.)...4.3p;..3. .Hh....U.H...O.h.0o^.j. `&e>L...Cr.T....N....u.\.&EK.r.6Z....tE........e.f...P...s1...P..>g......D9.{..].......9......4.V..Q.(5.... '.^.D."...._.?l.....<

                                        Chrome Cache Entry: 126

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, Unicode text, UTF-8 text
                                        Category:dropped
                                        Size (bytes):1011
                                        Entropy (8bit):5.216432800278142
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AEFC8130206B1E0798A9502B0E5D0B40
                                        SHA1:90AF264A5A206098161E5617C24CBEBFF32E0F63
                                        SHA-256:2155D18ADEC13FEC19324318C2223075A2EDDBFDF4908407A6314FA6808A79A5
                                        SHA-512:9EC6E7571CDD5CDDD60C4BE0C84F413A92FB58CEF4ACF6DDCF36090F9077A16AA16C5CF15531FFC5C99BB5F8B402DC00ADADEE1D1EA1927B6B5BF923E73C8809
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8" />. <meta name="robots" content="noindex,nofollow,noarchive" />. <title>An Error Occurred: Method Not Allowed</title>. <link rel="icon" href="data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22 viewBox=%220 0 128 128%22><text y=%221.2em%22 font-size=%2296%22>.</text></svg>" />. <style>body { background-color: #fff; color: #222; font: 16px/1.5 -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif; margin: 0; }..container { margin: 30px; max-width: 600px; }.h1 { color: #dc3545; font-size: 24px; }.h2 { font-size: 18px; }</style>.</head>.<body>.<div class="container">. <h1>Oops! An Error Occurred</h1>. <h2>The server returned a "405 Method Not Allowed".</h2>.. <p>. Something is broken. Please let us know what you were doing when this error occurred.. We will fix it as soon as possible. Sorry for any inconvenience caused.. </p>.</div>.</bo

                                        Chrome Cache Entry: 127

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:dropped
                                        Size (bytes):1282
                                        Entropy (8bit):4.695064346385326
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8D30025E69BC896ACC2064D1791F5A88
                                        SHA1:1F14560FD3D30F0A2C291CE503CCB490C94E0C3E
                                        SHA-256:769442A29597F6DB303853931D749780EF46D2855412843431DAC07A9D72CCB0
                                        SHA-512:7363382D59DF760A37A8C48F6D7037EF9C57CE97EFA0AFDDD19FE133952EE825B9043C84227F4E0B6D4AED310E9DF0053294BF6EB991CC3FBE7338C853C51888
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:{.. "FormFailedToLoad": "Failed to load form",.. "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue",.. "LearnMore": "Learn more",.. "FormSubmitted": "Form submitted",.. "FormSubmitError": "Error submitting the form",.. "Reload": "Reload",.. "LookupLoading": "loading...",.. "LookupGenericError": "There was a problem retrieving items. Try again later.",.. "ValidationRequiredField": "This field is required",.. "EventFailedToLoad": "Failed to load event.",.. "EventAtCapacity": "This event is fully booked",.. "EventNotLive": "We are still setting up this event. Please check again in some time or contact the event organizer ",.. "SubmissionErrorEventNotLive": "Registrations for this event have been closed. We look forward to seeing you at our next event.",.. "SubmissionErrorEventCapacityIsFull": "Registrations for this event have been closed. We.re at full capacity! We lo

                                        Chrome Cache Entry: 130

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:downloaded
                                        Size (bytes):28
                                        Entropy (8bit):4.208966082694623
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8B30FE8C2588DFC5BEBE98D9ED97835A
                                        SHA1:1DCFC7725B4BF504402C2853E478467CBD991755
                                        SHA-256:C25E7BEA50F64A9C6FB1E879F25A406AF2C7DF0960E1D186E2E14F8D6D261D46
                                        SHA-512:7C65E03E8AEF3EFF1482329EF86A38F0E73E742D19F0A5873D036B29F134C44D502DCE01C4F48521E14613A6E0CDC400567A9B05D9E4BB1F8DC511F69F5EED31
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmFpiSMdAKSiRIFDb2Fgw8SBQ3kVTB_?alt=proto
                                        Preview:ChIKBw29hYMPGgAKBw3kVTB/GgA=

                                        Chrome Cache Entry: 134

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 216x96, components 3
                                        Category:downloaded
                                        Size (bytes):6635
                                        Entropy (8bit):7.887137632069421
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:11F12327EF25BB8A289EC85DB9889AA4
                                        SHA1:5DC55FE019552EC9C6980425038B40E29EF26B9A
                                        SHA-256:A46E8971C294FC3BF44F66D68086367AF115592BA245C1B71357409385EF7287
                                        SHA-512:1C2B73D12C4A7D1EBC163C1E810530E75EFFDE14F4C5E35AADA80CEFFFECBD5597FD0CB73F19B04CF2153F007738BB213A0C7CAA5E12023884F398AE3BC955FD
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://public-eur.mkt.dynamics.com/api/v1.0/orgs/50217418-308e-ef11-8a66-000d3ade3052/landingpageforms/captcha/challenge/visual?flowId=a4aabe7c-c6e6-4cfc-afed-df12bc642442&rnd=f36340be3504487fa378d6d5299c79d6&market=en
                                        Preview:......JFIF.....`.`.....C....................................................................C.......................................................................`...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...+3.(...(...(...(...(...x.E...%...i.=.#/5..B...".p.....Q..........5..j...k$.o+.`O...0+....]..-._~.J.V..tUM.{.".[.V..D.$*.D...{.i...Z...)G.pJ..5.........SO........R..'......S..KC..M%.D^..q..!.?....=7A........o...-...\.J.(...{...J~.....a..>.....^Iom.K...?._]<..p.=N.1.9"...w./.."..g.).)n.......-...s.Mz.ji...$NT....~.....>..v....%.......N.......@|Uk_.@.7.

                                        Chrome Cache Entry: 136

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (23130), with no line terminators
                                        Category:downloaded
                                        Size (bytes):23130
                                        Entropy (8bit):5.457988887410901
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A2102256B393FB8F88A1C7676963F40F
                                        SHA1:20B3DF26B1E9BE285639114C871154C043EF5B1F
                                        SHA-256:E47C094BBF9B24BF5265B2BD075D00BACCCA6F542AF270FB1EB248A12EB8E062
                                        SHA-512:59E4BB491B37AB2DDA1644B54CFD6EF4CD2F0EA5535029DF7C0272325E7F7A16E02462921AC29F6FF1211E537E05F202CA2F129D01E469E6BBB8E50E2CE391D7
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://public-eur.mkt.dynamics.com/api/v1.0/orgs/50217418-308e-ef11-8a66-000d3ade3052/landingpageforms/captcha/script?fid=a4aabe7c-c6e6-4cfc-afed-df12bc642442&type=visual&rnd=68cdf9f2-4f7a-441c-97a1-25b107606af2&mkt=en
                                        Preview:var GetWLSPHIP0=function(c){var o = c;var r = o.Renderer(arguments);return r;};var WLSPHIP0=GetWLSPHIP0((function(){var p="Renderer",i={},a={},c={},e={},f={},q={},b={},h={},g={},n={},d={};function l(){if(b(a)){alert("missing client HIP object");return false}if(b(a.holder)||b(a.scriptHolder)){alert("missing holder or scriptHolder in client HIP object");return false}if(b(a.postLoad)){alert("missing postLoad in client HIP object");return false}if(b(a.left)||a.left<0||a.left>1e3)a.left=0;if(b(a.done))a.done=0;if(b(a.count))a.count=0;if(b(a.type))a.type="visual";if(b(a.style))a.style="0";if(b(a.showInstruction))a.showInstruction=true;if(b(a.instructionsInside))a.instructionsInside=false;if(b(a.inputWidth)||a.inputWidth<240)a.inputWidth=240;if(b(a.showMenu))a.showMenu=true;if(b(a.showHelp))a.showHelp=true;if(b(a.showError))a.showError=true;if(b(a.showAddAccountOption))a.showAddAccountOption=true;if(b(a.errorMessage))a.errorMessage="";if(b(a.menuOutsideCallback))a.menuOutsideCallback=function

                                        Chrome Cache Entry: 137

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:GIF image data, version 89a, 16 x 16
                                        Category:downloaded
                                        Size (bytes):1037
                                        Entropy (8bit):5.818249601446592
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4A4AC4A62EA5F3E19022F354AE737B0A
                                        SHA1:EF7FBABD1745A73D05650CC76643980AC496B323
                                        SHA-256:97AADED71C0575ACE10FABD282FBA4CFA72352C70349D86FB5F2F297A84834B1
                                        SHA-512:4320D0107599CB2406256F008C7D423FE89242968050F864F3B26AC13D99D492AA18DC8C63E709C69CA185E9074C72ABE79DE0D0AEC926E2A5A9C7AE519AC648
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/eur/Captcha/Images/icon_err.gif?vv=100
                                        Preview:GIF89a................v...........................??...?//....!!....vv.--..........WW.ff.............QQ...i...__....AAv..............ll....11....66.......^^................;;.SS.......##j...DD.xx......hh].....g.........cc...=,,......ss....ll...KK...qq.... .hh.MM.((s.................MM....KK..........AA?........................CC.dd.BBR.................QQ.............56....nn.MM.......aa.--.AA......//.UU............................}}.........[[....! ...ww}qq}cc.>?.44.]]....bb...................................................................................................................................................................................................................................................................................................!.......,............A........A}.....).$....S.B."5....>.....II..^.....@.'yD...h....T.CD!....$b..E..5p.1Q.....H.....;=..)xC.....|.....8.~..tF..M>>Y......l.JHSg..2/..Ha..(.....&..,9.....H...&%...........@......(P.@.EB

                                        Chrome Cache Entry: 139

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Unicode text, UTF-8 text, with very long lines (516)
                                        Category:downloaded
                                        Size (bytes):3324
                                        Entropy (8bit):5.257223365742762
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FA61C923AB21E8F8EDEF308693D1F8A8
                                        SHA1:527A3E1DFCDECE9F8564B90BEE157B5EA5CDB061
                                        SHA-256:AB91887477FD64AE82E5AF4C2F17DD2FB7CD13213C827AB0F8582D82E4D417EC
                                        SHA-512:A4135C9980521B52D133659BD0E705E46441ACEC59AD8F3DE896ED5E185EC5435FDC4DA14158D513B4F256301817E8C0A55FDB7E744CE9833DD99A111774B276
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://use.typekit.net/rix3wkt.css
                                        Preview:/*. * The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. *. * proxima-nova:. * - http://typekit.com/eulas/00000000000000007735e603. * - http://typekit.com/eulas/00000000000000007735e604. * - http://typekit.com/eulas/00000000000000007735e609. * - http://typekit.com/eulas/00000000000000007735e616. *. * . 2009-2024 Adobe Systems Incorporated. All Rights Reserved.. */./*{"last_published":"2021-11-04 11:33:34 UTC"}*/..@import url("https://p.typekit.net/p.css?s=1&k=rix3wkt&ht=tk&f=139.140.175.176&a=620586&app=typekit&e=css");..@font-face {.font-family:"proxima-nova";.src:url("https://use.typekit.net/af/2555e1/00000000000000007735e603/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3") format("woff2"),url("https://use.typekit.net/af/2555e1/0000000000000000773

                                        Chrome Cache Entry: 140

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (23130), with no line terminators
                                        Category:downloaded
                                        Size (bytes):23130
                                        Entropy (8bit):5.45764162914579
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6130845EFC9FF3D224CC6C2E20C1E3FC
                                        SHA1:64D692B28D372ED491352ED8BCCFE0BFB90EC762
                                        SHA-256:9C2619FE52639D6FF4D52DD85FFFBB2D6FB88741E5F540E0681268D4DEE106E5
                                        SHA-512:8FC007B0C075A0BC75790321BC2E31E02984D4CD0AC130BFA5FA4B15B2EEF55509C74E76E7F3B37755F98982280EA7F187CE1A344B377B2205830C7929BA3457
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://public-eur.mkt.dynamics.com/api/v1.0/orgs/50217418-308e-ef11-8a66-000d3ade3052/landingpageforms/captcha/script?dc=EastUS&mkt=en&fid=a4aabe7c-c6e6-4cfc-afed-df12bc642442&type=visual&c=1&rnd=0.9014102076580259
                                        Preview:var GetWLSPHIP0=function(c){var o = c;var r = o.Renderer(arguments);return r;};var WLSPHIP0=GetWLSPHIP0((function(){var p="Renderer",i={},a={},c={},e={},f={},q={},b={},h={},g={},n={},d={};function l(){if(b(a)){alert("missing client HIP object");return false}if(b(a.holder)||b(a.scriptHolder)){alert("missing holder or scriptHolder in client HIP object");return false}if(b(a.postLoad)){alert("missing postLoad in client HIP object");return false}if(b(a.left)||a.left<0||a.left>1e3)a.left=0;if(b(a.done))a.done=0;if(b(a.count))a.count=0;if(b(a.type))a.type="visual";if(b(a.style))a.style="0";if(b(a.showInstruction))a.showInstruction=true;if(b(a.instructionsInside))a.instructionsInside=false;if(b(a.inputWidth)||a.inputWidth<240)a.inputWidth=240;if(b(a.showMenu))a.showMenu=true;if(b(a.showHelp))a.showHelp=true;if(b(a.showError))a.showError=true;if(b(a.showAddAccountOption))a.showAddAccountOption=true;if(b(a.errorMessage))a.errorMessage="";if(b(a.menuOutsideCallback))a.menuOutsideCallback=function

                                        Chrome Cache Entry: 142

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Unicode text, UTF-8 text, with very long lines (63020)
                                        Category:downloaded
                                        Size (bytes):85330
                                        Entropy (8bit):5.169246768433195
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:52BF1D4143D45FCA56002ACBF025041F
                                        SHA1:7AAE30F79B36CEE0670F0A1DB2F93DBBCACD1E2A
                                        SHA-256:CD95CD888F97D373435B17B94E6F122B719ECAC4914341343280B10172FCAC05
                                        SHA-512:46A443E67F178E285F54DFE0BEA18426CD1AAA79AFCB392FCF0D47B12F2D5823985D04BA17841070704C261B2DB9D73C6F4220E4B5EE3D171A84DC566DAF478F
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://survey.responsly.com/assets/css/form.1d4d2b47.css
                                        Preview:/*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,main{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em}a{background-color:transparent;-webkit-text-decoration-skip:objects}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:inherit;font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}sv

                                        Chrome Cache Entry: 143

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (8948)
                                        Category:dropped
                                        Size (bytes):150140
                                        Entropy (8bit):5.999654080589821
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:926D5177CD94C4BE28915EC9A0278AE2
                                        SHA1:5680B4BA5B419B62D10F3AA122FC72C51EAFFBA4
                                        SHA-256:FF0A0AC278FF4FC8E84E8A8EB58B72D6302285A1E1DC1E7418D5245D0AF51387
                                        SHA-512:FBA199111C8F6EA6F79C2328035FB834023525F02D19361FEE800DFDC45E0FCE8E88E1E68812DA4F3E07B3863930E09AD21BC5B762003D45CD52FFAA6392877D
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:<!DOCTYPE html><html><head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <link rel="shortcut icon" href="https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico">. <title>Microsoft Security </title>. <meta name="referrer" content="never">. . <meta type="xrm/designer/setting" name="type" value="marketing-designer-content-editor-document">. <meta type="xrm/designer/setting" name="layout-editable" value="marketing-designer-layout-editable">. <style data-merge-styles="true"></style>. <style data-merge-styles="true"></style>. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta>. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="format-detection" content="telephone=no">. <meta name="description" content="Sign In with your Microsoft accou

                                        Chrome Cache Entry: 144

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:downloaded
                                        Size (bytes):16
                                        Entropy (8bit):3.875
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C79ACB86AFB721AC49A511937F416F7A
                                        SHA1:08A998839C183DEBD73B820BF4DFE3D32523488B
                                        SHA-256:F7A08A0606E5A0C0657ED109900A6C2F29807852FB9EEB1EF582B007A72F4711
                                        SHA-512:B204142816ECD205CDAB749FE52FBEBB8588CE0F391005B1C2F5B65B4728D0AA66934A544BBE491A8A141C2864C39EFC3E3D7920189648D639D05606CD6F494D
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkV18ax6FRNLBIFDcROmWY=?alt=proto
                                        Preview:CgkKBw3ETplmGgA=

                                        Chrome Cache Entry: 145

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:downloaded
                                        Size (bytes):470
                                        Entropy (8bit):4.234435218685777
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1A725E55D9845CF44F1C26C218BB347B
                                        SHA1:38A4F78CF1C0CFEB1D9664B80F12771825989A4D
                                        SHA-256:584C12228990075A000BB38235975C325BABE10E34ABC47F45144851E29FBDF9
                                        SHA-512:6746DC89B5647B1CE664DD9B8C8805D193323C025235ECCF39FEA2CB030B543EF01BB5FBD2EAA1EC7F749D3BE06A3ADDB5C80BEE458C631034AA137D99B1C4D9
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://survey.responsly.com/images/icons/site.webmanifest
                                        Preview:{. "name": "Responsly",. "short_name": "Responsly",. "icons": [. {. "src": "/images/icons/android-chrome-192x192.png",. "sizes": "192x192",. "type": "image/png". },. {. "src": "/images/icons/android-chrome-256x256.png",. "sizes": "256x256",. "type": "image/png". }. ],. "theme_color": "#ffffff",. "background_color": "#ffffff",. "display": "standalone".}.

                                        Chrome Cache Entry: 94

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
                                        Category:dropped
                                        Size (bytes):4054
                                        Entropy (8bit):7.797012573497454
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9F14C20150A003D7CE4DE57C298F0FBA
                                        SHA1:DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
                                        SHA-256:112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
                                        SHA-512:D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/

                                        Chrome Cache Entry: 95

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text
                                        Category:downloaded
                                        Size (bytes):491
                                        Entropy (8bit):5.080011546605829
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B82D0B2C4AC82C41D723B1B541934350
                                        SHA1:056F835657BFBC4B4E5DD4B98E46A29126C2EBE5
                                        SHA-256:86F2E8441D5B3C1AE9CCEC4FADED78396648CB017C645825DC8DC4B4283CC1AA
                                        SHA-512:D7318688CFCE18C462EBFCD69CD4BABE3BB6D12E1F6730CB1C752D7A71F2CB300A1238FAA14118950098ABBD2A600D71101D7B28E0E08797E3D37555376212E9
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/standaloneforms/46a79031-fd94-ef11-8a69-6045bde08fb3
                                        Preview:<div. data-form-id='46a79031-fd94-ef11-8a69-6045bde08fb3'. data-form-api-url='https://public-eur.mkt.dynamics.com/api/v1.0/orgs/50217418-308e-ef11-8a66-000d3ade3052/landingpageforms'. data-cached-form-url='https://assets-eur.mkt.dynamics.com/50217418-308e-ef11-8a66-000d3ade3052/digitalassets/forms/46a79031-fd94-ef11-8a69-6045bde08fb3' ></div>. <script src = 'https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/eur/FormLoader/FormLoader.bundle.js' ></script>

                                        Chrome Cache Entry: 96

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 216x96, components 3
                                        Category:dropped
                                        Size (bytes):5669
                                        Entropy (8bit):7.878217183856959
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:938C20D1573A1481EB1200A8F15794E6
                                        SHA1:6EA192F9896A533F8A480C11F355CCB61D6F8CFC
                                        SHA-256:BA96D73C6BD72689FCB3E50E71E938D298E1497035FB7F94CCCB255359843E6C
                                        SHA-512:687E7B3C0AC93C77EC810B760C96D2D9237C3BFF08FE92AD89B764267507FE3E6803B39A61873576F55D246687E1DB91EA41CB1CBE55BB193F688C898BA6FCBF
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:......JFIF.....`.`.....C....................................................................C.......................................................................`...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...+3.(...(...(...(..,..M$..#....u..Q_.......R.s.R..>..c.I...m..5....8.F...fQ^.../.S.......7.O..{....c.k.7?.$fS...z.....j.[].....&..O..u.@.2.p....Nik..v...........x...0..\..j..F....`....A.~..*...@.}k...Xg......N...W-...W.~..k....L....W..c\.3......?ko.._.I./...G...X...d.p.......Y........A*..Jx..w...y.j.Ze....k....e...[.g......=^;Mo....&.4..A.&.~#5._

                                        Chrome Cache Entry: 97

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
                                        Category:downloaded
                                        Size (bytes):48236
                                        Entropy (8bit):7.994912604882335
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:015C126A3520C9A8F6A27979D0266E96
                                        SHA1:2ACF956561D44434A6D84204670CF849D3215D5F
                                        SHA-256:3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
                                        SHA-512:02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
                                        Preview:wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S*...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2...*......C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

                                        Chrome Cache Entry: 99

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 216x96, components 3
                                        Category:downloaded
                                        Size (bytes):6845
                                        Entropy (8bit):7.896115142024024
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CFFFA1EDAB9259B98392A5C42B880329
                                        SHA1:FA9F28905D4CBB5687F65B0600F121984E289092
                                        SHA-256:374C9F4FBA04F65C04DD3A6ACA91B44479184027936317E431E73951FA415941
                                        SHA-512:FF458DCF3C522195E8B121497614F3B0DB4D1ED7BEBB22F2069B92121AACD6B904878352B8F6D04A4D70996E26B86B47C805272CE2B29728EA1AAB3C1DAD6E03
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://public-eur.mkt.dynamics.com/api/v1.0/orgs/50217418-308e-ef11-8a66-000d3ade3052/landingpageforms/captcha/challenge/visual?flowId=a4aabe7c-c6e6-4cfc-afed-df12bc642442&rnd=f272fc83bee44c769962a012698d7a01&market=en
                                        Preview:......JFIF.....`.`.....C....................................................................C.......................................................................`...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...+3.(...(...(...n/......|u....f.N.~..G"o..{^i..!,..................<..O..zM....@.^.i......w.A^.<....E.{e{7..+...I...........U...O.MOV.N.R...$.....S....^.S,?.~......\xk..l...C5..[..xT............{h.>.wX..UT.f'.@.I...........L.$.~..ygN..GP.?.[.._.........{....?.... ..G.$..U..t./&.OF.I.~Xc.....)..|..........:5.....z...\.4h....<oB..1.q.:...>.....F..u

                                        Static File Info

                                        General

                                        File type:RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators
                                        Entropy (8bit):6.105908144397714
                                        TrID:
                                        • E-Mail message (Var. 5) (54515/1) 100.00%
                                        File name:FYI - Important.eml
                                        File size:68'234 bytes
                                        MD5:1d808b896c084387d7c3499e52ab3c3e
                                        SHA1:e425661c11311dd281d65476c459d8dc0612a0ef
                                        SHA256:f18d137f53c4dc3a6fab99cef9b67ee0390bb130aa13c78b9ac8b541fb84f278
                                        SHA512:4cc3b13b696f3baf4807ee1b1eeeb305710fac5c8a7c1ac7e0372de970130c3b35719f73a5af9481be48b11f14ad902c6b8a0e9ace9d235e941580229a664739
                                        SSDEEP:1536:5vEmMwXX14FMH0jRrZ2mx6V/hJFqNZlFfQxjAv:5sinOSNV/hJFqN98jG
                                        TLSH:0D639E858F943430F66229EE8E147C0E52713A8F98F7AEC036D9A4875F9F5271F17609
                                        File Content Preview:Received: from VI2PR03MB10715.eurprd03.prod.outlook.com.. (2603:10a6:800:27b::22) by AM9PR03MB7664.eurprd03.prod.outlook.com with.. HTTPS; Wed, 30 Oct 2024 10:05:35 +0000..ARC-Seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=fail;.. b=Fr8e

                                        Static Mail

                                        General

                                        Subject:FYI - Important
                                        From:James Garland <james.garland@r2s.org.uk>
                                        To:Undisclosed recipients:;
                                        Cc:
                                        BCC:
                                        Date:Wed, 30 Oct 2024 10:04:37 +0000
                                        Communications:
                                        • CAUTION: This email originated from outside of the organisation. If in doubt please use the report message button to Security. Please find the file. Kind regards, James.
                                        Attachments:
                                        • James Garland shared _Road To Success Project_ with you..eml

                                        Headers

                                        Key Value
                                        Receivedfrom DBAPR08MB5719.eurprd08.prod.outlook.com ([fe80::13e9:913b:978a:5048]) by DBAPR08MB5719.eurprd08.prod.outlook.com ([fe80::13e9:913b:978a:5048%5]) with mapi id 15.20.8093.025; Wed, 30 Oct 2024 10:04:38 +0000
                                        ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=OsYQ9Kcq2hsHvJSgntMwb6UOjoWWi3NYULvPjiVzE5uUzEGGnwf3wZ1xHqI7lip6QkO4NYaDpXEbpSGzfbvCfUSt8KWONgL+NSG1iFtB8DNpRywG3nxXx9KSODYY2dB8gA3b4PrwIVfOKGfH2VylOctiBNMsNElWnfHm19wPgcjtREjanlQgBmx4pGJUFH5OsypGUv9FoZiiOnEuK831K5hlDgTbjCMKabnrax2jj14g9vorEhEDxAWJynhnFGG3SUTgE9HlM0ZJunh6p8mABz9TIjEcUh2bK7FSV82na+9ehjokPbreEl0lahv6FeJrHZHxMiqUvveCUKonsBYcGg==
                                        ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=grAzTgVMfa7lZKZt7huhpe9GcgapnxS2xiTvmdkXmlg=; b=wf3imYAQA8089H/sm/w/ZS4QFNIPprJZnSNFpZ6dKwZbOlYsVZobICjz6h47bZ7zoxxK22295H1uJStzSpTJzA3xylZ1t72dG8iPNqzT06F9e0qdZZ8LBpfgSA7U6QyxY7kbuW/S61WSrcnHk5MYjKOybZng4SPlL9a4RnneJqCA9cwhDW+bcSEPMqwlSNUnnSVEdkDIZPosqOwiccw/iLry/9pzH7E6lxL3ajzHYmFwKZR+UhM+aIERfGp1nLtodLNC7VVYRw39b1XbOcanu72kqSrOVPCyMJCFC5hO2j00d1jxnvyhZKR6yU+OoMP+hFIvqgifcYU3skBjXNy02Q==
                                        ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=r2s.org.uk; dmarc=pass action=none header.from=r2s.org.uk; dkim=pass header.d=r2s.org.uk; arc=none
                                        Authentication-Resultsspf=fail (sender IP is 198.154.180.198) smtp.mailfrom=r2s.org.uk; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=r2s.org.uk;compauth=fail reason=001
                                        Received-SPFPass (protection.outlook.com: domain of r2s.org.uk designates 40.107.22.97 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.22.97; helo=EUR05-AM6-obe.outbound.protection.outlook.com; pr=C
                                        X-Sophos-Product-TypeMailflow
                                        X-Sophos-Email-IDbf219f95e97546c0adf5e0547691a9f3
                                        Authentication-Results-Originaldkim=none (message not signed) header.d=none;dmarc=none action=none header.from=r2s.org.uk;
                                        FromJames Garland <james.garland@r2s.org.uk>
                                        SubjectFYI - Important
                                        Thread-TopicFYI - Important
                                        Thread-IndexAdsqsgb+YycJzBBeT+6m9R/Zt/xNxA==
                                        DateWed, 30 Oct 2024 10:04:37 +0000
                                        Message-ID<DBAPR08MB571930F14434922C44C28B7080542@DBAPR08MB5719.eurprd08.prod.outlook.com>
                                        Accept-Languageen-GB, en-US
                                        Content-Languageen-US
                                        X-MS-Has-Attachyes
                                        X-MS-TNEF-Correlator
                                        x-ms-traffictypediagnostic DBAPR08MB5719:EE_|PA4PR08MB6045:EE_|AM2PEPF0001C712:EE_|VI2PR03MB10620:EE_|AM4PEPF00025F99:EE_|VI2PR03MB10715:EE_|AM9PR03MB7664:EE_
                                        X-MS-Office365-Filtering-Correlation-Idab7e67a2-d32e-4dfa-44e3-08dcf8ca6417
                                        x-ms-exchange-senderadcheck1
                                        x-ms-exchange-antispam-relay0
                                        X-Microsoft-Antispam-UntrustedBCL:0;ARA:13230040|35042699022|8096899003;
                                        X-Microsoft-Antispam-Message-Info-Original Jge+X/fIdRKWB5uygZ7E6YJLoc/SdAVSNoPI1hFWQe4IUCfNAycn4H5OaKXkDmqTSPx1GHj0reZYNslUM8cMUDREeXB3EVmlqIi+ar5nbcTcPwpf7cFIE56eYTazKgorScgB2Ov2dm4ce7e14DpipR/DWfU5e0wfATOa3YTeSkpBUNynAvd6zYrUnNFcAQQXPBt62y2H9C+CwmJHLHZP9h/lBIlPZzFnITIuPg3+Ln2OFfhI4m+jLsYyqVGVCMfYncfXudoyeOEQVZFTmwkxXWlRpJCj5jFGEH7YQkzVmZos/LyDd2530UkgFzZ/GrkQPfIcBlZQETE5G2soR+embbUlpb/Go9b6u1L1WrvvT/QwBrcWaOe8SpRu85S0VKMtqs+yh3yhUWBC/SRTscblLJQXp78/YtmQZGDI8taI/RhEZVnu3n+6GGGdmL7YP5Mi4XPAELnBpL2SRZ2ACeRUlZfYNfI201O5oWL2nh8C/x38LaWgSdlDieJ2Y+MKdCa9ad1EDyXJsz9HzLyEMXqOEK3EgAetqBvS+hmmeP98rZUZWOUdiiZpZFnqWIBsr5WYUf84Wi0HHCDVpCOpc8ksizCrI5oe4/PB7AqcoaO3VtNnq/C7xpEBONnGqGzMIvEgq60J1LUryKPm0jv/jkKb+dhNTS6XcBWbKUS+DCK50qrizqUw+F0LU6CqZCyqnb/fz2OStUo1P8PZwrWR3wAM8DB2SWQeFbjzz8tqoVym4KSlcmN0HGvV70tkcEddpI3Lbfvf2pjizeP86o3xFPJ2fexR2FSs1q7qs0qEEhVgFQHXJbmlVa0LKRUDOXEJjCDkiNW0fOveXV1KNwpjkxnpgEL0AByqPGP8/qycKI0seZ+Q9IWeQVfExRQ4R7kT3vxWDaU960ccZV99pLhkRjUO1r/Fhd+2AvDaMKuLpRIH1O1fHkYebhA9iKP7W82GvatMs9vDvgM3PM5DiN5lX9/yc+hF3I7s6DJcsBMZK7mhJNcy18bDD8uT2lhFk1ztaY1ErmyB/hUvslsnVJ075HllQRD0jssoOkVl8zof3P0bsfDQZzKNnXApr8uS9od6bkqpN5WIEn6R3t+axK8BAw1alFAYcgkmpiXfWNB65lFEi2IL9GeOkhaXlUBo7OaotY+Z9yyeinDq4AdAV0tmoOOeu1fiqWUNKDtEWwEewes71satArW5If5iDpcwZ68bgK0VwF8b6KN0OQUJ6sM8jAkn3ZkvEXqYYieqGWNcmDexUJYyYZIWYu4DMzdWC+EmJps1MIaMG0racUhYvwkpB3PJUT0G+bc4SJm6IzpUWBY3AsrCyujDVLC4Z7f0p26UdjWVp6VpzglfWCo9ms1iDi4xh6us5P0Ni+HbEUIlzokP+6ltnLNUolxuCQ8GmqkyDjkCVEfm8yPvR0POHAEPUm+ASOVtlJB5da6se2owddmbGUFg4dZ7WsGWoTSyxcT3LkRoai3uBcUlw7+PkQUe7T5Yko5m2gy3ecv7O+ruHdWsOqluGO4+k0JUFNlI6ovK6xHesSMnkF4aG6ibmRaluLcZeTDvABrfcLrnROP6TgBSAa8N1o9XEK7bif/tt6za5xZOoi3oh/T4Shr3HgV5n/yaznIs32rcLohy2oyAcqD2gvvCGGX5WzAPD/+ATLdnQ0uiBD1p/yawoCaXXU5N796nsQDAyxZ/OfzadtQq90E5s2HndQPsUyjXalpic+vBVwEigQILFb+YKakwUdIZxjuj0P8uMW4rfv7/fv2pndvWKeQ6tHrAmmi6gu0QZ7MqSxjfBKaxx5O5leeT2nxhBPdhIYEkWTi2LxpMXwWfYV7ow4Q=
                                        X-Forefront-Antispam-Report-UntrustedCIP:40.107.22.97; CTRY:NL; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:EUR05-AM6-obe.outbound.protection.outlook.com; PTR:mail-am6eur05on2097.outbound.protection.outlook.com; CAT:NONE; SFS:(13230040)(35042699022)(8096899003); DIR:INB;
                                        X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount1
                                        X-MS-Exchange-AntiSpam-MessageData-Original-0UD68iklez/GNRB4lOAkvb99pYbmINcPU0H2PmJkO4U2JReCVyF0a2nkktvMFQ0TijlDREPYFV1HQddSurRC1Q01IeVQbKqEka30kg38ViMPglSw6MuXUSzTMNpvf+cKUpv2RCYCiISTeJ8WredbGzrq5E60Mpo4MxSATAfx320E6Q3f/f4H+55eRQVLVOn2gKM0SMowDm3ogNkMinEHxiC+xnlv8panYbrxEnbG4DWBmjcGoR/y6k2vDJYBv9xuYmF9TbChamw8XbWHEO2Rq/LxjtlD0gv4Gnu0HeBO+eNu9aYJu+FTXl+X/sS3JaUPOUCfHO4ZifbpBSDlnWeKNL1iKDoBU6wIyqyM1m9dx0OsQOLRu+LZeXgraWxHG+xsel4h6lcbzW4JbEVAsgjauDdSy5SiTCtGoRZM11+r86fl3UFnPyqT9JMuW+bts6y4GArxyHWBc0lnmoZKq4kki4YlF8Ir6Bw5P2/TwzRb/Z1I6K7j4ItTWHZ/3fuMPOsgPtLtOhIX10EoqQvaol5eckJI0btQxIhKfb32ZZddNJeFAEH5WnflEXFAn2/EX9pWRqvDHdDeGbLV1sFJv4en9YHQg2yZLutz2LeRP9lFS5wQdlQXWE7sE/eGUv8ru+L7OhRc8zKtJ62W1OoeBB37Bd5zgm425ruesHHg21zs3KbPh4PIcUsschBeIrpja+MgXqrKN+7GfJzUlHWyGBFYUqy9W/Awh85MKnkKbVtjZYfoz24QOhuzXxgr3N/fZaTImWRY1KpVX4yu88oHpSUjzf5Wp72nxkv16SQ+z6nSIJ4LWHZRYPWkVhgFMJ8PpZ5MH49hK5TIAM3HeojnAFT7eDB3bTKHo1QPJBY1iNkOBlIpINOTWdYO2ck905Iga8zHPmnVh/Zbet9g/swsosAlAu/02mjip02jTzycOFjLklrusNg8VZ8UDjtVaam5As4buXBZ+9sdpgJJ9v2R5sBBBw2K+K+vsjBaBhijSGK7U5DoCx6buaQbqyYP3e4g5IYdHzKnGlFKJRkiPm/XZVHQ+Ljqy4Qh/5VzPVZQDLdAXoB+yNr1hTirrM1H52z64fuEBlbLpsASX1wDZ3TW97AnQfEVXkwIHctMrwNBPEnogwkiSsZZK3G8n75M8ZJeawBpvUM1j6A4mOceMPOi6meoRWY/WgfP8BQxM87KgcRA3mBRIvLUSHVrpvVBNjFZW/pL6LRxOItQ9suad6d4rqyuUUCujiIUDBWYUO0wVrw6nCPnI4rFUJAaQcKm0SF+jtqMhn77+vNgoaecvjjz86HdyLhuY2hZ8y4JtBs6YAbIrKFHHcpsLThffhyJADSpe/EAN2JDXG/Ey7zGhwMN+eyc9AJo1kW25rOd2xNE0vmuzbgnj7m2qkW2saZvT7CpxWYo3hlW6fmQBO92tJd0CgJP7LRUedR5LLmioSVOcnmsmXYSsg44zhn6M3cJ9pwq6iP64Md5EguxJ0uZA5zytdPbaiXX1sv/gZNGVOMJC4R/jzZD+ISSiDRIPzMIbhipdkHXQrlfbJaE7XkA2NuJmj/YbYq85ooTEQlZdT+heAbvMYt8YMeLsBaJtW1BO42iItepv
                                        Content-Typemultipart/mixed; boundary="_004_DBAPR08MB571930F14434922C44C28B7080542DBAPR08MB5719eurp_"
                                        X-MS-Exchange-Transport-CrossTenantHeadersStampedVI2PR03MB10715
                                        ToUndisclosed recipients:;
                                        X-EOPAttributedMessage1
                                        X-EOPTenantAttributedMessage7956b84e-0c99-46b5-81c6-28689cfa7221:1
                                        X-MS-Exchange-Transport-CrossTenantHeadersStripped AM4PEPF00025F99.EURPRD83.prod.outlook.com
                                        X-MS-Exchange-Transport-CrossTenantHeadersPromotedAM2PEPF0001C712.eurprd05.prod.outlook.com
                                        X-MS-Office365-Filtering-Correlation-Id-Prvs da3d2f5d-7ac1-4cf0-85ba-08dcf8ca4508
                                        X-Sophos-Email-Scan-Details27140d1e1540510e7e771140550e7d75
                                        X-Sophos-Email[eu-west-1] Antispam-Engine: 6.0.0, AntispamData: 2024.10.30.93916
                                        X-Sophos-SenderHistoryip=40.107.22.97, fs=109150877, fso=152181990, da=223741336, mc=366629, sc=522, hc=366107, sp=0, re=4, sd=0, hd=30
                                        X-Sophos-DomainHistoryd=r2s.org.uk, fs=8, fso=8, da=84484160, mc=4, sc=0, hc=4, sp=0, re=0, sd=0, hd=0
                                        X-LASED-From-ReplyTo-DiffFrom:<cardfactory.co.uk>:11, From:<printcraft.co.uk>:11
                                        X-LASED-SpamProbability0.109097
                                        X-LASED-HitsARCAUTH_PASSED 0.000000, BODYTEXTH_SIZE_10000_LESS 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000, BODYTEXTP_SIZE_400_LESS 0.000000, BODY_SIZE_10000_PLUS 0.000000, BODY_SIZE_25K_PLUS 0.000000, DQ_S_H 0.000000, EMAIL_ATTACHED 0.000000, HTML_90_100 0.100000, HTML_95_100 0.100000, IMP_FROM_NOTSELF 0.000000, INBOUND_SOPHOS 0.000000, INBOUND_SOPHOS_TOP_REGIONS 0.000000, KNOWN_MTA_TFX 0.000000, MULTIPLE_RCPTS 0.100000, NO_CTA_URI_FOUND 0.000000, NO_FUR_HEADER 0.000000, NO_URI_FOUND 0.000000, NO_URI_HTTPS 0.000000, OBFU_SHORT_10CHARS 0.500000, SXL_IP_TFX_WM 0.000000, TO_HAS_SPACES 0.000000, TO_UNDISCLOSED_RECIPIENTS 0.000000, WEBMAIL_SOURCE 0.000000, __ARCAUTH_DKIM_NONE 0.000000, __ARCAUTH_DKIM_PASSED 0.000000, __ARCAUTH_DMARC_PASSED 0.000000, __ARCAUTH_PASSED 0.000000, __ARC_SEAL_MICROSOFT 0.000000, __ARC_SIGNATURE_MICROSOFT 0.000000, __ATTACHMENT_NOT_IMG 0.000000, __ATTACHMENT_SIZE_25_50K 0.000000, __ATTACH_CTE_BASE64 0.000000, __ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __AUTH_RES_ORIG_DKIM_NONE 0.000000, __AUTH_RES_ORIG_DMARC_NONE 0.000000, __AUTH_RES_PASS 0.000000, __BEC_SUBJ_KEYWORD 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_TEXT_X4 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_MIXED 0.000000, __DQ_DOMAIN_SUSP_1 0.000000, __DQ_DOMAIN_SUSP_2 0.000000, __DQ_D_H 0.000000, __DQ_IP_FSO_LARGE 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __DQ_S_DOMAIN_100K 0.000000, __DQ_S_DOMAIN_10K 0.000000, __DQ_S_DOMAIN_1K 0.000000, __DQ_S_DOMAIN_FSO_100K 0.000000, __DQ_S_DOMAIN_FSO_10K 0.000000, __DQ_S_DOMAIN_FSO_1K 0.000000, __DQ_S_DOMAIN_FSO_1M 0.000000, __DQ_S_DOMAIN_FSO_3M 0.000000, __DQ_S_DOMAIN_FSO_600K 0.000000, __DQ_S_DOMAIN_HD_0 0.000000, __DQ_S_DOMAIN_HIST_1 0.000000, __DQ_S_DOMAIN_MC_1_P 0.000000, __DQ_S_DOMAIN_RE_0 0.000000, __DQ_S_DOMAIN_RE_49_L 0.000000, __DQ_S_DOMAIN_RE_4_L 0.000000, __DQ_S_DOMAIN_RE_99_L 0.000000, __DQ_S_DOMAIN_RE_9_L 0.000000, __DQ_S_DOMAIN_SP_0_P 0.000000, __DQ_S_HIST_1 0.000000, __DQ_S_HIST_2 0.000000, __DQ_S_IP_HD_10_P 0.000000, __DQ_S_IP_MC_100_P 0.000000, __DQ_S_IP_MC_10_P 0.000000, __DQ_S_IP_MC_1K_P 0.000000, __DQ_S_IP_MC_1_P 0.000000, __DQ_S_IP_MC_5_P 0.000000, __DQ_S_IP_RE_49_L 0.000000, __DQ_S_IP_RE_4_L 0.000000, __DQ_S_IP_RE_99_L 0.000000, __DQ_S_IP_RE_9_L 0.000000, __DQ_S_IP_SC_100_P 0.000000, __DQ_S_IP_SC_10_P 0.000000, __DQ_S_IP_SC_1_P 0.000000, __DQ_S_IP_SC_5_P 0.000000, __DQ_S_IP_SP_0_P 0.000000, __EML_ATTACHED1 0.000000, __EML_ATTACHED2 0.000000, __FRAUD_SUBJ_A 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_RDNS_OUTLOOK 0.000000, __HAS_ATTACHMENT 0.000000, __HAS_ATTACHMENT1 0.000000, __HAS_ATTACHMENT2 0.000000, __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_MSGID 0.000000, __HAS_X_FF_ASR 0.000000, __HAS_X_FF_ASR_CAT 0.000000, __HAS_X_FF_ASR_SFV 0.000000, __HTML_TAG_DIV 0.000000, __IMP_FROM_NOTSELF_MULTI 0.000000, __INBOUND_SOPHOS_EU_WEST_1 0.000000, __JSON_HAS_MODELS 0.000000, __JSON_HAS_SCHEMA_VERSION 0.000000, __JSON_HAS_SENDER_AUTH 0.000000, __JSON_HAS_TENANT_DOMAINS 0.000000, __JSON_HAS_TENANT_ID 0.000000, __JSON_HAS_TENANT_SCHEMA_VERSION 0.000000, __JSON_HAS_TENANT_VIPS 0.000000, __JSON_HAS_TRACKING_ID 0.000000, __MIME_ATTACHMENT_1_N 0.000000, __MIME_ATTACHMENT_N_2 0.000000, __MIME_HTML 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MODEL_THREAT_GE_25 0.000000, __MODEL_THREAT_SINGLE_GE_25 0.000000, __MSGID_32_64_CAPS 0.000000, __MTHREAT_45 0.000000, __MTL_45 0.000000, __OCTET_STREAM_ATTACHED 0.000000, __PART_TYPE_HTML 0.000000, __PHISH_SPEAR_STRUCTURE_1 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __RCVD_PASS 0.000000, __RDNS_WEBMAIL 0.000000, __SANE_MSGID 0.000000, __SCAN_DETAILS 0.000000, __SCAN_DETAILS_SANE 0.000000, __SCAN_DETAILS_TL_0 0.000000, __STYLE_RATWARE_NEG 0.000000, __STYLE_TAG 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_SHORT 0.000000, __TAG_EXISTS_BODY 0.000000, __TAG_EXISTS_HEAD 0.000000, __TAG_EXISTS_HTML 0.000000, __TAG_EXISTS_META 0.000000, __TO_MALFORMED_3 0.000000, __URI_NO_MAILTO 0.000000, __X_FF_ASR_SCL_NSP 0.000000, __X_FF_ASR_SFV_NSPM 0.000000
                                        X-LASED-ImpersonationFalse
                                        X-LASED-SpamNonSpam
                                        X-Sophos-MH-Mail-Info-KeyNFhkalJ3MW1jbXpSaFIzLTE3Mi4xOS4wLjI3
                                        Return-Pathjames.garland@r2s.org.uk
                                        X-MS-Exchange-Organization-ExpirationStartTime30 Oct 2024 10:05:32.6096 (UTC)
                                        X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                        X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                        X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                        X-MS-Exchange-Organization-Network-Message-Id ab7e67a2-d32e-4dfa-44e3-08dcf8ca6417
                                        X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                        X-MS-PublicTrafficTypeEmail
                                        X-MS-Exchange-Organization-AuthSource AM4PEPF00025F99.EURPRD83.prod.outlook.com
                                        X-MS-Exchange-Organization-AuthAsAnonymous
                                        X-MS-Exchange-Organization-SCL-1
                                        X-Microsoft-AntispamBCL:0;ARA:13230040|35042699022|8096899003;
                                        X-Forefront-Antispam-Report CIP:198.154.180.198;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKN;H:mfid-euw1.prod.hydra.sophos.com;PTR:mfid-euw1.prod.hydra.sophos.com;CAT:NONE;SFS:(13230040)(35042699022)(8096899003);DIR:INB;
                                        X-MS-Exchange-CrossTenant-OriginalArrivalTime30 Oct 2024 10:05:32.5159 (UTC)
                                        X-MS-Exchange-CrossTenant-Network-Message-Idab7e67a2-d32e-4dfa-44e3-08dcf8ca6417
                                        X-MS-Exchange-CrossTenant-Id7956b84e-0c99-46b5-81c6-28689cfa7221
                                        X-MS-Exchange-CrossTenant-AuthSource AM4PEPF00025F99.EURPRD83.prod.outlook.com
                                        X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                        X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                        X-MS-Exchange-Transport-EndToEndLatency00:00:03.2140499
                                        X-MS-Exchange-Processed-By-BccFoldering15.20.8093.023
                                        X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                        X-Microsoft-Antispam-Message-Info kDtctwQKu5DG0kzbbCIT8VUCVIv5WwU/nFY2++BBWgXt3zaMHmNpRyUTw+v2xGeQeHvwJ5lBxisBnAtAdMYMtT/mWYwngaEPdCtp9L3k5GXhovqQSYJ01HyQo8WO3HBfdJw9++DYRLyabZNULmO2l3clsZ/JLUrNAnOXT2p6EDviiM+Ke94C+KPYL2YlzI0vYNnQBZ524uno8BcRDpCETI19lWOU7LUxQqYNeBoPZOVvDPnGQ0H1BhWEaZPe4MUXs5TW703KQ0aZwqRcm8rGsdsBoCTKuk6GZCzpCsm0GvdIPxnk9mB4hoBO/Vk4OIEqLl7OFoUV/shPl9OMW9sbP8nVP4DSlaHZrnz0h1nN9FF2kioVrmstWD5NA24KCunQiphlOyQsuuu8szxkXsd5KvW0dPGnucuaKy5veHYcXUsp6j2YnAGX2+vxHKka3FZ6Z0RbCtAvQWuvBH3q7W+yS86ELEswyc3KgJewL8Who4s9oY4mpwplS4SAyMnue8puF/tkAw/9S2DfrMuBx43pnGI8FnNj4nnPivg6JYgF5iAtK6s4UydWpG+IK+j7i5ZkHn6dvcLc92a+w7zHH7pHu8ofOcMQ6N4W43h+EaD4K4cR1VavDv/jTMst/oSKvcqVs5XfBkDSzvu0E9Rj9wPYqB7BQk/xsJvuKI5gFV4Mdsb09HQDeJvuvgqbgmzO6Ltl8+TJ4azRyodm5mFLmHH0gOPZUsCKZb3ICvO7QiN5JDS/87OmBjdlqjaAEwxibGQlTMmUTCPI7tP4IYbu0SbuFYpqYCu9kbtM45pvJU64wKeRlnJb4HhElvMXuGHwn5rEQoA43RLt2MAUKAYDbHYI7KcclSnKPJ22YKfsYo5JO3/Vp4GSu7VtuwZYn/C0aJNizEXhGSVaIdFAKIakOMEezWBLUqVyFYpmQfK7FKRXZGyzlSvmwv4T+A8U3rjXEMrG0pJBU9eOseAyafKde7kRSv0dIVjHrhJNQSt6VpiVJncvaFbJVoIwm5lS3d3f1yn/GHZYjZrW8c/Icn7FSTNTlMUmCGEfKO8Wy/AEuXAnBeRfxjxhQyxv5zTuz4yHwrSXuj+lxOW+wEzqAUg111nyZsHwLAPYQvZABJ5882YIaYM2A3TxR8xQ2NbPKdJq55Zzx7MSH9mMBnUOuaEJjNx06a5ymcTL1uW95ZpzVqvNNscd4FNhva9aVnZCob8ddo4oQiyxwLnLSCc54AKXHohs4h/omoZzhJlbUXITdYGEEhFLYphltmg9e9Ft2WChCMsAYzv96H0PmLZ8BdyltFmCTChR0dZ6jKTO0WgnXn/yysymDZfcmEFOrMC3dnP+61hVeZ7o86+mqvwRlp4fwk1nWOuSUH5nFvE1IA3gA4SrW4trv34xq/9dXruEwakM6FXpSK63sRSPNtMcdgiNzQEWkKAcMI6u/z9xcGoPV49bS/3FlpB5ELh9fyEEGm2pIYQxowD6uRWa6PA91YzAuuiDDgqBfkrsxpsSV/NwV2Z+DIn0GEYvNIgz76Ke4kK2LRd4YqDUDpx0uo9Bj4L5sCm2dpBABtVTWqyLOMnUUFH8GcNyg2rb78I9fyNfL0uVSDO/pC3xLbtR8sJwmYeCu5HxxT5CJKHHZBjOnqCQJ5YTCIrAJtb5W0iDhm8rJJ83ht2WAA0e+Vhl7DzNO5SvnyCAhIJiDpnUQ5TAVkS6hY5HVYsA7ncytuxLLAyb/BwhyOZBp+2VAt6E1CP8SblX6hEgUS+31PibZDh6FhIDGzmf+D3G0VYmOrGBxXrhsLp9uEteE2jS3/FbGLTtTcKuONIrwyMQ/co7bDOJMn1YEqAJ7g8Y2I41RwoguKvpR7b2vdZ4OMFdnNaH7KI631E57ue1aoitePjguRJnLDPA2K1xm5Tj4xa6VQowLqWASC0G8EkxvFANznyIGmW7fmUTU4SsjuxBrp6ZZsmRFSd2FWn79SXiHh0BxFuZNDCPx4t56/nZyIFZiHqrP2JoYdY6y3fFgROYy/2qeNECbeMtFcIp87D9M14syUUWZxkWM0ctFV4wuPTUqpxYOqS2+uETMGSGua4NVXZ7dUeP+1naTNhTQKBWu2k3/5maNT435FGZPMT9Ziz879L9oUoaDj5nJy0gFIKX3sNdhNAehwS02Jb5nQj7vtAzmxephe7gxX+rFlQDKAKKsDt65iDj70OUeJcUGG9x5YAdPGAEp18KI/+FHAinYiZY6jxJRQVlXAJNOnzlXwab5pXr4M30lmIgTTl8hLFKxK9BseEeDGG96rk5xiBJoMuK7dRrqpM8yKXZyWexbV+dvTFtirsMnTWLuPmdmJL43NSNcxUAv+PmE1Y35DDxs4+hgVQZuijjoAgOMhN3JAcMxC0v5TRYFDMLKLxTwKfQvkBTqpuxy24eZvHlqqcxoy5pJLouwW6p2xz2HX9IOAdtjuYYFBG9IaxTCjx9PZIp+w9hvdrPC5vYly30ejQMEFbdX06DgDksTskk+gea36HI77C9cheARZmgwm3lPs3YCh5vjMcCTait/c5FeYI=
                                        MIME-Version1.0

                                        File Icon

                                        Icon Hash:46070c0a8e0c67d6